From a4d9265e61197d5ed5e6c4a0f85ce7460abd4a66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 10 Dec 2024 21:53:06 +0100 Subject: [PATCH] [bitnami/seaweedfs] Detect non-standard images (#30967) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [bitnami/seaweedfs] Detect non-standard images Signed-off-by: Carlos Rodríguez Hernández * Modify values Signed-off-by: Carlos Rodríguez Hernández * Update CHANGELOG.md Signed-off-by: Bitnami Containers * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Containers --------- Signed-off-by: Carlos Rodríguez Hernández Signed-off-by: Bitnami Containers Co-authored-by: Bitnami Containers --- bitnami/seaweedfs/CHANGELOG.md | 11 +++++++++-- bitnami/seaweedfs/Chart.lock | 8 ++++---- bitnami/seaweedfs/Chart.yaml | 2 +- bitnami/seaweedfs/README.md | 17 +++++++++++------ bitnami/seaweedfs/templates/NOTES.txt | 1 + bitnami/seaweedfs/values.yaml | 5 +++++ 6 files changed, 31 insertions(+), 13 deletions(-) diff --git a/bitnami/seaweedfs/CHANGELOG.md b/bitnami/seaweedfs/CHANGELOG.md index 66b06c3d279f00..e880917876b0c3 100644 --- a/bitnami/seaweedfs/CHANGELOG.md +++ b/bitnami/seaweedfs/CHANGELOG.md @@ -1,8 +1,15 @@ # Changelog -## 4.1.2 (2024-12-04) +## 4.2.0 (2024-12-10) -* [bitnami/seaweedfs] Release 4.1.2 ([#30778](https://github.com/bitnami/charts/pull/30778)) +* [bitnami/seaweedfs] Detect non-standard images ([#30967](https://github.com/bitnami/charts/pull/30967)) + +## 4.1.2 (2024-12-04) + +* [bitnami/*] docs: :memo: Add "Backup & Restore" section (#30711) ([35ab536](https://github.com/bitnami/charts/commit/35ab5363741e7548f4076f04da6e62d10153c60c)), closes [#30711](https://github.com/bitnami/charts/issues/30711) +* [bitnami/*] docs: :memo: Add "Prometheus metrics" (batch 6) (#30675) ([7b9cd04](https://github.com/bitnami/charts/commit/7b9cd04c2ffc730a0d62da787f2d4967c0ede47c)), closes [#30675](https://github.com/bitnami/charts/issues/30675) +* [bitnami/*] docs: :memo: Add "Update Credentials" (batch 3) (#30688) ([10a49f9](https://github.com/bitnami/charts/commit/10a49f9ff2db1d9d11a6edd1c40a9f61803241bc)), closes [#30688](https://github.com/bitnami/charts/issues/30688) +* [bitnami/seaweedfs] Release 4.1.2 (#30778) ([7342074](https://github.com/bitnami/charts/commit/7342074fd2562d7a024407a0275c62affee0181a)), closes [#30778](https://github.com/bitnami/charts/issues/30778) ## 4.1.1 (2024-11-18) diff --git a/bitnami/seaweedfs/Chart.lock b/bitnami/seaweedfs/Chart.lock index 8bc34536356d14..86b4233d9cade3 100644 --- a/bitnami/seaweedfs/Chart.lock +++ b/bitnami/seaweedfs/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 20.1.1 - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 16.2.4 + version: 16.2.5 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.27.2 -digest: sha256:671ea8a89b7da17674d487d0849b007e0fa8f2c648917b662ccedcb336234e6e -generated: "2024-12-04T04:04:10.540738656Z" + version: 2.28.0 +digest: sha256:cbd98cbda65a325af2a33ee1c4eebc7d3333079866c6b5abe3c4bd751cb77884 +generated: "2024-12-10T17:28:31.712053+01:00" diff --git a/bitnami/seaweedfs/Chart.yaml b/bitnami/seaweedfs/Chart.yaml index 577f2b4b55dbc3..22221bd73e6bb4 100644 --- a/bitnami/seaweedfs/Chart.yaml +++ b/bitnami/seaweedfs/Chart.yaml @@ -50,4 +50,4 @@ name: seaweedfs sources: - https://github.com/bitnami/charts/tree/main/bitnami/seawwedfs - https://github.com/bitnami/containers/tree/main/bitnami/seaweedfs -version: 4.1.2 +version: 4.2.0 diff --git a/bitnami/seaweedfs/README.md b/bitnami/seaweedfs/README.md index fcfc3cdbfee10d..3fdbbd188adc88 100644 --- a/bitnami/seaweedfs/README.md +++ b/bitnami/seaweedfs/README.md @@ -242,12 +242,13 @@ If you encounter errors when working with persistent volumes, refer to our [trou ### Global parameters -| Name | Description | Value | -| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` | -| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` | +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` | +| `global.security.allowInsecureImages` | Allows skipping image verification | `false` | +| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` | ### Common parameters @@ -1199,6 +1200,10 @@ helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/seawe ## Upgrading +### To 4.2.0 + +This version introduces image verification for security purposes. To disable it, set `global.security.allowInsecureImages` to `true`. More details at [GitHub issue](https://github.com/bitnami/charts/issues/30850). + ### To 4.0.0 This major bump updates the MariaDB subchart to version 20.0.0. This subchart updates the StatefulSet objects `serviceName` to use a headless service, as the current non-headless service attached to it was not providing DNS entries. This will cause an upgrade issue because it changes "immutable fields". To workaround it, delete the StatefulSet objects as follows (replace the RELEASE_NAME placeholder): diff --git a/bitnami/seaweedfs/templates/NOTES.txt b/bitnami/seaweedfs/templates/NOTES.txt index e09ae7db34c9ec..341587f4d2e23e 100644 --- a/bitnami/seaweedfs/templates/NOTES.txt +++ b/bitnami/seaweedfs/templates/NOTES.txt @@ -172,3 +172,4 @@ The chart was deployed enabling WebDAV, to access it from outside the cluster fo {{- include "common.warnings.rollingTag" .Values.postgresql.image }} {{- include "seaweedfs.validateValues" . }} {{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.volumePermissions.image .Values.mariadb.image .Values.postgresql.image) "context" $) }} +{{- include "common.errors.insecureImages" (dict "images" (list .Values.image .Values.volumePermissions.image .Values.mariadb.image .Values.postgresql.image) "context" $) }} diff --git a/bitnami/seaweedfs/values.yaml b/bitnami/seaweedfs/values.yaml index f26751f718f15b..cbe833459d19a5 100644 --- a/bitnami/seaweedfs/values.yaml +++ b/bitnami/seaweedfs/values.yaml @@ -19,6 +19,11 @@ global: ## imagePullSecrets: [] defaultStorageClass: "" + ## Security parameters + ## + security: + ## @param global.security.allowInsecureImages Allows skipping image verification + allowInsecureImages: false ## Compatibility adaptations for Kubernetes platforms ## compatibility: