diff --git a/.vib/magento/cypress/cypress/e2e/magento.cy.js b/.vib/magento/cypress/cypress/e2e/magento.cy.js index 9d855a5cf467e1..5ffda5e3b798af 100644 --- a/.vib/magento/cypress/cypress/e2e/magento.cy.js +++ b/.vib/magento/cypress/cypress/e2e/magento.cy.js @@ -19,7 +19,7 @@ it('allows admin to add a product to the store', () => { cy.contains('Salable Quantity'); cy.contains('Add Product').click(); cy.fixture('products').then((product) => { - cy.get('[name="product[name]"]').type( + cy.get('[name="product[name]"]', {timeout: 60000}).type( `${product.newProduct.productName}.${random}` ); cy.get('[name="product[price]"]').type(product.newProduct.price); @@ -30,7 +30,7 @@ it('allows admin to add a product to the store', () => { }); cy.get('.product-image').should('be.visible'); cy.get('#save-button').click(); - cy.get('#menu-magento-catalog-catalog').click(); + cy.get('#menu-magento-catalog-catalog', {timeout: 60000}).click(); cy.contains('Products').click(); cy.fixture('products').then((product) => { cy.contains(`${product.newProduct.productName}.${random}`); diff --git a/.vib/magento/vib-action.config b/.vib/magento/vib-action.config new file mode 100644 index 00000000000000..98dc98a97ebe2a --- /dev/null +++ b/.vib/magento/vib-action.config @@ -0,0 +1 @@ +verification-mode=SERIAL \ No newline at end of file diff --git a/bitnami/magento/Chart.lock b/bitnami/magento/Chart.lock index 610130e42d0450..2b8755a132ec34 100644 --- a/bitnami/magento/Chart.lock +++ b/bitnami/magento/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: mariadb repository: oci://registry-1.docker.io/bitnamicharts - version: 15.2.3 + version: 18.0.1 - name: elasticsearch repository: oci://registry-1.docker.io/bitnamicharts - version: 19.19.3 + version: 20.0.2 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.18.0 -digest: sha256:a03226f45b598fca0e40f8804aa3fe287ff7ec4fc7100195b467535bbe180163 -generated: "2024-03-05T14:34:42.174163373+01:00" + version: 2.19.1 +digest: sha256:df139ceb0fa0567a601c5294902f7b1629cdbc3641ea23bee88479b2dacaa049 +generated: "2024-04-04T13:14:38.519751044+02:00" diff --git a/bitnami/magento/Chart.yaml b/bitnami/magento/Chart.yaml index 021ced065b06c8..bd9668f8411978 100644 --- a/bitnami/magento/Chart.yaml +++ b/bitnami/magento/Chart.yaml @@ -23,11 +23,11 @@ dependencies: repository: oci://registry-1.docker.io/bitnamicharts tags: - magento-database - version: 15.x.x + version: 18.x.x - condition: elasticsearch.enabled name: elasticsearch repository: oci://registry-1.docker.io/bitnamicharts - version: 19.x.x + version: 20.x.x - name: common repository: oci://registry-1.docker.io/bitnamicharts tags: @@ -48,4 +48,4 @@ maintainers: name: magento sources: - https://github.com/bitnami/charts/tree/main/bitnami/magento -version: 25.5.0 +version: 26.0.0 diff --git a/bitnami/magento/README.md b/bitnami/magento/README.md index 765716cdd09ad3..3ab44f670d14c9 100644 --- a/bitnami/magento/README.md +++ b/bitnami/magento/README.md @@ -265,12 +265,12 @@ See the [Parameters](#parameters) section to configure the PVC or to disable per ### Global parameters -| Name | Description | Value | -| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | -| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `disabled` | +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | +| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` | ### Common parameters @@ -340,7 +340,7 @@ See the [Parameters](#parameters) section to configure the PVC or to disable per | `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | | `affinity` | Affinity for pod assignment | `{}` | | `nodeSelector` | Node labels for pod assignment | `{}` | -| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `none` | +| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `medium` | | `resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | | `podSecurityContext.enabled` | Enable Magento pods' Security Context | `true` | | `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | @@ -348,8 +348,9 @@ See the [Parameters](#parameters) section to configure the PVC or to disable per | `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | | `podSecurityContext.fsGroup` | Magento pods' group ID | `1001` | | `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | | `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` | | `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | | `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | @@ -383,65 +384,67 @@ See the [Parameters](#parameters) section to configure the PVC or to disable per ### NetworkPolicy parameters -| Name | Description | Value | -| ------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------- | ------- | -| `networkPolicy.enabled` | Enable network policies | `false` | -| `networkPolicy.metrics.enabled` | Enable network policy for metrics (prometheus) | `false` | -| `networkPolicy.metrics.namespaceSelector` | magento Monitoring namespace selector labels. These labels will be used to identify the prometheus' namespace. | `{}` | -| `networkPolicy.metrics.podSelector` | magento Monitoring pod selector labels. These labels will be used to identify the Prometheus pods. | `{}` | -| `networkPolicy.ingress.enabled` | Enable network policy for Ingress Proxies | `false` | -| `networkPolicy.ingress.namespaceSelector` | magento Ingress Proxy namespace selector labels. These labels will be used to identify the Ingress Proxy's namespace. | `{}` | -| `networkPolicy.ingress.podSelector` | magento Ingress Proxy pods selector labels. These labels will be used to identify the Ingress Proxy pods. | `{}` | -| `networkPolicy.ingressRules.backendOnlyAccessibleByFrontend` | Enable ingress rule that makes the backend (mariadb, elasticsearch) only accessible by magento's pods. | `false` | -| `networkPolicy.ingressRules.customBackendSelector` | magento Backend selector labels. These labels will be used to identify the backend pods. | `{}` | -| `networkPolicy.ingressRules.accessOnlyFrom.enabled` | Enable ingress rule that makes magento only accessible from a particular origin | `false` | -| `networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector` | magento Namespace selector label that is allowed to access magento. This label will be used to identified the allowed namespace(s). | `{}` | -| `networkPolicy.ingressRules.accessOnlyFrom.podSelector` | magento Pods selector label that is allowed to access magento. This label will be used to identified the allowed pod(s). | `{}` | -| `networkPolicy.ingressRules.customRules` | magento Custom network policy ingress rule | `{}` | -| `networkPolicy.egressRules.denyConnectionsToExternal` | Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53). | `false` | -| `networkPolicy.egressRules.customRules` | magento Custom network policy rule | `{}` | +| Name | Description | Value | +| --------------------------------------- | --------------------------------------------------------------- | ------ | +| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | ### Database parameters -| Name | Description | Value | -| ------------------------------------------- | ------------------------------------------------------------------------------------------------------- | ------------------------- | -| `mariadb.enabled` | Whether to deploy a mariadb server to satisfy the applications database requirements. | `true` | -| `mariadb.image.registry` | MariaDB image registry | `REGISTRY_NAME` | -| `mariadb.image.repository` | MariaDB image repository | `REPOSITORY_NAME/mariadb` | -| `mariadb.image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `mariadb.architecture` | MariaDB architecture. Allowed values: `standalone` or `replication` | `standalone` | -| `mariadb.auth.rootPassword` | Password for the MariaDB `root` user | `""` | -| `mariadb.auth.database` | Database name to create | `bitnami_magento` | -| `mariadb.auth.username` | Database user to create | `bn_magento` | -| `mariadb.auth.password` | Password for the database | `""` | -| `mariadb.primary.persistence.enabled` | Enable database persistence using PVC | `true` | -| `mariadb.primary.persistence.storageClass` | MariaDB primary persistent volume storage Class | `""` | -| `mariadb.primary.persistence.accessModes` | Database Persistent Volume Access Modes | `["ReadWriteOnce"]` | -| `mariadb.primary.persistence.size` | Database Persistent Volume Size | `8Gi` | -| `mariadb.primary.persistence.hostPath` | Set path in case you want to use local host path volumes (not recommended in production) | `""` | -| `mariadb.primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas | `""` | -| `externalDatabase.host` | Host of the existing database | `""` | -| `externalDatabase.port` | Port of the existing database | `3306` | -| `externalDatabase.user` | Existing username in the external db | `bn_magento` | -| `externalDatabase.password` | Password for the above username | `""` | -| `externalDatabase.database` | Name of the existing database | `bitnami_magento` | -| `externalDatabase.existingSecret` | Name of an existing secret resource containing the DB password | `""` | +| Name | Description | Value | +| ------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- | +| `mariadb.enabled` | Whether to deploy a mariadb server to satisfy the applications database requirements. | `true` | +| `mariadb.image.registry` | MariaDB image registry | `REGISTRY_NAME` | +| `mariadb.image.repository` | MariaDB image repository | `REPOSITORY_NAME/mariadb` | +| `mariadb.image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `mariadb.architecture` | MariaDB architecture. Allowed values: `standalone` or `replication` | `standalone` | +| `mariadb.auth.rootPassword` | Password for the MariaDB `root` user | `""` | +| `mariadb.auth.database` | Database name to create | `bitnami_magento` | +| `mariadb.auth.username` | Database user to create | `bn_magento` | +| `mariadb.auth.password` | Password for the database | `""` | +| `mariadb.primary.persistence.enabled` | Enable database persistence using PVC | `true` | +| `mariadb.primary.persistence.storageClass` | MariaDB primary persistent volume storage Class | `""` | +| `mariadb.primary.persistence.accessModes` | Database Persistent Volume Access Modes | `["ReadWriteOnce"]` | +| `mariadb.primary.persistence.size` | Database Persistent Volume Size | `8Gi` | +| `mariadb.primary.persistence.hostPath` | Set path in case you want to use local host path volumes (not recommended in production) | `""` | +| `mariadb.primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas | `""` | +| `mariadb.primary.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production). | `micro` | +| `mariadb.primary.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `externalDatabase.host` | Host of the existing database | `""` | +| `externalDatabase.port` | Port of the existing database | `3306` | +| `externalDatabase.user` | Existing username in the external db | `bn_magento` | +| `externalDatabase.password` | Password for the above username | `""` | +| `externalDatabase.database` | Name of the existing database | `bitnami_magento` | +| `externalDatabase.existingSecret` | Name of an existing secret resource containing the DB password | `""` | ### Elasticsearch parameters -| Name | Description | Value | -| ----------------------------------------- | ------------------------------------------------------------------------------------------------------------- | ------------------------------- | -| `elasticsearch.enabled` | Whether to deploy a elasticsearch server to use as magento's search engine | `true` | -| `elasticsearch.image.registry` | Elasticsearch image registry | `REGISTRY_NAME` | -| `elasticsearch.image.repository` | Elasticsearch image repository | `REPOSITORY_NAME/elasticsearch` | -| `elasticsearch.image.digest` | Elasticsearch image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `elasticsearch.sysctlImage.enabled` | Enable kernel settings modifier image for Elasticsearch | `true` | -| `elasticsearch.master.replicaCount` | Desired number of Elasticsearch master-eligible nodes | `1` | -| `elasticsearch.coordinating.replicaCount` | Desired number of Elasticsearch coordinating-only nodes | `1` | -| `elasticsearch.data.replicaCount` | Desired number of Elasticsearch data nodes | `1` | -| `elasticsearch.ingest.replicaCount` | Desired number of Elasticsearch ingest nodes | `1` | -| `externalElasticsearch.host` | Host of the external elasticsearch server | `""` | -| `externalElasticsearch.port` | Port of the external elasticsearch server | `""` | +| Name | Description | Value | +| -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------- | +| `elasticsearch.enabled` | Whether to deploy a elasticsearch server to use as magento's search engine | `true` | +| `elasticsearch.image.registry` | Elasticsearch image registry | `REGISTRY_NAME` | +| `elasticsearch.image.repository` | Elasticsearch image repository | `REPOSITORY_NAME/elasticsearch` | +| `elasticsearch.image.digest` | Elasticsearch image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `elasticsearch.sysctlImage.enabled` | Enable kernel settings modifier image for Elasticsearch | `true` | +| `elasticsearch.master.replicaCount` | Desired number of Elasticsearch master-eligible nodes | `1` | +| `elasticsearch.master.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production). | `small` | +| `elasticsearch.master.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `elasticsearch.coordinating.replicaCount` | Desired number of Elasticsearch coordinating-only nodes | `1` | +| `elasticsearch.coordinating.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if coordinating.resources is set (coordinating.resources is recommended for production). | `small` | +| `elasticsearch.coordinating.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `elasticsearch.data.replicaCount` | Desired number of Elasticsearch data nodes | `1` | +| `elasticsearch.data.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if data.resources is set (data.resources is recommended for production). | `medium` | +| `elasticsearch.data.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `elasticsearch.ingest.replicaCount` | Desired number of Elasticsearch ingest nodes | `1` | +| `elasticsearch.ingest.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if ingest.resources is set (ingest.resources is recommended for production). | `small` | +| `elasticsearch.ingest.