Merge pull request #1929 from mrarends/master

[jfrog-platform] Added podSecurityContext and containerSecurityContext for pre-upgrade-check migration hook container
jfrog · Oct 23, 2024 · 4df8279 · 4df8279
2 parents 3dd65a5 + 0ccf538
commit 4df8279
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 1 deletion.
diff --git a/stable/jfrog-platform/CHANGELOG.md b/stable/jfrog-platform/CHANGELOG.md
@@ -1,6 +1,9 @@
 # JFrog Platform Chart Changelog (GA releases only)
 All changes to this chart will be documented in this file.
 
+## [10.19.7] - Oct 14, 2024
+* Fixed - Added podSecurityContext and containerSecurityContext for pre-upgrade-check migration hook container
+
 ## [10.19.6] - Oct 8, 2024
 * Fixed typo to get fourth parameter for setupPostgres.sh [GH-1992](https://github.com/jfrog/charts/pull/1992)
 * Added `preUpgradeHook.tolerations`

diff --git a/stable/jfrog-platform/Chart.yaml b/stable/jfrog-platform/Chart.yaml
@@ -50,4 +50,4 @@ name: jfrog-platform
 sources:
 - https://github.com/jfrog/charts
 type: application
-version: 10.19.6
+version: 10.19.7
diff --git a/stable/jfrog-platform/templates/upgrade-hook.yaml b/stable/jfrog-platform/templates/upgrade-hook.yaml
@@ -87,13 +87,19 @@ spec:
         release: {{ .Release.Name }}
     spec:
       serviceAccountName: {{ template "jfrog-platform.fullname" . }}
+      {{- if .Values.preUpgradeHook.podSecurityContext.enabled }}
+      securityContext: {{- omit .Values.preUpgradeHook.podSecurityContext "enabled" | toYaml | nindent 8 }}
+      {{- end }}
       {{- if .Values.global.imagePullSecrets }}
       {{- include "jfrog-platform.imagePullSecrets" . | indent 6 }}
       {{- end }}
       containers:
         - name: pre-upgrade-check
           image: "{{ tpl .Values.preUpgradeHook.image.registry . }}/{{ .Values.preUpgradeHook.image.repository }}:{{ .Values.preUpgradeHook.image.tag }}"
           imagePullPolicy: {{ .Values.preUpgradeHook.image.pullPolicy }}
+          {{- if .Values.preUpgradeHook.containerSecurityContext.enabled }}
+          securityContext: {{- tpl (omit .Values.preUpgradeHook.containerSecurityContext "enabled" | toYaml) . | nindent 12 }}
+          {{- end }}
           resources:
 {{ toYaml .Values.preUpgradeHook.resources | indent 12 }}
           command:

diff --git a/stable/jfrog-platform/values.yaml b/stable/jfrog-platform/values.yaml
@@ -103,6 +103,10 @@ rabbitmq:
   image:
     repository: bitnami/rabbitmq
     tag: 3.12.10-debian-11-r1
+  podSecurityContext:
+    enabled: false
+  containerSecurityContext:
+    enabled: false
   auth:
   ## Enable encryption to rabbitmq
   ## ref: https://www.rabbitmq.com/ssl.html
@@ -242,6 +246,11 @@ artifactory:
     url: '{{ include "database.url" . }}'
     user: artifactory
     password: artifactory
+  ingress:
+    enabled: false
+  nginx:
+    service:
+      type: ""
   # Note: For artifactory Pro license, mission-control is not supported, Hence, set mc.enabled: false
   # Note: mission-control is disabled by default, this is only available for E+ customers, and can be enabled by setting mc.enabled: true
   mc:
@@ -359,6 +368,10 @@ preUpgradeHook:
     repository: bitnami/kubectl
     tag: 1.24.12
     pullPolicy: IfNotPresent
+  podSecurityContext:
+    enabled: false
+  containerSecurityContext:
+    enabled: false
   resources:
     requests:
       cpu: 5m