diff --git a/bitnami/redis/CHANGELOG.md b/bitnami/redis/CHANGELOG.md index 6a85ffab60..63c1cc5ce2 100644 --- a/bitnami/redis/CHANGELOG.md +++ b/bitnami/redis/CHANGELOG.md @@ -1,8 +1,12 @@ # Changelog -## 20.4.1 (2024-12-10) +## 20.5.0 (2024-12-10) -* [bitnami/redis] CA shouldn't be mandatory when TLS is enabled ([#30520](https://github.com/bitnami/charts/pull/30520)) +* [bitnami/redis] Detect non-standard images ([#30942](https://github.com/bitnami/charts/pull/30942)) + +## 20.4.1 (2024-12-10) + +* [bitnami/redis] CA shouldn't be mandatory when TLS is enabled (#30520) ([85219eb](https://github.com/bitnami/charts/commit/85219eb721efa640075325a1812d9ca8316a0a1a)), closes [#30520](https://github.com/bitnami/charts/issues/30520) ## 20.4.0 (2024-12-02) diff --git a/bitnami/redis/Chart.lock b/bitnami/redis/Chart.lock index 896f01b8bf..e824dbbba3 100644 --- a/bitnami/redis/Chart.lock +++ b/bitnami/redis/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.27.0 -digest: sha256:b711ab5874abf868a0c64353a790f17771758cee6f802acb9819be004c8460af -generated: "2024-11-11T21:28:10.611479336Z" + version: 2.28.0 +digest: sha256:5b30f0fa07bb89b01c55fd6258c8ce22a611b13623d4ad83e8fdd1d4490adc74 +generated: "2024-12-10T17:25:56.439817+01:00" diff --git a/bitnami/redis/Chart.yaml b/bitnami/redis/Chart.yaml index 04144656bd..80c2031fbc 100644 --- a/bitnami/redis/Chart.yaml +++ b/bitnami/redis/Chart.yaml @@ -36,4 +36,4 @@ maintainers: name: redis sources: - https://github.com/bitnami/charts/tree/main/bitnami/redis -version: 20.4.1 +version: 20.5.0 diff --git a/bitnami/redis/README.md b/bitnami/redis/README.md index ba452ff363..0beda7ed31 100644 --- a/bitnami/redis/README.md +++ b/bitnami/redis/README.md @@ -458,14 +458,15 @@ helm install my-release --set master.persistence.existingClaim=PVC_NAME oci://RE ### Global parameters -| Name | Description | Value | -| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` | -| `global.storageClass` | DEPRECATED: use global.defaultStorageClass instead | `""` | -| `global.redis.password` | Global Redis® password (overrides `auth.password`) | `""` | -| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` | +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` | +| `global.storageClass` | DEPRECATED: use global.defaultStorageClass instead | `""` | +| `global.redis.password` | Global Redis® password (overrides `auth.password`) | `""` | +| `global.security.allowInsecureImages` | Allows skipping image verification | `false` | +| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` | ### Common parameters @@ -1084,6 +1085,10 @@ Find more information about how to deal with common errors related to Bitnami's ## Upgrading +### To 20.5.0 + +This version introduces image verification for security purposes. To disable it, set `global.security.allowInsecureImages` to `true`. More details at [GitHub issue](https://github.com/bitnami/charts/issues/30850). + A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. ### RDB compatibility diff --git a/bitnami/redis/templates/NOTES.txt b/bitnami/redis/templates/NOTES.txt index 33f188a980..3094ae972f 100644 --- a/bitnami/redis/templates/NOTES.txt +++ b/bitnami/redis/templates/NOTES.txt @@ -212,4 +212,5 @@ YOU NEED TO PERFORM AN UPGRADE FOR THE SERVICES AND WORKLOAD TO BE CREATED {{- $resourceSections = append $resourceSections "master" -}} {{- end }} {{- include "common.warnings.resources" (dict "sections" $resourceSections "context" $) }} -{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.sentinel.image .Values.metrics.image .Values.volumePermissions.image .Values.kubectl.image .Values.sysctl.image) "context" $) }} \ No newline at end of file +{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.sentinel.image .Values.metrics.image .Values.volumePermissions.image .Values.kubectl.image .Values.sysctl.image) "context" $) }} +{{- include "common.errors.insecureImages" (dict "images" (list .Values.image .Values.sentinel.image .Values.metrics.image .Values.volumePermissions.image .Values.kubectl.image .Values.sysctl.image) "context" $) }} diff --git a/bitnami/redis/values.yaml b/bitnami/redis/values.yaml index 1144862e49..4725f23ce3 100644 --- a/bitnami/redis/values.yaml +++ b/bitnami/redis/values.yaml @@ -22,6 +22,11 @@ global: imagePullSecrets: [] defaultStorageClass: "" storageClass: "" + ## Security parameters + ## + security: + ## @param global.security.allowInsecureImages Allows skipping image verification + allowInsecureImages: false redis: password: "" ## Compatibility adaptations for Kubernetes platforms