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `externalElasticsearch.host` | Host of the external elasticsearch server | `""` | +| `externalElasticsearch.port` | Port of the external elasticsearch server | `""` | ### Persistence parameters @@ -600,6 +603,10 @@ Find more information about how to deal with common errors related to Bitnami's ## Notable changes +### To 26.0.0 + +This major release bumps the and MariaDB chart version to [18.x.x](https://github.com/bitnami/charts/pull/24804); no major issues are expected during the upgrade. + ### To 23.0.0 This major release bumps the MariaDB version to 10.6. Follow the [upstream instructions](https://mariadb.com/kb/en/upgrading/) for upgrading to MariaDB 10.6. No major issues are expected during the upgrade. @@ -671,7 +678,15 @@ You can disable the initContainer using the `elasticsearch.sysctlImage.enabled=f ### To 24.0.0 -This major release bumps the MariaDB version to 11.1. No major issues are expected during the upgrade. +This major bump changes the following security defaults: + +- `resourcesPreset` is changed from `none` to the minimum size working in our test suites (NOTE: `resourcesPreset` is not meant for production usage, but `resources` adapted to your use case). +- `global.compatibility.openshift.adaptSecurityContext` is changed from `disabled` to `auto`. +- The `networkPolicy` section has been normalized amongst all Bitnami charts. Compared to the previous approach, the values section has been simplified (check the Parameters section) and now it set to `enabled=true` by default. Egress traffic is allowed by default and ingress traffic is allowed by all pods but only to the ports set in `containerPorts` and `extraContainerPorts`. + +This could potentially break any customization or init scripts used in your deployment. If this is the case, change the default values to the previous ones. + +Also, this major release bumps the MariaDB chart version to [18.x.x](https://github.com/bitnami/charts/pull/24804); no major issues are expected during the upgrade. ### To 22.0.0 diff --git a/bitnami/magento/templates/_helpers.tpl b/bitnami/magento/templates/_helpers.tpl index 1fe7564b4d8707..3b9bbce6fcf2c8 100644 --- a/bitnami/magento/templates/_helpers.tpl +++ b/bitnami/magento/templates/_helpers.tpl @@ -37,6 +37,17 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- printf "%s-%s" .Release.Name "elasticsearch" | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Return Elasticsearch port +*/}} +{{- define "magento.elasticsearch.port" -}} +{{- if .Values.elasticsearch.enabled -}} + {{- print .Values.elasticsearch.service.ports.restAPI -}} +{{- else -}} + {{- print .Values.externalElasticsearch.port -}} +{{- end -}} +{{- end -}} + {{/* Get the user defined LoadBalancerIP for this release. Note, returns 127.0.0.1 if using ClusterIP. diff --git a/bitnami/magento/templates/deployment.yaml b/bitnami/magento/templates/deployment.yaml index f44ad07b0db2d2..a1c61a19a0174d 100644 --- a/bitnami/magento/templates/deployment.yaml +++ b/bitnami/magento/templates/deployment.yaml @@ -148,13 +148,7 @@ spec: value: "" {{- end }} - name: ELASTICSEARCH_PORT_NUMBER - {{- if .Values.elasticsearch.enabled }} - value: "9200" - {{- else if .Values.externalElasticsearch.port }} - value: {{ .Values.externalElasticsearch.port | quote }} - {{- else }} - value: "" - {{- end }} + value: {{ include "magento.elasticsearch.port" . | quote }} - name: MAGENTO_SKIP_BOOTSTRAP value: {{ ternary "yes" "no" .Values.magentoSkipInstall | quote }} {{- $port:=.Values.service.ports.http | toString }} @@ -224,12 +218,8 @@ spec: livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} {{- else if .Values.livenessProbe.enabled }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /index.php + tcpSocket: port: http - httpHeaders: - - name: Host - value: {{ include "magento.host" . | quote }} {{- end }} {{- if .Values.customReadinessProbe }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} diff --git a/bitnami/magento/templates/networkpolicy-backend-ingress.yaml b/bitnami/magento/templates/networkpolicy-backend-ingress.yaml deleted file mode 100644 index 0e86a37764a18d..00000000000000 --- a/bitnami/magento/templates/networkpolicy-backend-ingress.yaml +++ /dev/null @@ -1,80 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} -{{- if and .Values.networkPolicy.enabled .Values.networkPolicy.ingressRules.backendOnlyAccessibleByFrontend }} -apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} -kind: NetworkPolicy -metadata: - name: {{ printf "%s-backend-mariadb" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - podSelector: - matchLabels: - {{- if .Values.networkPolicy.ingressRules.customBackendSelector }} - {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.customBackendSelector "context" $) | nindent 6 }} - {{- else }} - app.kubernetes.io/name: mariadb - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - ingress: - - from: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} -{{- end }} -{{- if and .Values.networkPolicy.enabled .Values.networkPolicy.ingressRules.backendOnlyAccessibleByFrontend }} ---- -apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} -kind: NetworkPolicy -metadata: - name: {{ printf "%s-backend-elasticseach" (include "common.names.fullname" .) