diff options
Diffstat (limited to 'kubernetes/common')
15 files changed, 64 insertions, 85 deletions
diff --git a/kubernetes/common/cassandra/templates/backup/cronjob.yaml b/kubernetes/common/cassandra/templates/backup/cronjob.yaml index 402d1688a7..6db1202b4f 100644 --- a/kubernetes/common/cassandra/templates/backup/cronjob.yaml +++ b/kubernetes/common/cassandra/templates/backup/cronjob.yaml @@ -148,9 +148,6 @@ spec: apiVersion: v1 fieldPath: metadata.namespace volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true {{- range $i := until (int .Values.replicaCount)}} - mountPath: /onap-data/cassandra-{{ $i }} name: data-dir-{{ $i }} @@ -239,13 +236,7 @@ spec: volumeMounts: - name: backup-dir mountPath: /backup - - name: localtime - mountPath: /etc/localtime - readOnly: true volumes: - - name: localtime - hostPath: - path: /etc/localtime - name: scripts configMap: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml index bb7027cab9..ddaff5c7c0 100644 --- a/kubernetes/common/cassandra/templates/statefulset.yaml +++ b/kubernetes/common/cassandra/templates/statefulset.yaml @@ -38,9 +38,6 @@ spec: volumeMounts: - name: {{ include "common.fullname" . }}-data mountPath: /var/lib/cassandra - - name: localtime - mountPath: /etc/localtime - readOnly: true - name: cassandra-entrypoint mountPath: /docker-entrypoint.sh subPath: docker-entrypoint.sh @@ -169,9 +166,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "nothing" "dot" . )}} volumes: - - name: localtime - hostPath: - path: /etc/localtime {{- range $key, $value := .Values.configOverrides }} - name: cassandra-config-{{ $key | replace "." "-" }} configMap: diff --git a/kubernetes/common/common/templates/_mariadb.tpl b/kubernetes/common/common/templates/_mariadb.tpl index 41259b3b4f..3092298a7d 100644 --- a/kubernetes/common/common/templates/_mariadb.tpl +++ b/kubernetes/common/common/templates/_mariadb.tpl @@ -80,11 +80,7 @@ {{- index .Values "mariadb-galera" "nameOverride" -}} {{- end }} {{- else -}} - {{- if .Values.global.mariadbGalera.useOperator }} - {{- printf "%s-primary" (.Values.global.mariadbGalera.service) }} - {{- else }} {{- .Values.global.mariadbGalera.service -}} - {{- end }} {{- end -}} {{- end -}} diff --git a/kubernetes/common/etcd-init/templates/job.yaml b/kubernetes/common/etcd-init/templates/job.yaml index f77a8ec8ba..71f912e201 100644 --- a/kubernetes/common/etcd-init/templates/job.yaml +++ b/kubernetes/common/etcd-init/templates/job.yaml @@ -99,10 +99,6 @@ spec: value: "{{ .Values.config.appRole }}" - name: KEY_PREFIX value: "{{ .Values.config.keyPrefix }}" - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true resources: {{ include "common.resources" . | nindent 10 }} {{ include "common.waitForJobContainer" . | indent 6 | trim }} {{- if .Values.nodeSelector }} @@ -112,9 +108,5 @@ spec: affinity: {{ toYaml .Values.affinity | nindent 10 }} {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - name: localtime - hostPath: - path: /etc/localtime restartPolicy: Never {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml index f2128693e8..877e6faaa6 100644 --- a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml +++ b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml @@ -164,16 +164,10 @@ spec: name: tmp-data - mountPath: /opt/bitnami/mariadb/tmp name: tmp - - mountPath: /etc/localtime - name: localtime - readOnly: true - name: backup-dir mountPath: /backup {{- include "common.imagePullSecrets" . | nindent 10 }} volumes: - - name: localtime - hostPath: - path: /etc/localtime - name: data persistentVolumeClaim: {{- if .Values.persistence.existingClaim }} diff --git a/kubernetes/common/mariadb-init/templates/job.yaml b/kubernetes/common/mariadb-init/templates/job.yaml index 0edb8e936b..4bb142d001 100644 --- a/kubernetes/common/mariadb-init/templates/job.yaml +++ b/kubernetes/common/mariadb-init/templates/job.yaml @@ -74,9 +74,6 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" $root "uid" $db "key" "password") | indent 10 }} {{ end }} volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - name: mariadb-init mountPath: /db_init/ {{- if or .Values.dbScriptConfigMap .Values.dbScript }} @@ -95,9 +92,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - - name: localtime - hostPath: - path: /etc/localtime {{- if or .Values.dbScriptConfigMap .Values.dbScript }} - name: mariadb-conf configMap: diff --git a/kubernetes/common/mongodb/Chart.yaml b/kubernetes/common/mongodb/Chart.yaml index 73c8bab5c2..2d6bf4bb4f 100644 --- a/kubernetes/common/mongodb/Chart.yaml +++ b/kubernetes/common/mongodb/Chart.yaml @@ -16,7 +16,7 @@ annotations: - name: os-shell image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 -appVersion: 7.0.5 +appVersion: 7.0.8 dependencies: - name: common repository: 'file://./common' @@ -40,4 +40,4 @@ maintainers: name: mongodb sources: - https://github.com/bitnami/charts/tree/main/bitnami/mongodb -version: 14.12.2 +version: 14.12.3 diff --git a/kubernetes/common/mongodb/templates/arbiter/statefulset.yaml b/kubernetes/common/mongodb/templates/arbiter/statefulset.yaml index 269863f3ec..041b0cb51d 100644 --- a/kubernetes/common/mongodb/templates/arbiter/statefulset.yaml +++ b/kubernetes/common/mongodb/templates/arbiter/statefulset.yaml @@ -254,6 +254,9 @@ spec: - name: empty-dir mountPath: /opt/bitnami/mongodb/logs subPath: app-logs-dir + - name: empty-dir + mountPath: /bitnami/mongodb + subPath: app-volume-dir {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap }} - name: config mountPath: /opt/bitnami/mongodb/conf/mongodb.conf diff --git a/kubernetes/common/mongodb/templates/backup/cronjob.yaml b/kubernetes/common/mongodb/templates/backup/cronjob.yaml index 79466e919e..2e884b14b9 100644 --- a/kubernetes/common/mongodb/templates/backup/cronjob.yaml +++ b/kubernetes/common/mongodb/templates/backup/cronjob.yaml @@ -166,14 +166,16 @@ spec: restartPolicy: {{ .Values.backup.cronjob.restartPolicy }} volumes: - name: empty-dir - emptyDir: {} + emptyDir: + sizeLimit: 64Mi - name: common-scripts configMap: name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} defaultMode: 0550 {{- if .Values.tls.enabled }} - name: certs - emptyDir: {} + emptyDir: + sizeLimit: 64Mi {{- if (include "mongodb.autoGenerateCerts" .) }} - name: certs-volume secret: diff --git a/kubernetes/common/mongodb/templates/hidden/statefulset.yaml b/kubernetes/common/mongodb/templates/hidden/statefulset.yaml index 5b2a807d84..08a55ebd06 100644 --- a/kubernetes/common/mongodb/templates/hidden/statefulset.yaml +++ b/kubernetes/common/mongodb/templates/hidden/statefulset.yaml @@ -514,7 +514,8 @@ spec: {{- end }} volumes: - name: empty-dir - emptyDir: {} + emptyDir: + sizeLimit: 64Mi - name: common-scripts configMap: name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} @@ -531,7 +532,8 @@ spec: {{- end }} {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }} - name: shared - emptyDir: {} + emptyDir: + sizeLimit: 64Mi {{- end }} - name: scripts configMap: @@ -542,7 +544,8 @@ spec: {{- end }} {{- if .Values.tls.enabled }} - name: certs - emptyDir: {} + emptyDir: + sizeLimit: 64Mi {{- if (include "mongodb.autoGenerateCerts" .) }} - name: certs-volume secret: @@ -568,8 +571,10 @@ spec: {{- if .Values.hidden.persistence.medium }} emptyDir: medium: {{ .Values.hidden.persistence.medium | quote }} + sizeLimit: 64Mi {{- else }} - emptyDir: {} + emptyDir: + sizeLimit: 64Mi {{- end }} {{- else }} volumeClaimTemplates: diff --git a/kubernetes/common/mongodb/templates/replicaset/statefulset.yaml b/kubernetes/common/mongodb/templates/replicaset/statefulset.yaml index 55158e8fb0..b171eca005 100644 --- a/kubernetes/common/mongodb/templates/replicaset/statefulset.yaml +++ b/kubernetes/common/mongodb/templates/replicaset/statefulset.yaml @@ -512,7 +512,8 @@ spec: {{- end }} volumes: - name: empty-dir - emptyDir: {} + emptyDir: + sizeLimit: 64Mi - name: common-scripts configMap: name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} @@ -529,7 +530,8 @@ spec: {{- end }} {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} - name: shared - emptyDir: {} + emptyDir: + sizeLimit: 64Mi {{- end }} - name: scripts configMap: @@ -540,7 +542,8 @@ spec: {{- end }} {{- if .Values.tls.enabled }} - name: certs - emptyDir: {} + emptyDir: + sizeLimit: 64Mi {{- if (include "mongodb.autoGenerateCerts" .) }} - name: certs-volume secret: @@ -566,8 +569,10 @@ spec: {{- if .Values.persistence.medium }} emptyDir: medium: {{ .Values.persistence.medium | quote }} + sizeLimit: 64Mi {{- else }} - emptyDir: {} + emptyDir: + sizeLimit: 64Mi {{- end }} {{- else }} {{- if .Values.persistentVolumeClaimRetentionPolicy.enabled }} diff --git a/kubernetes/common/mongodb/templates/standalone/dep-sts.yaml b/kubernetes/common/mongodb/templates/standalone/dep-sts.yaml index 29dd406bca..6f63f0be5b 100644 --- a/kubernetes/common/mongodb/templates/standalone/dep-sts.yaml +++ b/kubernetes/common/mongodb/templates/standalone/dep-sts.yaml @@ -437,7 +437,8 @@ spec: {{- end }} volumes: - name: empty-dir - emptyDir: {} + emptyDir: + sizeLimit: 64Mi - name: common-scripts configMap: name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} @@ -457,7 +458,8 @@ spec: {{- end }} {{- if .Values.tls.enabled }} - name: certs - emptyDir: {} + emptyDir: + sizeLimit: 64Mi {{- if (include "mongodb.autoGenerateCerts" .) }} - name: certs-volume secret: @@ -481,8 +483,10 @@ spec: {{- if .Values.persistence.medium }} emptyDir: medium: {{ .Values.persistence.medium | quote }} + sizeLimit: 64Mi {{- else }} - emptyDir: {} + emptyDir: + sizeLimit: 64Mi {{- end }} {{- else if .Values.persistence.existingClaim }} - name: {{ .Values.persistence.name | default "datadir" }} diff --git a/kubernetes/common/mongodb/values.yaml b/kubernetes/common/mongodb/values.yaml index 8d995ce973..9612859392 100644 --- a/kubernetes/common/mongodb/values.yaml +++ b/kubernetes/common/mongodb/values.yaml @@ -120,7 +120,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/mongodb - tag: 7.0.5-debian-12-r5 + tag: 7.0.8-debian-12-r2 digest: "" ## Specify a imagePullPolicy ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images @@ -246,7 +246,7 @@ tls: image: registry: docker.io repository: bitnami/nginx - tag: 1.25.4-debian-12-r1 + tag: 1.25.4-debian-12-r7 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -571,15 +571,17 @@ podSecurityContext: ## containerSecurityContext: enabled: true - seLinuxOptions: null + seLinuxOptions: {} runAsUser: 1001 - runAsGroup: 0 + runAsGroup: 