This is an automated email from the ASF dual-hosted git repository.
willholley pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/couchdb-helm.git
The following commit(s) were added to refs/heads/main by this push:
new d85bc67 feat(securityContext): Add the ability to set securityContext
values (#135)
d85bc67 is described below
commit d85bc6779b28fc3dc223324f233c0f5479635517
Author: bryopsida <[email protected]>
AuthorDate: Tue Jan 2 08:53:02 2024 -0600
feat(securityContext): Add the ability to set securityContext values (#135)
Adds the capability to set securityContext values at the pod and container
levels. This is needed in order to deploy into a namespace with PSA enforcing
at the restricted level.
Signed-off-by: bryopsida <[email protected]>
---
couchdb/Chart.yaml | 2 +-
couchdb/NEWS.md | 4 ++++
couchdb/README.md | 12 +++++++-----
couchdb/README.md.gotmpl | 2 ++
couchdb/templates/job.yaml | 6 ++++++
couchdb/templates/placementmanager.yaml | 6 ++++++
couchdb/templates/statefulset.yaml | 15 +++++++++++++++
7 files changed, 41 insertions(+), 6 deletions(-)
diff --git a/couchdb/Chart.yaml b/couchdb/Chart.yaml
index e04d936..01b4e57 100644
--- a/couchdb/Chart.yaml
+++ b/couchdb/Chart.yaml
@@ -1,6 +1,6 @@
apiVersion: v1
name: couchdb
-version: 4.4.5
+version: 4.5.0
appVersion: 3.3.2
description: A database featuring seamless multi-master sync, that scales from
big data to mobile, with an intuitive HTTP/JSON API and designed for
diff --git a/couchdb/NEWS.md b/couchdb/NEWS.md
index baab199..1c1e95a 100644
--- a/couchdb/NEWS.md
+++ b/couchdb/NEWS.md
@@ -1,5 +1,9 @@
# NEWS
+## 4.5.0
+
+- Add capability to set pod and container level securityContext settings.
+
## 4.4.1
- Add possibility to customize `service.targetPort` from values. Set default
to 5984.
diff --git a/couchdb/README.md b/couchdb/README.md
index a0b8690..32e8e52 100644
--- a/couchdb/README.md
+++ b/couchdb/README.md
@@ -1,6 +1,6 @@
# CouchDB
-
+
Apache CouchDB is a database featuring seamless multi-master sync, that scales
from big data to mobile, with an intuitive HTTP/JSON API and designed for
@@ -18,7 +18,7 @@ storage volumes to each Pod in the Deployment.
```bash
$ helm repo add couchdb https://apache.github.io/couchdb-helm
$ helm install couchdb/couchdb \
- --version=4.4.1 \
+ --version=4.5.0 \
--set allowAdminParty=true \
--set couchdbConfig.couchdb.uuid=$(curl
https://www.uuidgenerator.net/api/version4 2>/dev/null | tr -d -)
```
@@ -44,7 +44,7 @@ Afterwards install the chart replacing the UUID
```bash
$ helm install \
--name my-release \
- --version=4.4.1 \
+ --version=4.5.0 \
--set couchdbConfig.couchdb.uuid=decafbaddecafbaddecafbaddecafbad \
couchdb/couchdb
```
@@ -78,7 +78,7 @@ and then install the chart while overriding the
`createAdminSecret` setting:
```bash
$ helm install \
--name my-release \
- --version=4.4.1 \
+ --version=4.5.0 \
--set createAdminSecret=false \
--set couchdbConfig.couchdb.uuid=decafbaddecafbaddecafbaddecafbad \
couchdb/couchdb
@@ -133,7 +133,7 @@ version semantics. You can upgrade directly from
`stable/couchdb` to this chart
```bash
$ helm repo add couchdb https://apache.github.io/couchdb-helm
-$ helm upgrade my-release --version=4.4.1 couchdb/couchdb
+$ helm upgrade my-release --version=4.5.0 couchdb/couchdb
```
## Configuration
@@ -239,6 +239,8 @@ A variety of other parameters are also configurable. See
the comments in the
| `placementConfig.enabled` | false
|
| `placementConfig.image.repository` |
caligrafix/couchdb-autoscaler-placement-manager |
| `placementConfig.image.tag` | 0.1.0
|
+| `podSecurityContext` |
|
+| `containerSecurityContext` |
|
## Feedback, Issues, Contributing
diff --git a/couchdb/README.md.gotmpl b/couchdb/README.md.gotmpl
index b8de044..9df26cd 100644
--- a/couchdb/README.md.gotmpl
+++ b/couchdb/README.md.gotmpl
@@ -223,6 +223,8 @@ A variety of other parameters are also configurable. See
the comments in the
| `placementConfig.enabled` | false
|
| `placementConfig.image.repository` |
caligrafix/couchdb-autoscaler-placement-manager
|
| `placementConfig.image.tag` | 0.1.0
|
+| `podSecurityContext` |
|
+| `containerSecurityContext |
|
## Feedback, Issues, Contributing
diff --git a/couchdb/templates/job.yaml b/couchdb/templates/job.yaml
index 174e3ed..544955b 100644
--- a/couchdb/templates/job.yaml
+++ b/couchdb/templates/job.yaml
@@ -21,6 +21,9 @@ spec:
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
spec:
restartPolicy: OnFailure
+ {{- if .Values.podSecurityContext }}
+ securityContext: {{ .Values.podSecurityContext | toYaml | nindent 8 }}
+ {{- end }}
containers:
- name: cluster-setup
image: {{ .Values.autoSetup.image.repository }}:{{
.Values.autoSetup.image.tag }}
@@ -44,6 +47,9 @@ spec:
secretKeyRef:
name: {{ template "couchdb.fullname" . }}
key: adminPassword
+ {{- if .Values.containerSecurityContext }}
+ securityContext: {{ .Values.containerSecurityContext | toYaml |
nindent 12 }}
+ {{- end }}
backoffLimit: 2
ttlSecondsAfterFinished: 600
{{- end -}}
diff --git a/couchdb/templates/placementmanager.yaml
b/couchdb/templates/placementmanager.yaml
index b77d723..3e2f511 100644
--- a/couchdb/templates/placementmanager.yaml
+++ b/couchdb/templates/placementmanager.yaml
@@ -24,6 +24,9 @@ spec:
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
spec:
restartPolicy: OnFailure
+ {{- if .Values.podSecurityContext }}
+ securityContext: {{ .Values.podSecurityContext | toYaml | nindent 8 }}
+ {{- end }}
containers:
- name: placement-tagging-job
image: {{ .Values.placementConfig.image.repository }}:{{
.Values.placementConfig.image.tag }}
@@ -41,4 +44,7 @@ spec:
value: {{ template "couchdb.svcname" . }}
- name: COUCHDB_PORT
value: {{ .Values.service.externalPort | quote }}
+ {{- if .Values.containerSecurityContext }}
+ securityContext: {{ .Values.containerSecurityContext | toYaml |
nindent 10 }}
+ {{- end }}
{{- end -}}
diff --git a/couchdb/templates/statefulset.yaml
b/couchdb/templates/statefulset.yaml
index f5c93bd..619a46d 100644
--- a/couchdb/templates/statefulset.yaml
+++ b/couchdb/templates/statefulset.yaml
@@ -31,6 +31,9 @@ spec:
{{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}"
{{- end }}
+ {{- if .Values.podSecurityContext }}
+ securityContext: {{ .Values.podSecurityContext | toYaml | nindent 8 }}
+ {{- end }}
{{- if .Values.serviceAccount.enabled }}
serviceAccountName: {{ template "couchdb.serviceAccount" . }}
{{- end }}
@@ -51,6 +54,9 @@ spec:
mountPath: /tmp/
- name: config-storage
mountPath: /default.d
+ {{- if .Values.containerSecurityContext }}
+ securityContext: {{ .Values.containerSecurityContext | toYaml |
nindent 12 }}
+ {{- end }}
resources:
{{ toYaml .Values.initResources | indent 12 }}
{{- if .Values.adminHash }}
@@ -72,6 +78,9 @@ spec:
volumeMounts:
- name: local-config-storage
mountPath: /local.d
+ {{- if .Values.containerSecurityContext }}
+ securityContext: {{ .Values.containerSecurityContext | toYaml |
nindent 12 }}
+ {{- end }}
resources:
{{ toYaml .Values.initResources | indent 12 }}
{{- end }}
@@ -163,6 +172,9 @@ spec:
{{- end }}
- name: database-storage
mountPath: /opt/couchdb/data
+ {{- if .Values.containerSecurityContext }}
+ securityContext: {{ .Values.containerSecurityContext | toYaml |
nindent 12 }}
+ {{- end }}
{{- if .Values.enableSearch }}
- name: clouseau
image: "{{ .Values.searchImage.repository }}:{{
.Values.searchImage.tag }}"
@@ -170,6 +182,9 @@ spec:
volumeMounts:
- name: database-storage
mountPath: /opt/couchdb-search/data
+ {{- if .Values.containerSecurityContext }}
+ securityContext: {{ .Values.containerSecurityContext | toYaml |
nindent 12 }}
+ {{- end }}
{{- end }}
{{- if .Values.sidecars }}
{{ toYaml .Values.sidecars | indent 8}}