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - podSelector: - matchLabels: - {{- if .Values.networkPolicy.ingressRules.customBackendSelector }} - {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.customBackendSelector "context" $) | nindent 6 }} - {{- else }} - app.kubernetes.io/name: elasticsearch - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - ingress: - - from: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} -{{- end }} -{{- if and .Values.networkPolicy.enabled .Values.networkPolicy.ingressRules.backendOnlyAccessibleByFrontend }} ---- -apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} -kind: NetworkPolicy -metadata: - name: {{ printf "%s-backend-elasticseach-nodes" (include "common.names.fullname" .) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - podSelector: - matchLabels: - {{- if .Values.networkPolicy.ingressRules.customBackendSelector }} - {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.customBackendSelector "context" $) | nindent 6 }} - {{- else }} - app.kubernetes.io/name: elasticsearch - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - ingress: - - from: - - podSelector: - matchLabels: - app.kubernetes.io/name: elasticsearch - app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} diff --git a/bitnami/magento/templates/networkpolicy-egress.yaml b/bitnami/magento/templates/networkpolicy-egress.yaml deleted file mode 100644 index c7957a5c25c526..00000000000000 --- a/bitnami/magento/templates/networkpolicy-egress.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.egressRules.denyConnectionsToExternal .Values.networkPolicy.egressRules.customRules) }} -apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} -kind: NetworkPolicy -metadata: - name: {{ printf "%s-egress" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/instance: {{ .Release.Name }} - policyTypes: - - Egress - egress: - {{- if .Values.networkPolicy.egressRules.denyConnectionsToExternal }} - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP - - to: - - namespaceSelector: {} - {{- end }} - {{- if .Values.networkPolicy.egressRules.customRules }} - {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.egressRules.customRules "context" $) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/bitnami/magento/templates/networkpolicy-ingress.yaml b/bitnami/magento/templates/networkpolicy-ingress.yaml deleted file mode 100644 index cf31f0e14a0921..00000000000000 --- a/bitnami/magento/templates/networkpolicy-ingress.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.ingress.enabled .Values.networkPolicy.metrics.enabled .Values.networkPolicy.ingressRules.accessOnlyFrom.enabled) }} -apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} -kind: NetworkPolicy -metadata: - name: {{ printf "%s-ingress" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - ingress: - {{- if and .Values.ingress.enabled .Values.networkPolicy.ingress.enabled (or .Values.networkPolicy.ingress.namespaceSelector .Values.networkPolicy.ingress.podSelector) }} - - from: - {{- if .Values.networkPolicy.ingress.namespaceSelector }} - - namespaceSelector: - matchLabels: - {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingress.namespaceSelector "context" $) | nindent 14 }} - {{- end }} - {{- if .Values.networkPolicy.ingress.podSelector }} - - podSelector: - matchLabels: - {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingress.podSelector "context" $) | nindent 14 }} - {{- end }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.networkPolicy.metrics.enabled (or .Values.networkPolicy.metrics.namespaceSelector .Values.networkPolicy.metrics.podSelector) }} - - from: - {{- if .Values.networkPolicy.metrics.namespaceSelector }} - - namespaceSelector: - matchLabels: - {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.metrics.namespaceSelector "context" $) | nindent 14 }} - {{- end }} - {{- if .Values.networkPolicy.metrics.podSelector }} - - podSelector: - matchLabels: - {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.metrics.podSelector "context" $) | nindent 14 }} - {{- end }} - {{- end }} - {{- if and .Values.networkPolicy.ingressRules.accessOnlyFrom.enabled (or .Values.networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector .Values.networkPolicy.ingressRules.accessOnlyFrom.podSelector) }} - - from: - {{- if .Values.networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector }} - - namespaceSelector: - matchLabels: - {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector "context" $) | nindent 14 }} - {{- end }} - {{- if .Values.networkPolicy.ingressRules.accessOnlyFrom.podSelector }} - - podSelector: - matchLabels: - {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.accessOnlyFrom.podSelector "context" $) | nindent 14 }} - {{- end }} - {{- end }} - {{- if .Values.networkPolicy.ingressRules.customRules }} - {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.customRules "context" $) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/bitnami/magento/templates/networkpolicy.yaml b/bitnami/magento/templates/networkpolicy.yaml new file mode 100644 index 00000000000000..6b981422cd2c36 --- /dev/null +++ b/bitnami/magento/templates/networkpolicy.yaml @@ -0,0 +1,90 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + policyTypes: + - Ingress + - Egress + {{- if .Values.