[COMMON] Fix Kyverno Policies
common:
- Add settings to common pod templates and fix Cassandra
serviceMesh and MariaDB operator templates
- Added template for mongodb
- Empty lines to files added
readinessCheck:
- Add missing security settings
mariadb-init:
- add security settings in job
cassandra:
- Empty lines added to files
mongodb:
- make emptyDir volume size configurable
others:
- update chart dependency for mongodb in components
- fix linter errors in all files
Issue-ID: OOM-3295
Issue-ID: OOM-3296
Change-Id: Ieb64be337013e0477f7aaca9c75bb6a3f3264848
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
diff --git a/kubernetes/common/cassandra/.helmignore b/kubernetes/common/cassandra/.helmignore
new file mode 100644
index 0000000..0bab41b
--- /dev/null
+++ b/kubernetes/common/cassandra/.helmignore
@@ -0,0 +1,32 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
diff --git a/kubernetes/common/cassandra/Chart.yaml b/kubernetes/common/cassandra/Chart.yaml
index ee3f4e5..81f5c5d 100644
--- a/kubernetes/common/cassandra/Chart.yaml
+++ b/kubernetes/common/cassandra/Chart.yaml
@@ -30,4 +30,4 @@
- name: serviceAccount
version: ~13.x-0
repository: 'file://../serviceAccount'
- condition: global.cassandra.enableServiceAccount
\ No newline at end of file
+ condition: global.cassandra.enableServiceAccount
diff --git a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh
index f9f6273..50051b4 100644
--- a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh
+++ b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh
@@ -93,4 +93,3 @@
fi
exec "$@"
-
diff --git a/kubernetes/common/cassandra/resources/exec.py b/kubernetes/common/cassandra/resources/exec.py
index a7f2973..ec2f0b4 100644
--- a/kubernetes/common/cassandra/resources/exec.py
+++ b/kubernetes/common/cassandra/resources/exec.py
@@ -118,5 +118,3 @@
if __name__ == "__main__":
main(sys.argv[1:])
-
-
diff --git a/kubernetes/common/cassandra/templates/backup/cronjob.yaml b/kubernetes/common/cassandra/templates/backup/cronjob.yaml
index 6db1202..263ac28 100644
--- a/kubernetes/common/cassandra/templates/backup/cronjob.yaml
+++ b/kubernetes/common/cassandra/templates/backup/cronjob.yaml
@@ -250,4 +250,4 @@
persistentVolumeClaim:
claimName: {{ include "common.fullname" . }}-backup-data
{{- end -}}
-{{- end -}}
\ No newline at end of file
+{{- end -}}
diff --git a/kubernetes/common/cassandra/templates/cassOp.yaml b/kubernetes/common/cassandra/templates/cassOp.yaml
index 9f463ad..6b7052d 100644
--- a/kubernetes/common/cassandra/templates/cassOp.yaml
+++ b/kubernetes/common/cassandra/templates/cassOp.yaml
@@ -16,4 +16,4 @@
{{- if .Values.global.cassandra.useOperator }}
{{ include "common.k8ssandraCluster" . }}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/cassandra/templates/configmap.yaml b/kubernetes/common/cassandra/templates/configmap.yaml
index 5510986..117100a 100644
--- a/kubernetes/common/cassandra/templates/configmap.yaml
+++ b/kubernetes/common/cassandra/templates/configmap.yaml
@@ -26,4 +26,4 @@
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/docker-entrypoint.sh").AsConfig . | indent 2 }}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/cassandra/templates/pv.yaml b/kubernetes/common/cassandra/templates/pv.yaml
index d18e51d..00e61d3 100644
--- a/kubernetes/common/cassandra/templates/pv.yaml
+++ b/kubernetes/common/cassandra/templates/pv.yaml
@@ -15,4 +15,4 @@
*/}}
{{- if not .Values.global.cassandra.useOperator }}
{{ include "common.replicaPV" . }}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/cassandra/templates/secrets.yaml b/kubernetes/common/cassandra/templates/secrets.yaml
index 5a611a9..181e5f9 100644
--- a/kubernetes/common/cassandra/templates/secrets.yaml
+++ b/kubernetes/common/cassandra/templates/secrets.yaml
@@ -18,4 +18,4 @@
{{- if .Values.global.cassandra.useOperator }}
{{ include "common.secretFast" . }}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/cassandra/templates/service.yaml b/kubernetes/common/cassandra/templates/service.yaml
index 8b2e534..6b6f585 100644
--- a/kubernetes/common/cassandra/templates/service.yaml
+++ b/kubernetes/common/cassandra/templates/service.yaml
@@ -16,4 +16,4 @@
{{- if not .Values.global.cassandra.useOperator }}
{{ include "common.headlessService" . }}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/cassandra/templates/servicemonitor.yaml b/kubernetes/common/cassandra/templates/servicemonitor.yaml
index 0781073..57f4d3f 100644
--- a/kubernetes/common/cassandra/templates/servicemonitor.yaml
+++ b/kubernetes/common/cassandra/templates/servicemonitor.yaml
@@ -18,4 +18,4 @@
{{- if .Values.metrics.serviceMonitor.enabled }}
{{ include "common.serviceMonitor" . }}
{{- end }}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml
index ddaff5c..d76dde3 100644
--- a/kubernetes/common/cassandra/templates/statefulset.yaml
+++ b/kubernetes/common/cassandra/templates/statefulset.yaml
@@ -199,4 +199,4 @@
requests:
storage: {{ .Values.persistence.size | quote }}
{{- end }}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/common/.helmignore b/kubernetes/common/common/.helmignore
new file mode 100644
index 0000000..f066c4b
--- /dev/null
+++ b/kubernetes/common/common/.helmignore
@@ -0,0 +1,32 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.local/
+.config/
+# OOM specific dirs
+components/
diff --git a/kubernetes/common/common/Chart.yaml b/kubernetes/common/common/Chart.yaml
index ffcda67..787930a 100644
--- a/kubernetes/common/common/Chart.yaml
+++ b/kubernetes/common/common/Chart.yaml
@@ -12,8 +12,8 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
+---
apiVersion: v2
description: Common templates for inclusion in other charts
name: common
-version: 13.2.0
+version: 13.2.1
diff --git a/kubernetes/common/common/templates/_affinities.tpl b/kubernetes/common/common/templates/_affinities.tpl
index bf7ae49..69d0e78 100644
--- a/kubernetes/common/common/templates/_affinities.tpl
+++ b/kubernetes/common/common/templates/_affinities.tpl
@@ -106,4 +106,4 @@
{{- else if eq .type "hard" }}
{{- include "common.affinities.pods.hard" . -}}
{{- end -}}
-{{- end -}}
\ No newline at end of file
+{{- end -}}
diff --git a/kubernetes/common/common/templates/_cassOp.tpl b/kubernetes/common/common/templates/_cassOp.tpl
index b0cf8e3..bdcf5ca 100644
--- a/kubernetes/common/common/templates/_cassOp.tpl
+++ b/kubernetes/common/common/templates/_cassOp.tpl
@@ -111,13 +111,18 @@
name: {{ $datacenter.name }}
size: {{ $datacenter.size }}
{{- end }}
- {{ if .Values.podAnnotations -}}
+ podSecurityContext:
+ fsGroup: 999
+ runAsGroup: 999
+ runAsUser: 999
+ runAsNonRoot: true
metadata:
+ {{ if .Values.podAnnotations -}}
pods:
annotations:
{{ toYaml .Values.podAnnotations | nindent 10 }}
+ {{- end }}
commonLabels:
app: {{ .Values.k8ssandraOperator.config.clusterName }}
version: {{ .Values.k8ssandraOperator.cassandraVersion }}
- {{- end }}
{{ end }}
diff --git a/kubernetes/common/common/templates/_dmaapProvisioning.tpl b/kubernetes/common/common/templates/_dmaapProvisioning.tpl
index e7b90ea..f162e9a 100644
--- a/kubernetes/common/common/templates/_dmaapProvisioning.tpl
+++ b/kubernetes/common/common/templates/_dmaapProvisioning.tpl
@@ -115,4 +115,4 @@
{{- include "common.dmaap.provisioning._volumeMounts" $dot | trim | nindent 2 }}
resources: {{ include "common.resources" $dot | nindent 4 }}
{{- end -}}
-{{- end -}}
\ No newline at end of file
+{{- end -}}
diff --git a/kubernetes/common/common/templates/_log.tpl b/kubernetes/common/common/templates/_log.tpl
index 993c482..dc900dd 100644
--- a/kubernetes/common/common/templates/_log.tpl
+++ b/kubernetes/common/common/templates/_log.tpl
@@ -59,4 +59,3 @@
{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }}
{{- end }}
{{- end -}}
-
diff --git a/kubernetes/common/common/templates/_mariadb.tpl b/kubernetes/common/common/templates/_mariadb.tpl
index 3092298..0e46e5e 100644
--- a/kubernetes/common/common/templates/_mariadb.tpl
+++ b/kubernetes/common/common/templates/_mariadb.tpl
@@ -257,6 +257,29 @@
runAsUser: 10001
runAsGroup: 10001
fsGroup: 10001
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ securityContext:
+ readOnlyRootFilesystem: true
+ privileged: false
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
+ volumes:
+ - name: run
+ emptyDir:
+ sizeLimit: 64Mi
+ - name: tmp
+ emptyDir:
+ sizeLimit: 64Mi
+ volumeMounts:
+ - name: run
+ mountPath: /run/mysqld
+ - name: tmp
+ mountPath: /tmp
inheritMetadata:
{{ if .Values.podAnnotations -}}
annotations: {{ toYaml .Values.podAnnotations | nindent 6 }}
@@ -288,6 +311,17 @@
enabled: true
authDelegatorRoleName: {{ $dbinst }}-auth
gracefulShutdownTimeout: 5s
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
+ privileged: false
+ runAsNonRoot: true
+ runAsUser: 10001
+ seccompProfile:
+ type: RuntimeDefault
primary:
automaticFailover: true
podIndex: 0
@@ -301,6 +335,17 @@
initContainer:
image: {{ include "repositoryGenerator.githubContainerRegistry" . }}/{{ $dot.Values.mariadbOperator.galera.initImage }}:{{ $dot.Values.mariadbOperator.galera.initVersion }}
imagePullPolicy: IfNotPresent
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
+ privileged: false
+ runAsNonRoot: true
+ runAsUser: 10001
+ seccompProfile:
+ type: RuntimeDefault
config:
reuseStorageVolume: false
volumeClaimTemplate:
@@ -334,6 +379,31 @@
{{- if default false $dot.Values.global.metrics.enabled }}
metrics:
enabled: true
+ exporter:
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/prom/mysqld-exporter:v0.15.1
+ port: 9104
+ podSecurityContext:
+ fsGroup: 10001
+ runAsGroup: 10001
+ runAsUser: 10001
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ securityContext:
+ readOnlyRootFilesystem: true
+ privileged: false
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
+ resources:
+ limits:
+ cpu: 100m
+ memory: 128Mi
+ requests:
+ cpu: 100m
+ memory: 128Mi
{{- end }}
affinity:
podAntiAffinity:
diff --git a/kubernetes/common/common/templates/_mongodb.tpl b/kubernetes/common/common/templates/_mongodb.tpl
new file mode 100644
index 0000000..80d8d72
