Skip to content

Commit

Permalink
[bitnami/postgresql-ha] Detect non-standard images (#30937)
Browse files Browse the repository at this point in the history 
* [bitnami/postgresql-ha] Detect non-standard images

Signed-off-by: Carlos Rodríguez Hernández <[email protected]>

* Modify NOTES.txt

Signed-off-by: Carlos Rodríguez Hernández <[email protected]>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <[email protected]>

* Update README.md with readme-generator-for-helm

Signed-off-by: Bitnami Containers <[email protected]>

---------

Signed-off-by: Carlos Rodríguez Hernández <[email protected]>
Signed-off-by: Bitnami Containers <[email protected]>
Co-authored-by: Bitnami Containers <[email protected]>
  • Loading branch information
@bitnami-bot
Carlos Rodríguez Hernández and bitnami-bot authored Dec 10, 2024
1 parent fbbcc3f commit 5149845
Show file tree
Hide file tree
Showing 6 changed files with 41 additions and 26 deletions.
8 changes: 6 additions & 2 deletions bitnami/postgresql-ha/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,12 @@
# Changelog

## 15.0.4 (2024-12-03)
## 15.1.0 (2024-12-10)

* [bitnami/postgresql-ha] Release 15.0.4 ([#30732](https://github.com/bitnami/charts/pull/30732))
* [bitnami/postgresql-ha] Detect non-standard images ([#30937](https://github.com/bitnami/charts/pull/30937))

## <small>15.0.4 (2024-12-03)</small>

* [bitnami/postgresql-ha] Release 15.0.4 (#30732) ([dd65642](https://github.com/bitnami/charts/commit/dd6564295a9a3bf1e56ba16663ee6b6e92ff4721)), closes [#30732](https://github.com/bitnami/charts/issues/30732)

## <small>15.0.3 (2024-12-03)</small>

Expand Down
6 changes: 3 additions & 3 deletions bitnami/postgresql-ha/Chart.lock
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.27.2
digest: sha256:6fd86cc5a4b5094abca1f23c8ec064e75e51eceaded94a5e20977274b2abb576
generated: "2024-11-28T20:00:21.752734947Z"
version: 2.28.0
digest: sha256:5b30f0fa07bb89b01c55fd6258c8ce22a611b13623d4ad83e8fdd1d4490adc74
generated: "2024-12-10T17:23:56.671087+01:00"
2 changes: 1 addition & 1 deletion bitnami/postgresql-ha/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,4 +40,4 @@ maintainers:
name: postgresql-ha
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/postgresql-ha
version: 15.0.4
version: 15.1.0
43 changes: 24 additions & 19 deletions bitnami/postgresql-ha/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -342,25 +342,26 @@ A default `StorageClass` is needed in the Kubernetes cluster to dynamically prov

### Global parameters

| Name | Description | Value |
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ |
| `global.imageRegistry` | Global Docker image registry | `""` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` |
| `global.storageClass` | DEPRECATED: use global.defaultStorageClass instead | `""` |
| `global.postgresql.username` | PostgreSQL username (overrides `postgresql.username`) | `""` |
| `global.postgresql.password` | PostgreSQL password (overrides `postgresql.password`) | `""` |
| `global.postgresql.database` | PostgreSQL database (overrides `postgresql.database`) | `""` |
| `global.postgresql.repmgrUsername` | PostgreSQL repmgr username (overrides `postgresql.repmgrUsername`) | `""` |
| `global.postgresql.repmgrPassword` | PostgreSQL repmgr password (overrides `postgresql.repmgrpassword`) | `""` |
| `global.postgresql.repmgrDatabase` | PostgreSQL repmgr database (overrides `postgresql.repmgrDatabase`) | `""` |
| `global.postgresql.existingSecret` | Name of existing secret to use for PostgreSQL passwords (overrides `postgresql.existingSecret`) | `""` |
| `global.ldap.bindpw` | LDAP bind password (overrides `ldap.bindpw`) | `""` |
| `global.ldap.existingSecret` | Name of existing secret to use for LDAP passwords (overrides `ldap.existingSecret`) | `""` |
| `global.pgpool.adminUsername` | Pgpool Admin username (overrides `pgpool.adminUsername`) | `""` |
| `global.pgpool.adminPassword` | Pgpool Admin password (overrides `pgpool.adminPassword`) | `""` |
| `global.pgpool.existingSecret` | Pgpool existing secret | `""` |
| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` |
| Name | Description | Value |
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
| `global.imageRegistry` | Global Docker image registry | `""` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` |
| `global.storageClass` | DEPRECATED: use global.defaultStorageClass instead | `""` |
| `global.postgresql.username` | PostgreSQL username (overrides `postgresql.username`) | `""` |
| `global.postgresql.password` | PostgreSQL password (overrides `postgresql.password`) | `""` |
| `global.postgresql.database` | PostgreSQL database (overrides `postgresql.database`) | `""` |
| `global.postgresql.repmgrUsername` | PostgreSQL repmgr username (overrides `postgresql.repmgrUsername`) | `""` |
| `global.postgresql.repmgrPassword` | PostgreSQL repmgr password (overrides `postgresql.repmgrpassword`) | `""` |
| `global.postgresql.repmgrDatabase` | PostgreSQL repmgr database (overrides `postgresql.repmgrDatabase`) | `""` |
| `global.postgresql.existingSecret` | Name of existing secret to use for PostgreSQL passwords (overrides `postgresql.existingSecret`) | `""` |
| `global.ldap.bindpw` | LDAP bind password (overrides `ldap.bindpw`) | `""` |
| `global.ldap.existingSecret` | Name of existing secret to use for LDAP passwords (overrides `ldap.existingSecret`) | `""` |
| `global.pgpool.adminUsername` | Pgpool Admin username (overrides `pgpool.adminUsername`) | `""` |
| `global.pgpool.adminPassword` | Pgpool Admin password (overrides `pgpool.adminPassword`) | `""` |
| `global.pgpool.existingSecret` | Pgpool existing secret | `""` |
| `global.security.allowInsecureImages` | Allows skipping image verification | `false` |
| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` |

### Common parameters

Expand Down Expand Up @@ -985,6 +986,10 @@ Find more information about how to deal with common errors related to Bitnami's

## Upgrading

### To 15.1.0

This version introduces image verification for security purposes. To disable it, set `global.security.allowInsecureImages` to `true`. More details at [GitHub issue](https://github.com/bitnami/charts/issues/30850).

It's necessary to specify the existing passwords while performing a upgrade to ensure the secrets are not updated with invalid randomly generated passwords. Remember to specify the existing values of the `postgresql.password` and `postgresql.repmgrPassword` parameters when upgrading the chart:

```console
Expand Down
3 changes: 2 additions & 1 deletion bitnami/postgresql-ha/templates/NOTES.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,4 +108,5 @@ To connect to your database from outside the cluster execute the following comma

{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}}
{{- include "common.warnings.resources" (dict "sections" (list "metrics" "pgpool" "postgresql" "volumePermissions" "witness") "context" $) }}
{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.postgresql.image .Values.pgpool.image .Values.metrics.image .Values.volumePermissions.image) "context" $) }}
{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.postgresql.image .Values.pgpool.image .Values.metrics.image .Values.volumePermissions.image) "context" $) }}
{{- include "common.errors.insecureImages" (dict "images" (list .Values.postgresql.image .Values.pgpool.image .Values.metrics.image .Values.volumePermissions.image) "context" $) }}
5 changes: 5 additions & 0 deletions bitnami/postgresql-ha/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,11 @@ global:
imagePullSecrets: []
defaultStorageClass: ""
storageClass: ""
## Security parameters
##
security:
## @param global.security.allowInsecureImages Allows skipping image verification
allowInsecureImages: false
postgresql:
username: ""
password: ""
Expand Down

0 comments on commit 5149845

Please sign in to comment.