1001 runAsNonRoot: true privileged: false - readOnlyRootFilesystem: false + readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: - drop: ["ALL"] + drop: + - ALL + - CAP_NET_RAW seccompProfile: type: "RuntimeDefault" ## MongoDB(®) containers' resource requests and limits. @@ -834,7 +836,7 @@ externalAccess: image: registry: docker.io repository: bitnami/kubectl - tag: 1.29.2-debian-12-r1 + tag: 1.29.3-debian-12-r3 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1203,15 +1205,17 @@ backup: ## containerSecurityContext: enabled: true - seLinuxOptions: null + seLinuxOptions: {} runAsUser: 1001 - runAsGroup: 0 + runAsGroup: 1001 runAsNonRoot: true privileged: false - readOnlyRootFilesystem: false + readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: - drop: ["ALL"] + drop: + - ALL + - CAP_NET_RAW seccompProfile: type: "RuntimeDefault" ## @param backup.cronjob.command Set backup container's command to run @@ -1382,7 +1386,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 12-debian-12-r15 + tag: 12-debian-12-r18 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1429,7 +1433,7 @@ volumePermissions: ## @param volumePermissions.securityContext.runAsUser User ID for the volumePermissions container ## securityContext: - seLinuxOptions: null + seLinuxOptions: {} runAsUser: 0 ## @section Arbiter parameters ## @@ -1603,15 +1607,17 @@ arbiter: ## containerSecurityContext: enabled: true - seLinuxOptions: null + seLinuxOptions: {} runAsUser: 1001 - runAsGroup: 0 + runAsGroup: 1001 runAsNonRoot: true privileged: false - readOnlyRootFilesystem: false + readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: - drop: ["ALL"] + drop: + - ALL + - CAP_NET_RAW seccompProfile: type: "RuntimeDefault" ## MongoDB(®) Arbiter containers' resource requests and limits. @@ -1946,15 +1952,17 @@ hidden: ## containerSecurityContext: enabled: true - seLinuxOptions: null + seLinuxOptions: {} runAsUser: 1001 - runAsGroup: 0 + runAsGroup: 1001 runAsNonRoot: true privileged: false - readOnlyRootFilesystem: false + readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: - drop: ["ALL"] + drop: + - ALL + - CAP_NET_RAW seccompProfile: type: "RuntimeDefault" ## MongoDB(®) Hidden containers' resource requests and limits. @@ -2180,7 +2188,7 @@ metrics: image: registry: docker.io repository: bitnami/mongodb-exporter - tag: 0.40.0-debian-12-r11 + tag: 0.40.0-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/kubernetes/common/postgres-init/templates/job.yaml b/kubernetes/common/postgres-init/templates/job.yaml index 348dda517a..cc7d410eb2 100644 --- a/kubernetes/common/postgres-init/templates/job.yaml +++ b/kubernetes/common/postgres-init/templates/job.yaml @@ -76,9 +76,6 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - mountPath: /config-input/setup.sql name: config subPath: setup.sql @@ -96,9 +93,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - - name: localtime - hostPath: - path: /etc/localtime - name: config configMap: name: {{ include "common.fullname" . }} diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl index aae5da9195..ff701a2c10 100644 --- a/kubernetes/common/postgres/templates/_deployment.tpl +++ b/kubernetes/common/postgres/templates/_deployment.tpl @@ -222,9 +222,6 @@ spec: {{ toYaml $dot.Values.affinity | indent 10 }} {{- end }} volumes: - - name: localtime - hostPath: - path: /etc/localtime - name: {{ include "common.fullname" $dot }}-backup emptyDir: {} - name: {{ include "common.fullname" $dot }}-data |