From 3438d776d1fe43b64779e83fbccd69d7c67accdd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 10 Dec 2024 22:10:22 +0100 Subject: [PATCH] [bitnami/moodle] Detect non-standard images (#30960) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [bitnami/moodle] Detect non-standard images Signed-off-by: Carlos Rodríguez Hernández * Modify NOTES.txt Signed-off-by: Carlos Rodríguez Hernández * Modify values Signed-off-by: Carlos Rodríguez Hernández * Update values.yaml Signed-off-by: Carlos Rodríguez Hernández * Update CHANGELOG.md Signed-off-by: Bitnami Containers * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Containers --------- Signed-off-by: Carlos Rodríguez Hernández Signed-off-by: Bitnami Containers Co-authored-by: Bitnami Containers --- bitnami/moodle/CHANGELOG.md | 11 +++++++++-- bitnami/moodle/Chart.lock | 6 +++--- bitnami/moodle/Chart.yaml | 2 +- bitnami/moodle/README.md | 17 +++++++++++------ bitnami/moodle/templates/NOTES.txt | 3 ++- bitnami/moodle/values.yaml | 5 +++++ 6 files changed, 31 insertions(+), 13 deletions(-) diff --git a/bitnami/moodle/CHANGELOG.md b/bitnami/moodle/CHANGELOG.md index 0aba654605ce36..10cc502eb91f94 100644 --- a/bitnami/moodle/CHANGELOG.md +++ b/bitnami/moodle/CHANGELOG.md @@ -1,8 +1,15 @@ # Changelog -## 25.0.2 (2024-12-09) +## 25.1.0 (2024-12-10) -* [bitnami/moodle] Release 25.0.2 ([#30832](https://github.com/bitnami/charts/pull/30832)) +* [bitnami/moodle] Detect non-standard images ([#30960](https://github.com/bitnami/charts/pull/30960)) + +## 25.0.2 (2024-12-09) + +* [bitnami/*] docs: :memo: Add "Backup & Restore" section (#30711) ([35ab536](https://github.com/bitnami/charts/commit/35ab5363741e7548f4076f04da6e62d10153c60c)), closes [#30711](https://github.com/bitnami/charts/issues/30711) +* [bitnami/*] docs: :memo: Add "Prometheus metrics" (batch 4) (#30669) ([a4ec006](https://github.com/bitnami/charts/commit/a4ec00624589023a70a7094fcfb9f12e382bc280)), closes [#30669](https://github.com/bitnami/charts/issues/30669) +* [bitnami/*] docs: :memo: Add "Update Credentials" (batch 3) (#30688) ([10a49f9](https://github.com/bitnami/charts/commit/10a49f9ff2db1d9d11a6edd1c40a9f61803241bc)), closes [#30688](https://github.com/bitnami/charts/issues/30688) +* [bitnami/moodle] Release 25.0.2 (#30832) ([c286d50](https://github.com/bitnami/charts/commit/c286d504065a13868548de4b972c1c6c2c42a64d)), closes [#30832](https://github.com/bitnami/charts/issues/30832) ## 25.0.1 (2024-11-17) diff --git a/bitnami/moodle/Chart.lock b/bitnami/moodle/Chart.lock index 1e5a775f6c9a1a..10d4973681ea5e 100644 --- a/bitnami/moodle/Chart.lock +++ b/bitnami/moodle/Chart.lock @@ -4,6 +4,6 @@ dependencies: version: 20.1.1 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.27.2 -digest: sha256:d2281c5b2c30ac9510846ca5c0eee05412e65ff7d5883ef69f040bebef0fd2ea -generated: "2024-12-09T02:53:52.239089759Z" + version: 2.28.0 +digest: sha256:bbb68797bb44f259e8119037c81b4e3b197f075ad4608e72e6e49cab3f75e264 +generated: "2024-12-10T17:17:15.772268+01:00" diff --git a/bitnami/moodle/Chart.yaml b/bitnami/moodle/Chart.yaml index f8a0017dbf1065..cff6ef2b628720 100644 --- a/bitnami/moodle/Chart.yaml +++ b/bitnami/moodle/Chart.yaml @@ -36,4 +36,4 @@ maintainers: name: moodle sources: - https://github.com/bitnami/charts/tree/main/bitnami/moodle -version: 25.0.2 +version: 25.1.0 diff --git a/bitnami/moodle/README.md b/bitnami/moodle/README.md index 7d7ce1099bae55..575a202c1a2b26 100644 --- a/bitnami/moodle/README.md +++ b/bitnami/moodle/README.md @@ -152,12 +152,13 @@ You may want to review the [PV reclaim policy](https://kubernetes.io/docs/tasks/ ### Global parameters -| Name | Description | Value | -| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` | -| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` | +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` | +| `global.security.allowInsecureImages` | Allows skipping image verification | `false` | +| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` | ### Common parameters @@ -440,6 +441,10 @@ Find more information about how to deal with common errors related to Bitnami's ## Upgrading +### To 25.1.0 + +This version introduces image verification for security purposes. To disable it, set `global.security.allowInsecureImages` to `true`. More details at [GitHub issue](https://github.com/bitnami/charts/issues/30850). + ### To 25.0.0 This major bump updates the MariaDB subchart to version 20.0.0. This subchart updates the StatefulSet objects `serviceName` to use a headless service, as the current non-headless service attached to it was not providing DNS entries. This will cause an upgrade issue because it changes "immutable fields". To workaround it, delete the StatefulSet objects as follows (replace the RELEASE_NAME placeholder): diff --git a/bitnami/moodle/templates/NOTES.txt b/bitnami/moodle/templates/NOTES.txt index 4e54ad60c834da..cc4f7a47f5bb58 100644 --- a/bitnami/moodle/templates/NOTES.txt +++ b/bitnami/moodle/templates/NOTES.txt @@ -100,4 +100,5 @@ You can access Apache Prometheus metrics following the steps below: {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}} {{- include "common.warnings.resources" (dict "sections" (list "metrics" "" "volumePermissions") "context" $) }} -{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.volumePermissions.image .Values.metrics.image .Values.certificates.image) "context" $) }} \ No newline at end of file +{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.volumePermissions.image .Values.metrics.image .Values.certificates.image) "context" $) }} +{{- include "common.errors.insecureImages" (dict "images" (list .Values.image .Values.volumePermissions.image .Values.metrics.image .Values.certificates.image) "context" $) }} diff --git a/bitnami/moodle/values.yaml b/bitnami/moodle/values.yaml index 67ab234da0515a..05cc9ea45142f5 100644 --- a/bitnami/moodle/values.yaml +++ b/bitnami/moodle/values.yaml @@ -18,6 +18,11 @@ global: ## imagePullSecrets: [] defaultStorageClass: "" + ## Security parameters + ## + security: + ## @param global.security.allowInsecureImages Allows skipping image verification + allowInsecureImages: false ## Compatibility adaptations for Kubernetes platforms ## compatibility: