Skip to content

Commit

Permalink
[bitnami/apache] Detect non-standard images (#30857)
Browse files Browse the repository at this point in the history 
* [bitnami/apache] Detect non-standard images

Signed-off-by: Carlos Rodríguez Hernández <[email protected]>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <[email protected]>

* Update README.md with readme-generator-for-helm

Signed-off-by: Bitnami Containers <[email protected]>

---------

Signed-off-by: Carlos Rodríguez Hernández <[email protected]>
Signed-off-by: Bitnami Containers <[email protected]>
Co-authored-by: Bitnami Containers <[email protected]>
  • Loading branch information
@carrodher @bitnami-bot
carrodher and bitnami-bot authored Dec 10, 2024
1 parent 651f475 commit 5666175
Show file tree
Hide file tree
Showing 6 changed files with 33 additions and 13 deletions.
10 changes: 8 additions & 2 deletions bitnami/apache/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,14 @@
# Changelog

## 11.2.23 (2024-12-08)
## 11.3.0 (2024-12-10)

* [bitnami/apache] Release 11.2.23 ([#30827](https://github.com/bitnami/charts/pull/30827))
* [bitnami/apache] Detect non-standard images ([#30857](https://github.com/bitnami/charts/pull/30857))

## <small>11.2.23 (2024-12-08)</small>

* [bitnami/*] docs: :memo: Add "Backup & Restore" section (#30711) ([35ab536](https://github.com/bitnami/charts/commit/35ab5363741e7548f4076f04da6e62d10153c60c)), closes [#30711](https://github.com/bitnami/charts/issues/30711)
* [bitnami/*] docs: :memo: Add "Prometheus metrics" (batch 1) (#30660) ([7409ca4](https://github.com/bitnami/charts/commit/7409ca4c21869fabe1532dd4f3ff24895df71c6d)), closes [#30660](https://github.com/bitnami/charts/issues/30660)
* [bitnami/apache] Release 11.2.23 (#30827) ([f504f07](https://github.com/bitnami/charts/commit/f504f07780487955d3391075cc82721df6601bd8)), closes [#30827](https://github.com/bitnami/charts/issues/30827)

## <small>11.2.22 (2024-10-29)</small>

Expand Down
6 changes: 3 additions & 3 deletions bitnami/apache/Chart.lock
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.27.2
digest: sha256:6fd86cc5a4b5094abca1f23c8ec064e75e51eceaded94a5e20977274b2abb576
generated: "2024-12-08T09:46:50.854822766Z"
version: 2.28.0
digest: sha256:5b30f0fa07bb89b01c55fd6258c8ce22a611b13623d4ad83e8fdd1d4490adc74
generated: "2024-12-10T14:40:05.585262+01:00"
2 changes: 1 addition & 1 deletion bitnami/apache/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,4 +35,4 @@ maintainers:
name: apache
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/apache
version: 11.2.23
version: 11.3.0
20 changes: 13 additions & 7 deletions bitnami/apache/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,13 +111,14 @@ Install the [Bitnami Kube Prometheus helm chart](https://github.com/bitnami/char

### Global parameters

| Name | Description | Value |
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ |
| `global.imageRegistry` | Global Docker image registry | `""` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` |
| `global.storageClass` | DEPRECATED: use global.defaultStorageClass instead | `""` |
| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` |
| Name | Description | Value |
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
| `global.imageRegistry` | Global Docker image registry | `""` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` |
| `global.storageClass` | DEPRECATED: use global.defaultStorageClass instead | `""` |
| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` |
| `global.security.allowInsecureImages` | By default, this chart verifies that the original container images that were designed, tested, and validated are used. This option makes the chart skip the verification step and proceed | `false` |

### Common parameters

Expand Down Expand Up @@ -344,6 +345,11 @@ Find more information about how to deal with common errors related to Bitnami's

## Upgrading

### To 11.3.0

Starting from this minor version, the Bitnami Airflow chart verifies that the original container images that were designed, tested, and validated are used.
This container image verification can be skipped by setting the global parameter `global.security.allowInsecureImages` to `true`. Further information can be obtained at [this GitHub issue](https://github.com/bitnami/charts/issues/30850).

### To 11.0.0

This major bump changes the following security defaults:
Expand Down
1 change: 1 addition & 0 deletions bitnami/apache/templates/NOTES.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,3 +47,4 @@ WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.t
{{ include "apache.validateValues" . }}
{{- include "common.warnings.resources" (dict "sections" (list "cloneHtdocsFromGit" "metrics" "") "context" $) }}
{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.git .Values.metrics.image) "context" $) }}
{{- include "common.errors.insecureImages" (dict "images" (list .Values.image .Values.metrics.image) "context" $) }}
7 changes: 7 additions & 0 deletions bitnami/apache/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,13 @@ global:
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
##
adaptSecurityContext: auto
## Security parameters
##
security:
## @param global.security.allowInsecureImages By default, this chart verifies that the original container images that were designed, tested, and validated are used. This option makes the chart skip the verification step and proceed
##
allowInsecureImages: false

## @section Common parameters

## @param kubeVersion Override Kubernetes version
Expand Down

0 comments on commit 5666175

Please sign in to comment.