From 0ccf5382800471dcae7983f277494d963bdb54b0 Mon Sep 17 00:00:00 2001 From: Mark Arends Date: Mon, 14 Oct 2024 11:35:31 +0200 Subject: [PATCH] * Fixed - Added podSecurityContext and containerSecurityContext for pre-upgrade-check migration hook container --- stable/jfrog-platform/CHANGELOG.md | 3 +++ stable/jfrog-platform/Chart.yaml | 2 +- stable/jfrog-platform/templates/upgrade-hook.yaml | 6 ++++++ stable/jfrog-platform/values.yaml | 13 +++++++++++++ 4 files changed, 23 insertions(+), 1 deletion(-) diff --git a/stable/jfrog-platform/CHANGELOG.md b/stable/jfrog-platform/CHANGELOG.md index 3abcac574..12cfac1b4 100644 --- a/stable/jfrog-platform/CHANGELOG.md +++ b/stable/jfrog-platform/CHANGELOG.md @@ -1,6 +1,9 @@ # JFrog Platform Chart Changelog (GA releases only) All changes to this chart will be documented in this file. +## [10.19.7] - Oct 14, 2024 +* Fixed - Added podSecurityContext and containerSecurityContext for pre-upgrade-check migration hook container + ## [10.19.6] - Oct 8, 2024 * Fixed typo to get fourth parameter for setupPostgres.sh [GH-1992](https://github.com/jfrog/charts/pull/1992) * Added `preUpgradeHook.tolerations` diff --git a/stable/jfrog-platform/Chart.yaml b/stable/jfrog-platform/Chart.yaml index 15a0b0a5c..0b3c69f6e 100644 --- a/stable/jfrog-platform/Chart.yaml +++ b/stable/jfrog-platform/Chart.yaml @@ -50,4 +50,4 @@ name: jfrog-platform sources: - https://github.com/jfrog/charts type: application -version: 10.19.6 +version: 10.19.7 diff --git a/stable/jfrog-platform/templates/upgrade-hook.yaml b/stable/jfrog-platform/templates/upgrade-hook.yaml index 18873021d..aab5080f2 100644 --- a/stable/jfrog-platform/templates/upgrade-hook.yaml +++ b/stable/jfrog-platform/templates/upgrade-hook.yaml @@ -87,6 +87,9 @@ spec: release: {{ .Release.Name }} spec: serviceAccountName: {{ template "jfrog-platform.fullname" . }} + {{- if .Values.preUpgradeHook.podSecurityContext.enabled }} + securityContext: {{- omit .Values.preUpgradeHook.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} {{- if .Values.global.imagePullSecrets }} {{- include "jfrog-platform.imagePullSecrets" . | indent 6 }} {{- end }} @@ -94,6 +97,9 @@ spec: - name: pre-upgrade-check image: "{{ tpl .Values.preUpgradeHook.image.registry . }}/{{ .Values.preUpgradeHook.image.repository }}:{{ .Values.preUpgradeHook.image.tag }}" imagePullPolicy: {{ .Values.preUpgradeHook.image.pullPolicy }} + {{- if .Values.preUpgradeHook.containerSecurityContext.enabled }} + securityContext: {{- tpl (omit .Values.preUpgradeHook.containerSecurityContext "enabled" | toYaml) . | nindent 12 }} + {{- end }} resources: {{ toYaml .Values.preUpgradeHook.resources | indent 12 }} command: diff --git a/stable/jfrog-platform/values.yaml b/stable/jfrog-platform/values.yaml index aac6495f6..9896bac01 100644 --- a/stable/jfrog-platform/values.yaml +++ b/stable/jfrog-platform/values.yaml @@ -103,6 +103,10 @@ rabbitmq: image: repository: bitnami/rabbitmq tag: 3.12.10-debian-11-r1 + podSecurityContext: + enabled: false + containerSecurityContext: + enabled: false auth: ## Enable encryption to rabbitmq ## ref: https://www.rabbitmq.com/ssl.html @@ -242,6 +246,11 @@ artifactory: url: '{{ include "database.url" . }}' user: artifactory password: artifactory + ingress: + enabled: false + nginx: + service: + type: "" # Note: For artifactory Pro license, mission-control is not supported, Hence, set mc.enabled: false # Note: mission-control is disabled by default, this is only available for E+ customers, and can be enabled by setting mc.enabled: true mc: @@ -359,6 +368,10 @@ preUpgradeHook: repository: bitnami/kubectl tag: 1.24.12 pullPolicy: IfNotPresent + podSecurityContext: + enabled: false + containerSecurityContext: + enabled: false resources: requests: cpu: 5m