From 0dc9f46f81dd95a0bdb6616a295ec6c471bd1207 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 10 Dec 2024 17:27:13 +0100 Subject: [PATCH 1/5] [bitnami/schema-registry] Detect non-standard images MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Carlos Rodríguez Hernández --- bitnami/schema-registry/Chart.lock | 6 +++--- bitnami/schema-registry/Chart.yaml | 2 +- bitnami/schema-registry/README.md | 4 ++++ bitnami/schema-registry/templates/NOTES.txt | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/bitnami/schema-registry/Chart.lock b/bitnami/schema-registry/Chart.lock index 7378f5a72c88aa..1feef03faf10d8 100644 --- a/bitnami/schema-registry/Chart.lock +++ b/bitnami/schema-registry/Chart.lock @@ -4,6 +4,6 @@ dependencies: version: 31.0.0 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.27.2 -digest: sha256:06c655c3b247d9c6b763eaa800b80ad9c543d1b9d8a531c3b80395db43b3ee3e -generated: "2024-12-04T03:21:24.732120561Z" + version: 2.28.0 +digest: sha256:19f6850f80c99b114dcff9700434f3fcac69afc120ce3e3286f0c6e93bb7472d +generated: "2024-12-10T17:27:09.123677+01:00" diff --git a/bitnami/schema-registry/Chart.yaml b/bitnami/schema-registry/Chart.yaml index fa5f6b2def4504..92127886a205ec 100644 --- a/bitnami/schema-registry/Chart.yaml +++ b/bitnami/schema-registry/Chart.yaml @@ -34,4 +34,4 @@ maintainers: name: schema-registry sources: - https://github.com/bitnami/charts/tree/main/bitnami/schema-registry -version: 23.0.0 +version: 23.1.0 diff --git a/bitnami/schema-registry/README.md b/bitnami/schema-registry/README.md index d452fa31e04533..a15d02cc5a7bb4 100644 --- a/bitnami/schema-registry/README.md +++ b/bitnami/schema-registry/README.md @@ -435,6 +435,10 @@ Find more information about how to deal with common errors related to Bitnami's ## Upgrading +### To 23.1.0 + +This version introduces image verification for security purposes. To disable it, set `global.security.allowInsecureImages` to `true`. More details at [GitHub issue](https://github.com/bitnami/charts/issues/30850). + ### To 22.0.0 This major updates the Kafka subchart to its newest major, 31.0.0. For more information on this subchart's major, please refer to [Kafka upgrade notes](https://github.com/bitnami/charts/tree/main/bitnami/kafka#to-3100). diff --git a/bitnami/schema-registry/templates/NOTES.txt b/bitnami/schema-registry/templates/NOTES.txt index c1bd2f3541e77b..6daa628eab9b47 100644 --- a/bitnami/schema-registry/templates/NOTES.txt +++ b/bitnami/schema-registry/templates/NOTES.txt @@ -53,4 +53,4 @@ To access Schema Registry from outside the cluster execute the following command {{- include "common.warnings.rollingTag" .Values.image }} {{- include "schema-registry.validateValues" . }} {{- include "common.warnings.resources" (dict "sections" (list "") "context" $) }} -{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image) "context" $) }} \ No newline at end of file +{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image) "context" $) }}{{- include "common.errors.insecureImages" (dict "images" (list .Values.image) "context" $) }} From 7ef38a8b8e79f8eb6916a7c98c951b8bfd64f127 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 10 Dec 2024 20:11:08 +0100 Subject: [PATCH 2/5] Modify NOTES.txt MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Carlos Rodríguez Hernández --- bitnami/schema-registry/templates/NOTES.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bitnami/schema-registry/templates/NOTES.txt b/bitnami/schema-registry/templates/NOTES.txt index 6daa628eab9b47..b208996f3a2808 100644 --- a/bitnami/schema-registry/templates/NOTES.txt +++ b/bitnami/schema-registry/templates/NOTES.txt @@ -53,4 +53,5 @@ To access Schema Registry from outside the cluster execute the following command {{- include "common.warnings.rollingTag" .Values.image }} {{- include "schema-registry.validateValues" . }} {{- include "common.warnings.resources" (dict "sections" (list "") "context" $) }} -{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image) "context" $) }}{{- include "common.errors.insecureImages" (dict "images" (list .Values.image) "context" $) }} +{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image) "context" $) }} +{{- include "common.errors.insecureImages" (dict "images" (list .Values.image) "context" $) }} From 4b0bb7fee553795d65e58c7419171b7f57408ac9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 10 Dec 2024 20:24:46 +0100 Subject: [PATCH 3/5] Modify values MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Carlos Rodríguez Hernández --- bitnami/schema-registry/values.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/bitnami/schema-registry/values.yaml b/bitnami/schema-registry/values.yaml index e5fb1cfdffed7b..c3ee5c9bc97c43 100644 --- a/bitnami/schema-registry/values.yaml +++ b/bitnami/schema-registry/values.yaml @@ -18,6 +18,11 @@ global: ## imagePullSecrets: [] defaultStorageClass: "" + ## Security parameters + ## + security: + ## @param global.security.allowInsecureImages Allows skipping image verification + allowInsecureImages: false ## Compatibility adaptations for Kubernetes platforms ## compatibility: From 10d08ad80f6753f57edb5445e1045008287147e8 Mon Sep 17 00:00:00 2001 From: Bitnami Containers Date: Tue, 10 Dec 2024 19:53:53 +0000 Subject: [PATCH 4/5] Update CHANGELOG.md Signed-off-by: Bitnami Containers --- bitnami/schema-registry/CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/bitnami/schema-registry/CHANGELOG.md b/bitnami/schema-registry/CHANGELOG.md index 5c9ae108f9614b..e0ecf4f56396b0 100644 --- a/bitnami/schema-registry/CHANGELOG.md +++ b/bitnami/schema-registry/CHANGELOG.md @@ -1,8 +1,15 @@ # Changelog +## 23.1.0 (2024-12-10) + +* [bitnami/schema-registry] Detect non-standard images ([#30965](https://github.com/bitnami/charts/pull/30965)) + ## 23.0.0 (2024-12-04) -* [bitnami/schema-registry] Release 23.0.0 ([#30775](https://github.com/bitnami/charts/pull/30775)) +* [bitnami/*] docs: :memo: Add "Backup & Restore" section (#30711) ([35ab536](https://github.com/bitnami/charts/commit/35ab5363741e7548f4076f04da6e62d10153c60c)), closes [#30711](https://github.com/bitnami/charts/issues/30711) +* [bitnami/*] docs: :memo: Unify "Securing Traffic using TLS" section (#30707) ([b572333](https://github.com/bitnami/charts/commit/b57233336e4fe9af928ecb4f2a5f334011efb1bc)), closes [#30707](https://github.com/bitnami/charts/issues/30707) +* [bitnami/*] docs: fix copy-paste typos with wrong references to Airflow (#30541) ([0a225d4](https://github.com/bitnami/charts/commit/0a225d44c1969429573b4e2630068eff129b6a96)), closes [#30541](https://github.com/bitnami/charts/issues/30541) +* [bitnami/schema-registry] Release 23.0.0 (#30775) ([c0c64eb](https://github.com/bitnami/charts/commit/c0c64ebd9eef815a8a8ce4345fc03e4c689026bf)), closes [#30775](https://github.com/bitnami/charts/issues/30775) ## 22.0.0 (2024-11-12) From 6d85f294b817848929c5231f797782e10d5d1423 Mon Sep 17 00:00:00 2001 From: Bitnami Containers Date: Tue, 10 Dec 2024 19:53:54 +0000 Subject: [PATCH 5/5] Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Containers --- bitnami/schema-registry/README.md | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/bitnami/schema-registry/README.md b/bitnami/schema-registry/README.md index a15d02cc5a7bb4..6fedf32cd3cb6e 100644 --- a/bitnami/schema-registry/README.md +++ b/bitnami/schema-registry/README.md @@ -206,13 +206,14 @@ For annotations, please see [this document](https://github.com/kubernetes/ingres ### Global parameters -| Name | Description | Value | -| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` | -| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` | -| `kubeVersion` | Override Kubernetes version | `""` | +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` | +| `global.security.allowInsecureImages` | Allows skipping image verification | `false` | +| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` | +| `kubeVersion` | Override Kubernetes version | `""` | ### Common parameters