diff --git a/bitnami/mariadb/CHANGELOG.md b/bitnami/mariadb/CHANGELOG.md index ec0d6fd9cab0bb..49059f71830633 100644 --- a/bitnami/mariadb/CHANGELOG.md +++ b/bitnami/mariadb/CHANGELOG.md @@ -1,8 +1,12 @@ # Changelog -## 20.1.1 (2024-11-27) +## 20.2.0 (2024-12-10) -* [bitnami/mariadb] fix: :bug: Set correct TLS mountPath ([#30641](https://github.com/bitnami/charts/pull/30641)) +* [bitnami/mariadb] Detect non-standard images ([#30956](https://github.com/bitnami/charts/pull/30956)) + +## 20.1.1 (2024-11-27) + +* [bitnami/mariadb] fix: :bug: Set correct TLS mountPath (#30641) ([fc2dcd7](https://github.com/bitnami/charts/commit/fc2dcd711548553180d6fc1d5debc51f40aa4d22)), closes [#30641](https://github.com/bitnami/charts/issues/30641) ## 20.1.0 (2024-11-27) diff --git a/bitnami/mariadb/Chart.lock b/bitnami/mariadb/Chart.lock index 2e226ea906daf9..2842c22afc353a 100644 --- a/bitnami/mariadb/Chart.lock +++ b/bitnami/mariadb/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.27.0 -digest: sha256:b711ab5874abf868a0c64353a790f17771758cee6f802acb9819be004c8460af -generated: "2024-11-07T11:44:05.529563646+01:00" + version: 2.28.0 +digest: sha256:5b30f0fa07bb89b01c55fd6258c8ce22a611b13623d4ad83e8fdd1d4490adc74 +generated: "2024-12-10T17:11:48.981868+01:00" diff --git a/bitnami/mariadb/Chart.yaml b/bitnami/mariadb/Chart.yaml index 29295113120060..6c07e3d52a5f73 100644 --- a/bitnami/mariadb/Chart.yaml +++ b/bitnami/mariadb/Chart.yaml @@ -34,4 +34,4 @@ maintainers: name: mariadb sources: - https://github.com/bitnami/charts/tree/main/bitnami/mariadb -version: 20.1.1 +version: 20.2.0 diff --git a/bitnami/mariadb/README.md b/bitnami/mariadb/README.md index 27f0c32e90c44a..2f2b9fae2c3f29 100644 --- a/bitnami/mariadb/README.md +++ b/bitnami/mariadb/README.md @@ -230,12 +230,13 @@ As an alternative, this chart supports using an initContainer to change the owne ### Global parameters -| Name | Description | Value | -| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | -| `global.imageRegistry` | Global Docker Image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` | -| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` | +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `global.imageRegistry` | Global Docker Image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` | +| `global.security.allowInsecureImages` | Allows skipping image verification | `false` | +| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` | ### Common parameters @@ -671,6 +672,10 @@ Find more information about how to deal with common errors related to Bitnami's ## Upgrading +### To 20.2.0 + +This version introduces image verification for security purposes. To disable it, set `global.security.allowInsecureImages` to `true`. More details at [GitHub issue](https://github.com/bitnami/charts/issues/30850). + It's necessary to set the `auth.rootPassword` parameter when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use under the 'Administrator credentials' section. Please note down the password and run the command below to upgrade your chart: ```console diff --git a/bitnami/mariadb/templates/NOTES.txt b/bitnami/mariadb/templates/NOTES.txt index 407b523bed444f..87b33b431a4c6b 100644 --- a/bitnami/mariadb/templates/NOTES.txt +++ b/bitnami/mariadb/templates/NOTES.txt @@ -76,4 +76,5 @@ To upgrade this helm chart: {{- end }} {{- end }} {{- include "common.warnings.resources" (dict "sections" (list "metrics" "primary" "secondary" "volumePermissions") "context" $) }} -{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.volumePermissions.image .Values.metrics.image) "context" $) }} \ No newline at end of file +{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.volumePermissions.image .Values.metrics.image) "context" $) }} +{{- include "common.errors.insecureImages" (dict "images" (list .Values.image .Values.volumePermissions.image .Values.metrics.image) "context" $) }} diff --git a/bitnami/mariadb/values.yaml b/bitnami/mariadb/values.yaml index ea5e6d3dbb23f2..48a530609c3071 100644 --- a/bitnami/mariadb/values.yaml +++ b/bitnami/mariadb/values.yaml @@ -19,6 +19,11 @@ global: ## imagePullSecrets: [] defaultStorageClass: "" + ## Security parameters + ## + security: + ## @param global.security.allowInsecureImages Allows skipping image verification + allowInsecureImages: false ## Compatibility adaptations for Kubernetes platforms ## compatibility: