Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-06 15:10:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/redis-cluster] feat: Add support for PSA restricted policy (#20533)

Browse Source 
Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
2023-10-31 16:23:52 +01:00
committed by GitHub
parent 338342f247
commit dd3361d662
3 changed files with 24 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bitnami/redis-cluster/Chart.yaml
View File

@@ -32,4 +32,4 @@ maintainers:
name: redis-cluster
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/redis-cluster
version: 9.0.13
version: 9.1.0

12
bitnami/redis-cluster/README.md
View File

@@ -115,14 +115,18 @@ The command removes all the Kubernetes components associated with the chart and
| `rbac.role.rules` | Rules to create. It follows the role specification | `[]` |
| `podSecurityContext.enabled` | Enable Redis&reg; pod Security Context | `true` |
| `podSecurityContext.fsGroup` | Group ID for the pods | `1001` |
| `podSecurityContext.runAsUser` | User ID for the pods | `1001` |
| `podSecurityContext.sysctls` | Set namespaced sysctls for the pods | `[]` |
| `podDisruptionBudget` | Limits the number of pods of the replicated application that are down simultaneously from voluntary disruptions | `{}` |
| `minAvailable` | Min number of pods that must still be available after the eviction | `""` |
| `maxUnavailable` | Max number of pods that can be unavailable after the eviction | `""` |
| `containerSecurityContext.enabled` | Enable Containers' Security Context | `true` |
| `containerSecurityContext.runAsUser` | User ID for the containers. | `1001` |
| `containerSecurityContext.runAsNonRoot` | Run container as non root | `true` |
| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `usePassword` | Use password authentication | `true` |
| `password` | Redis&reg; password (ignored if existingSecret set) | `""` |
| `existingSecret` | Name of existing secret object (for password authentication) | `""` |

20
bitnami/redis-cluster/values.yaml
View File

@@ -143,13 +143,11 @@ rbac:
## Redis&reg; pod Security Context
## @param podSecurityContext.enabled Enable Redis&reg; pod Security Context
## @param podSecurityContext.fsGroup Group ID for the pods
## @param podSecurityContext.runAsUser User ID for the pods
## @param podSecurityContext.sysctls Set namespaced sysctls for the pods
##
podSecurityContext:
enabled: true
fsGroup: 1001
runAsUser: 1001
## Uncomment the setting below to increase the net.core.somaxconn value
## e.g:
## sysctls:
@@ -168,14 +166,26 @@ minAvailable: ""
##
maxUnavailable: ""
## Containers Security Context
## @param containerSecurityContext.enabled Enable Containers' Security Context
## @param containerSecurityContext.runAsUser User ID for the containers.
## @param containerSecurityContext.runAsNonRoot Run container as non root
## @param containerSecurityContext.enabled Enabled containers' Security Context
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param containerSecurityContext.privileged Set container's Security Context privileged
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param usePassword Use password authentication
##
usePassword: true