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Allow outbound connections to MariaDB + - ports: + - port: {{ include "magento.databasePort" . }} + {{- if .Values.mariadb.enabled }} + to: + - podSelector: + matchLabels: + app.kubernetes.io/name: mariadb + app.kubernetes.io/instance: {{ .Release.Name }} + {{- end }} + # Allow outbound connections to Elasticsearch + - ports: + - port: {{ include "magento.elasticsearch.port" . | int }} + {{- if .Values.elasticsearch.enabled }} + to: + - podSelector: + matchLabels: + app.kubernetes.io/name: elasticsearch + app.kubernetes.io/instance: {{ .Release.Name }} + {{- end }} + {{- if .Values.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + - ports: + - port: {{ .Values.containerPorts.http }} + - port: {{ .Values.containerPorts.https }} + {{- range .Values.extraContainerPorts }} + - port: {{ .containerPort }} + {{- end }} + {{- if not .Values.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + - podSelector: + matchLabels: + {{ template "common.names.fullname" . }}-client: "true" + {{- if .Values.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/bitnami/magento/values.yaml b/bitnami/magento/values.yaml index d5e6190e10529d..0ab5d90a86e3d1 100644 --- a/bitnami/magento/values.yaml +++ b/bitnami/magento/values.yaml @@ -26,7 +26,7 @@ global: openshift: ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) ## - adaptSecurityContext: disabled + adaptSecurityContext: auto ## @section Common parameters ## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) @@ -288,7 +288,7 @@ nodeSelector: {} ## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## -resourcesPreset: "none" +resourcesPreset: "medium" ## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: ## resources: @@ -319,6 +319,7 @@ podSecurityContext: ## @param containerSecurityContext.enabled Enabled containers' Security Context ## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser +## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup ## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param containerSecurityContext.privileged Set container's Security Context privileged ## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem @@ -328,8 +329,9 @@ podSecurityContext: ## containerSecurityContext: enabled: true - seLinuxOptions: null + seLinuxOptions: {} runAsUser: 1001 + runAsGroup: 0 runAsNonRoot: true privileged: false readOnlyRootFilesystem: false @@ -408,100 +410,61 @@ podAnnotations: {} podLabels: {} ## @section NetworkPolicy parameters -## Add networkpolicies +## Network Policy configuration +## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ ## networkPolicy: - ## @param networkPolicy.enabled Enable network policies - ## If ingress.enabled or metrics.enabled are true, configure networkPolicy.ingress and networkPolicy.metrics selectors respectively to allow communication + ## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created ## - enabled: false - ## @param networkPolicy.metrics.enabled Enable network policy for metrics (prometheus) - ## @param networkPolicy.metrics.namespaceSelector magento Monitoring namespace selector labels. These labels will be used to identify the prometheus' namespace. - ## @param networkPolicy.metrics.podSelector magento Monitoring pod selector labels. These labels will be used to identify the Prometheus pods. - ## - metrics: - enabled: false - ## e.g: - ## podSelector: - ## label: monitoring - ## - podSelector: {} - ## e.g: - ## namespaceSelector: - ## label: monitoring - ## - namespaceSelector: {} - ## @param networkPolicy.ingress.enabled Enable network policy for Ingress Proxies - ## @param networkPolicy.ingress.namespaceSelector magento Ingress Proxy namespace selector labels. These labels will be used to identify the Ingress Proxy's namespace. - ## @param networkPolicy.ingress.podSelector magento Ingress Proxy pods selector labels. These labels will be used to identify the Ingress Proxy pods. - ## - ingress: - enabled: false - ## e.g: - ## podSelector: - ## label: ingress - ## - podSelector: {} - ## e.g: - ## namespaceSelector: - ## label: ingress - ## - namespaceSelector: {} - ## @param networkPolicy.ingressRules.backendOnlyAccessibleByFrontend Enable ingress rule that makes the backend (mariadb, elasticsearch) only accessible by magento's pods. - ## @param networkPolicy.ingressRules.customBackendSelector magento Backend selector labels. These labels will be used to identify the backend pods. - ## @param networkPolicy.ingressRules.accessOnlyFrom.enabled Enable ingress rule that makes magento only accessible from a particular origin - ## @param networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector magento Namespace selector label that is allowed to access magento. This label will be used to identified the allowed namespace(s). - ## @param networkPolicy.ingressRules.accessOnlyFrom.podSelector magento Pods selector label that is allowed to access magento. This label will be used to identified the allowed pod(s). - ## @param networkPolicy.ingressRules.customRules magento Custom network policy ingress rule - ## - ingressRules: - ## mariadb and elacticsearch backends only can be accessed from magento - ## - backendOnlyAccessibleByFrontend: false - ## Additional custom backend selector - ## e.g: - ## customBackendSelector: - ## - to: - ## - namespaceSelector: - ## matchLabels: - ## label: example - customBackendSelector: {} - ## Allow only from the indicated: - ## - accessOnlyFrom: - enabled: false - ## e.g: - ## podSelector: - ## label: access - ## - podSelector: {} - ## e.g: - ## namespaceSelector: - ## label: access - ## - namespaceSelector: {} - ## custom ingress rules - ## e.g: - ## customRules: - ## - from: - ## - namespaceSelector: - ## matchLabels: - ## label: example - customRules: {} - ## @param networkPolicy.egressRules.denyConnectionsToExternal Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53). - ## @param networkPolicy.egressRules.customRules magento Custom network policy rule - ## - egressRules: - # Deny connections to external. This is not compatible with an external database. - denyConnectionsToExternal: false - ## Additional custom egress rules - ## e.g: - ## customRules: - ## - to: - ## - namespaceSelector: - ## matchLabels: - ## label: example - customRules: {} + enabled: true + ## @param networkPolicy.allowExternal Don't require server label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## server label will have network access to the ports server is listening + ## on. When true, server will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} ## @section Database parameters ## MariaDB chart configuration @@ -574,6 +537,27 @@ mariadb: ## Use an existing PVC ## existingClaim: "" + ## MariaDB primary container's resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param mariadb.primary.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "micro" + ## @param mariadb.primary.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## External database configuration ## externalDatabase: @@ -626,21 +610,93 @@ elasticsearch: ## master: replicaCount: 1 + ## Elasticsearch resource requests and limits + ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param elasticsearch.master.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "small" + ## @param elasticsearch.master.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Elasticsearch coordinating-only node parameters ## @param elasticsearch.coordinating.replicaCount Desired number of Elasticsearch coordinating-only nodes ## coordinating: replicaCount: 1 + ## Elasticsearch resource requests and limits + ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param elasticsearch.coordinating.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if coordinating.resources is set (coordinating.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "small" + ## @param elasticsearch.coordinating.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Elasticsearch data node parameters ## @param elasticsearch.data.replicaCount Desired number of Elasticsearch data nodes ## data: replicaCount: 1 + ## Elasticsearch resource requests and limits + ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param elasticsearch.data.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if data.resources is set (data.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "medium" + ## @param elasticsearch.data.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Elasticsearch ingest node parameters ## @param elasticsearch.ingest.replicaCount Desired number of Elasticsearch ingest nodes ## ingest: replicaCount: 1 + ## Elasticsearch resource requests and limits + ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param elasticsearch.ingest.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if ingest.resources is set (ingest.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "small" + ## @param elasticsearch.ingest.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## External elasticsearch configuration ## externalElasticsearch: