From 2641c0ede1066b104006c077cd52be6816a2acfd Mon Sep 17 00:00:00 2001 From: soharab-ic <156293296+soharab-ic@users.noreply.github.com> Date: Mon, 2 Sep 2024 15:19:45 +0530 Subject: [PATCH] Release v1.20.4 (#98) Signed-off-by: Md Soharab Ansari --- charts/fission-all/Chart.yaml | 4 ++-- .../templates/fluentbit/fluentbit.yaml | 5 ++--- charts/fission-all/values.yaml | 21 ++++++++++++++----- 3 files changed, 20 insertions(+), 10 deletions(-) diff --git a/charts/fission-all/Chart.yaml b/charts/fission-all/Chart.yaml index 2146910..2e83501 100644 --- a/charts/fission-all/Chart.yaml +++ b/charts/fission-all/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: fission-all -version: v1.20.3 -appVersion: v1.20.3 +version: v1.20.4 +appVersion: v1.20.4 description: Fission is a fast serverless framework for Kubernetes. kubeVersion: ">=1.25.0-0" home: https://fission.io/ diff --git a/charts/fission-all/templates/fluentbit/fluentbit.yaml b/charts/fission-all/templates/fluentbit/fluentbit.yaml index 92ec770..9718fe9 100644 --- a/charts/fission-all/templates/fluentbit/fluentbit.yaml +++ b/charts/fission-all/templates/fluentbit/fluentbit.yaml @@ -118,6 +118,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: spec.nodeName + {{- include "fission-resource-namespace.envs" . | indent 12 }} command: ["/fission-bundle"] args: ["--logger"] volumeMounts: @@ -127,10 +128,8 @@ spec: - name: docker-log mountPath: /var/lib/docker/containers readOnly: true -{{- if .Values.logger.enableSecurityContext }} securityContext: - privileged: true -{{- end }} + {{- toYaml .Values.logger.securityContext | nindent 12 }} - name: fluentbit {{- if .Values.repository }} image: "{{ .Values.logger.fluentdImageRepository }}/{{ .Values.logger.fluentdImage }}:{{ .Values.logger.fluentdImageTag }}" diff --git a/charts/fission-all/values.yaml b/charts/fission-all/values.yaml index f0b668f..881ad56 100644 --- a/charts/fission-all/values.yaml +++ b/charts/fission-all/values.yaml @@ -25,7 +25,7 @@ image: fission/fission-bundle ## It is also used by the chart to identify version of the few more images apart from fission-bundle. ## Keep it empty for using latest tag. ## -imageTag: v1.20.3 +imageTag: v1.20.4 ## pullPolicy represents the pull policy to use for images in the chart. ## @@ -106,7 +106,7 @@ fetcher: ## image represents the image of the fetcher component. image: fission/fetcher ## imageTag represents the tag of the image of the fetcher component. - imageTag: v1.20.3 + imageTag: v1.20.4 ## Fetcher is only for to downloading or uploading archive. ## Normally, you don't need to change the value here, unless necessary. @@ -620,11 +620,22 @@ logger: ## Fluent-bit writes/reads it’s own sqlite database to record a history of tracked ## files and a state of offsets, this is very useful to resume a state if the ser- - ## vice is restarted. For Kubernetes environment with constraints like OpenShift, + ## vice is restarted. + ## + ## For Kubernetes environment with constraints like OpenShift, ## the containers are limited to write hostPath volume. Hence, we have to enable ## security context and set privileged to true. ## - enableSecurityContext: false + ## The user ID in runAsUser should have access to the `/var/log` and + ## `/var/lib/docker/containers` directories on your host. + ## On many hosts, this user might be root ,i.e., `runAsUser: 0`. + ## Although it is recommended not to use root user for security reasons. + ## + ## The `/var/log` and `/var/lib/docker/containers` directories on host are mounted + ## to logger container with volumeType `HostPath`. + securityContext: {} + # privileged: true + # runAsUser: 0 ## Enable PodSecurityPolicies to allow privileged container ## Only required in some clusters and when enableSecurityContext is true @@ -663,7 +674,7 @@ preUpgradeChecks: image: fission/pre-upgrade-checks ## pre-install/pre-upgrade checks image version ## - imageTag: v1.20.3 + imageTag: v1.20.4 ## Fission post-install/post-upgrade reporting live in this image ##