diff --git a/charts/gotenberg/CHANGELOG.md b/charts/gotenberg/CHANGELOG.md index 01e3d59..d56a599 100644 --- a/charts/gotenberg/CHANGELOG.md +++ b/charts/gotenberg/CHANGELOG.md @@ -1,5 +1,10 @@ # Changelog +## 1.3.0 + +- Add `securityContext` compatibility with OpenShift platform. (Thanks to Jonas Geiler | [@jonasgeiler](https://github.com/jonasgeiler)) +- Bump `gotenberg` version `8.5.0` -> `8.5.1`. + ## 1.2.0 - Bump `gotenberg` version `8.1.0` -> `8.5.0`. diff --git a/charts/gotenberg/Chart.yaml b/charts/gotenberg/Chart.yaml index 3651320..79c9488 100644 --- a/charts/gotenberg/Chart.yaml +++ b/charts/gotenberg/Chart.yaml @@ -16,13 +16,13 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: "1.2.0" +version: "1.3.0" # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "8.5.0" +appVersion: "8.5.1" keywords: - gotenberg diff --git a/charts/gotenberg/README.md b/charts/gotenberg/README.md index 697846f..6037f10 100644 --- a/charts/gotenberg/README.md +++ b/charts/gotenberg/README.md @@ -1,7 +1,7 @@ # Gotenberg [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/gotenberg)](https://artifacthub.io/packages/helm/maikumori/gotenberg) -![Version: 1.2.0](https://img.shields.io/badge/Version-1.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 8.5.0](https://img.shields.io/badge/AppVersion-8.5.0-informational?style=flat-square) +![Version: 1.3.0](https://img.shields.io/badge/Version-1.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 8.5.1](https://img.shields.io/badge/AppVersion-8.5.1-informational?style=flat-square) This is a HELM chart for Gotenberg. @@ -110,8 +110,7 @@ helm upgrade my-release maikumori/gotenberg --install | prometheus.namespace | string | `""` | Set the namespace of modules' metrics (default "gotenberg") | | replicaCount | int | `1` | | | resources | object | `{}` | | -| securityContext.privileged | bool | `false` | | -| securityContext.runAsUser | int | `1001` | | +| securityContext | object | `{ privileged: false, runAsUser: 1001 }`, except in OpenShift where `runAsUser` is not set. | Define the security context for the container. By default will use upstream recommended values. | | service.port | int | `80` | | | service.type | string | `"ClusterIP"` | | | serviceAccount.annotations | object | `{}` | Annotations to add to the service account | diff --git a/charts/gotenberg/templates/_helpers.tpl b/charts/gotenberg/templates/_helpers.tpl index af45816..c4b1ebe 100644 --- a/charts/gotenberg/templates/_helpers.tpl +++ b/charts/gotenberg/templates/_helpers.tpl @@ -60,3 +60,25 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{/* +Create a security context + +If .Values.securityContext is set, use it. Otherwise, use the defaults. + +Defaults: +If we detect OpenShift, we remove the "runAsUser", fsGroup, "runAsGroup" fields since they're not supported. +And apply recommended settings from upstream project. +*/}} +{{- define "gotenberg.securityContext" -}} +{{- if .Values.securityContext }} +{{- toYaml .Values.securityContext }} +{{- else}} +{{- if .Capabilities.APIVersions.Has "security.openshift.io/v1" -}} +privileged: false +{{- else -}} +privileged: false +runAsUser: 1001 +{{- end}} +{{- end}} +{{- end}} diff --git a/charts/gotenberg/templates/deployment.yaml b/charts/gotenberg/templates/deployment.yaml index 5b5b53e..55e1bf8 100644 --- a/charts/gotenberg/templates/deployment.yaml +++ b/charts/gotenberg/templates/deployment.yaml @@ -32,8 +32,8 @@ spec: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} + securityContext: + {{- include "gotenberg.securityContext" . | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} args: diff --git a/charts/gotenberg/values.yaml b/charts/gotenberg/values.yaml index f36aa59..335947d 100644 --- a/charts/gotenberg/values.yaml +++ b/charts/gotenberg/values.yaml @@ -32,9 +32,10 @@ podSecurityContext: {} # fsGroup: 2000 +# -- Define the security context for the container. By default will use upstream recommended values. +# @default -- `{ privileged: false, runAsUser: 1001 }`, except in OpenShift where `runAsUser` is not set. securityContext: - privileged: false - runAsUser: 1001 + {} service: type: ClusterIP