--- /dev/null
+++ b/kubernetes/common/common/templates/_mongodb.tpl
@@ -0,0 +1,165 @@
+{{/*
+# Copyright © 2019 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{/*
+ UID of mongodb root password
+*/}}
+{{- define "common.mongodb.secret.rootPassUID" -}}
+ {{- printf "db-root-password" }}
+{{- end -}}
+
+{{/*
+ Name of mongodb secret
+*/}}
+{{- define "common.mongodb.secret._secretName" -}}
+ {{- $global := .dot }}
+ {{- $chartName := tpl .chartName $global -}}
+ {{- include "common.secret.genName" (dict "global" $global "uid" (include .uidTemplate $global) "chartName" $chartName) }}
+{{- end -}}
+
+{{/*
+ Name of mongodb root password secret
+*/}}
+{{- define "common.mongodb.secret.rootPassSecretName" -}}
+ {{- include "common.mongodb.secret._secretName" (set . "uidTemplate" "common.mongodb.secret.rootPassUID") }}
+{{- end -}}
+
+{{/*
+ UID of mongodb user credentials
+*/}}
+{{- define "common.mongodb.secret.userCredentialsUID" -}}
+ {{- printf "db-user-credentials" }}
+{{- end -}}
+
+{{/*
+ Name of mongodb user credentials secret
+*/}}
+{{- define "common.mongodb.secret.userCredentialsSecretName" -}}
+ {{- include "common.mongodb.secret._secretName" (set . "uidTemplate" "common.mongodb.secret.userCredentialsUID") }}
+{{- end -}}
+
+{{/*
+ UID of mongodb primary password
+*/}}
+{{- define "common.mongodb.secret.primaryPasswordUID" -}}
+ {{- printf "primary-password" }}
+{{- end -}}
+
+{{/*
+ Name of mongodb user credentials secret
+*/}}
+{{- define "common.mongodb.secret.primaryPasswordSecretName" -}}
+ {{- include "common.mongodb.secret._secretName" (set . "uidTemplate" "common.mongodb.secret.primaryPasswordUID") }}
+{{- end -}}
+
+{{/*
+ Choose the name of the mongodb app label to use.
+*/}}
+{{- define "common.mongodbAppName" -}}
+ {{- if .Values.global.mongodb.localCluster -}}
+ {{- index .Values "mongodb" "nameOverride" -}}
+ {{- else -}}
+ {{- .Values.global.mongodb.nameOverride -}}
+ {{- end -}}
+{{- end -}}
+
+#Not edited yet
+{{/*
+ Create mongodb cluster via mongodb percona-operator
+*/}}
+{{- define "common.mongodbOpInstance" -}}
+{{- $dot := default . .dot -}}
+{{- $global := $dot.Values.global -}}
+{{- $dbinst := include "common.name" $dot -}}
+---
+
+apiVersion: psmdb.percona.com/v1
+kind: PerconaServerMongoDB
+metadata:
+ name: {{ $dbinst }}
+ labels:
+ app: {{ $dbinst }}
+ version: "5.5"
+spec:
+ metadata:
+ labels:
+ app: {{ $dbinst }}
+ version: "5.5"
+ {{- if .Values.mongodbOperator.imageMongo }}
+ image: {{ .Values.mongodbOperator.imageMongo | quote }}
+ {{- end }}
+ imagePullSecrets:
+ - name: {{ include "common.namespace" . }}-docker-registry-key
+ mongodbVersion: {{ $dot.Values.mongodbOperator.mongodbVersion }}
+ instances:
+ - name: {{ default "instance1" .Values.mongodbOperator.instanceName | quote }}
+ replicas: {{ default 2 .Values.mongodbOperator.instanceReplicas }}
+ dataVolumeClaimSpec:
+ {{- if .Values.instanceStorageClassName }}
+ storageClassName: {{ .Values.mongodbOperator.instanceStorageClassName | quote }}
+ {{- end }}
+ accessModes:
+ - "ReadWriteOnce"
+ resources:
+ requests:
+ storage: {{ default "1Gi" .Values.mongodbOperator.instanceSize | quote }}
+ {{- if or .Values.instanceMemory .Values.mongodbOperator.instanceCPU }}
+ resources:
+ limits:
+ cpu: {{ default "" .Values.mongodbOperator.instanceCPU | quote }}
+ memory: {{ default "" .Values.mongodbOperator.instanceMemory | quote }}
+ {{- end }}
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 1
+ podAffinityTerm:
+ topologyKey: kubernetes.io/hostname
+ labelSelector:
+ matchLabels:
+ mongodb-operator.crunchydata.com/cluster: {{ $dbinst }}
+ mongodb-operator.crunchydata.com/instance-set: {{ default "instance1" .Values.mongodbOperator.instanceName | quote }}
+ proxy:
+ pgBouncer:
+ metadata:
+ labels:
+ app: {{ $dbinst }}
+ version: "5.5"
+ {{- if .Values.mongodbOperator.imagePgBouncer }}
+ image: {{ .Values.mongodbOperator.imagePgBouncer | quote }}
+ {{- end }}
+ replicas: {{ default 2 .Values.mongodbOperator.bouncerReplicas }}
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 1
+ podAffinityTerm:
+ topologyKey: kubernetes.io/hostname
+ labelSelector:
+ matchLabels:
+ mongodb-operator.crunchydata.com/cluster: {{ $dbinst }}
+ mongodb-operator.crunchydata.com/role: pgbouncer
+ {{- if .Values.mongodbOperator.monitoring }}
+ monitoring:
+ pgmonitor:
+ exporter:
+ image: {{ default "" .Values.mongodbOperator.imageExporter | quote }}
+ {{- if .Values.mongodbOperator.monitoringConfig }}
+{{ toYaml .Values.monitoringConfig | indent 8 }}
+ {{- end }}
+ {{- end }}
+ users:
+ - name: mongodb
+{{- end -}}
diff --git a/kubernetes/common/common/templates/_pod.tpl b/kubernetes/common/common/templates/_pod.tpl
index 810350b..0a1d0ab 100644
--- a/kubernetes/common/common/templates/_pod.tpl
+++ b/kubernetes/common/common/templates/_pod.tpl
@@ -59,6 +59,9 @@
runAsUser: {{ .Values.securityContext.user_id }}
runAsGroup: {{ .Values.securityContext.group_id }}
fsGroup: {{ .Values.securityContext.group_id }}
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
{{- end }}
{{/*
@@ -69,4 +72,8 @@
readOnlyRootFilesystem: true
privileged: false
allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
{{- end }}
diff --git a/kubernetes/common/common/templates/_serviceMesh.tpl b/kubernetes/common/common/templates/_serviceMesh.tpl
index de779f8..55e9e00 100644
--- a/kubernetes/common/common/templates/_serviceMesh.tpl
+++ b/kubernetes/common/common/templates/_serviceMesh.tpl
@@ -65,6 +65,14 @@
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ {{ include "common.containerSecurityContext" . | indent 2 | trim }}
+ resources:
+ limits:
+ cpu: 100m
+ memory: 500Mi
+ requests:
+ cpu: 10m
+ memory: 10Mi
{{- end }}
{{- end }}
diff --git a/kubernetes/common/elasticsearch/.helmignore b/kubernetes/common/elasticsearch/.helmignore
index 68ffb32..0bab41b 100644
--- a/kubernetes/common/elasticsearch/.helmignore
+++ b/kubernetes/common/elasticsearch/.helmignore
@@ -1 +1,32 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
components/
diff --git a/kubernetes/common/elasticsearch/Chart.yaml b/kubernetes/common/elasticsearch/Chart.yaml
index 82c8ccd..6949da7 100644
--- a/kubernetes/common/elasticsearch/Chart.yaml
+++ b/kubernetes/common/elasticsearch/Chart.yaml
@@ -24,6 +24,9 @@
- name: common
version: ~13.x-0
repository: 'file://../common'
+ - name: repositoryGenerator
+ version: ~13.x-0
+ repository: 'file://../repositoryGenerator'
- name: master
version: ~13.x-0
repository: 'file://components/master'
@@ -35,6 +38,3 @@
version: ~13.x-0
repository: 'file://components/curator'
condition: elasticsearch.curator.enabled,curator.enabled
- - name: repositoryGenerator
- version: ~13.x-0
- repository: 'file://../repositoryGenerator'
diff --git a/kubernetes/common/elasticsearch/components/curator/Chart.yaml b/kubernetes/common/elasticsearch/components/curator/Chart.yaml
index 39780f2..390228b 100644
--- a/kubernetes/common/elasticsearch/components/curator/Chart.yaml
+++ b/kubernetes/common/elasticsearch/components/curator/Chart.yaml
@@ -26,4 +26,4 @@
repository: 'file://../../../common'
- name: repositoryGenerator
version: ~13.x-0
- repository: 'file://../../../repositoryGenerator'
\ No newline at end of file
+ repository: 'file://../../../repositoryGenerator'
diff --git a/kubernetes/common/elasticsearch/components/curator/values.yaml b/kubernetes/common/elasticsearch/components/curator/values.yaml
index 00f113b..d02d017 100644
--- a/kubernetes/common/elasticsearch/components/curator/values.yaml
+++ b/kubernetes/common/elasticsearch/components/curator/values.yaml
@@ -175,4 +175,3 @@
# "storage_class": "${S3_STORAGE_CLASS}"
# }
# }
-
diff --git a/kubernetes/common/elasticsearch/templates/_helpers.tpl b/kubernetes/common/elasticsearch/templates/_helpers.tpl
index 1de2599..34663e1 100644
--- a/kubernetes/common/elasticsearch/templates/_helpers.tpl
+++ b/kubernetes/common/elasticsearch/templates/_helpers.tpl
@@ -69,5 +69,3 @@
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
-
-
diff --git a/kubernetes/common/etcd/.helmignore b/kubernetes/common/etcd/.helmignore
index f0c1319..0bab41b 100644
--- a/kubernetes/common/etcd/.helmignore
+++ b/kubernetes/common/etcd/.helmignore
@@ -19,3 +19,14 @@
.project
.idea/
*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
diff --git a/kubernetes/common/etcd/templates/service.yaml b/kubernetes/common/etcd/templates/service.yaml
index 006378f..72dea06 100644
--- a/kubernetes/common/etcd/templates/service.yaml
+++ b/kubernetes/common/etcd/templates/service.yaml
@@ -35,4 +35,3 @@
selector:
app.kubernetes.io/name: {{ include "common.name" . }}
app.kubernetes.io/instance: {{ include "common.release" . }}
-
diff --git a/kubernetes/common/logConfiguration/.helmignore b/kubernetes/common/logConfiguration/.helmignore
new file mode 100644
index 0000000..0bab41b
--- /dev/null
+++ b/kubernetes/common/logConfiguration/.helmignore
@@ -0,0 +1,32 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
diff --git a/kubernetes/common/mariadb-galera/.helmignore b/kubernetes/common/mariadb-galera/.helmignore
index f0c1319..0bab41b 100644
--- a/kubernetes/common/mariadb-galera/.helmignore
+++ b/kubernetes/common/mariadb-galera/.helmignore
@@ -19,3 +19,14 @@
.project
.idea/
*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
diff --git a/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml b/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml
index 4c2bfcd..05aafb5 100644
--- a/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml
+++ b/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml
@@ -47,4 +47,4 @@
{{- end -}}
{{- end -}}
{{- end -}}
-{{- end -}}
\ No newline at end of file
+{{- end -}}
diff --git a/kubernetes/common/mariadb-galera/templates/configmap.yaml b/kubernetes/common/mariadb-galera/templates/configmap.yaml
index 0aa0a63..152d39f 100644
--- a/kubernetes/common/mariadb-galera/templates/configmap.yaml
+++ b/kubernetes/common/mariadb-galera/templates/configmap.yaml
@@ -39,4 +39,4 @@
my.cnf: |
{{ .Values.mariadbConfiguration | indent 4 }}
{{- end }}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/mariadb-galera/templates/mariadb.yaml b/kubernetes/common/mariadb-galera/templates/mariadb.yaml
index ce09c9f..d8ada6f 100644
--- a/kubernetes/common/mariadb-galera/templates/mariadb.yaml
+++ b/kubernetes/common/mariadb-galera/templates/mariadb.yaml
@@ -16,4 +16,4 @@
{{- if .Values.global.mariadbGalera.useOperator }}
{{ include "common.mariadbOpInstance" . }}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml b/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml
index d37aeb1..e628dee 100644
--- a/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml
+++ b/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml
@@ -34,4 +34,4 @@
targetPort: tcp-metrics
selector: {{- include "common.matchLabels" . | nindent 4 }}
{{- end }}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/mariadb-galera/templates/pdb.yaml b/kubernetes/common/mariadb-galera/templates/pdb.yaml
index 734f03f..da83abc 100644
--- a/kubernetes/common/mariadb-galera/templates/pdb.yaml
+++ b/kubernetes/common/mariadb-galera/templates/pdb.yaml
@@ -29,4 +29,4 @@
selector:
matchLabels: {{- include "common.matchLabels" . | nindent 6 }}
{{- end }}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/mariadb-galera/templates/prometheusrules.yaml b/kubernetes/common/mariadb-galera/templates/prometheusrules.yaml
index cf0ab56..ee9124f 100644
--- a/kubernetes/common/mariadb-galera/templates/prometheusrules.yaml
+++ b/kubernetes/common/mariadb-galera/templates/prometheusrules.yaml
@@ -28,4 +28,3 @@
rules:
{{- toYaml .Values.metrics.prometheusRules.rules | nindent 6 }}
{{- end }}
-
diff --git a/kubernetes/common/mariadb-galera/templates/pv.yaml b/kubernetes/common/mariadb-galera/templates/pv.yaml
index 129b5b2..2677552 100644
--- a/kubernetes/common/mariadb-galera/templates/pv.yaml
+++ b/kubernetes/common/mariadb-galera/templates/pv.yaml
@@ -17,4 +17,4 @@
{{- if not .Values.global.mariadbGalera.useOperator }}
{{ include "common.replicaPV" . }}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/mariadb-galera/templates/secrets.yaml b/kubernetes/common/mariadb-galera/templates/secrets.yaml
index 527f412..77a8e38 100644
--- a/kubernetes/common/mariadb-galera/templates/secrets.yaml
+++ b/kubernetes/common/mariadb-galera/templates/secrets.yaml
@@ -16,4 +16,4 @@
# limitations under the License.
*/}}
-{{ include "common.secretFast" . }}
\ No newline at end of file
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/common/mariadb-galera/templates/servicemonitor.yaml b/kubernetes/common/mariadb-galera/templates/servicemonitor.yaml
index 4cbf7b3..1bffb24 100644
--- a/kubernetes/common/mariadb-galera/templates/servicemonitor.yaml
+++ b/kubernetes/common/mariadb-galera/templates/servicemonitor.yaml
@@ -18,4 +18,4 @@
{{- if .Values.metrics.serviceMonitor.enabled }}
{{ include "common.serviceMonitor" . }}
{{- end }}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/mariadb-galera/templates/statefulset.yaml b/kubernetes/common/mariadb-galera/templates/statefulset.yaml
index 70cc0c3..f9b4de4 100644
--- a/kubernetes/common/mariadb-galera/templates/statefulset.yaml
+++ b/kubernetes/common/mariadb-galera/templates/statefulset.yaml
@@ -266,4 +266,4 @@
volumeClaimTemplates:
- {{ include "common.PVCTemplate" (dict "dot" . "suffix" "data" "persistenceInfos" .Values.persistence) | indent 6 | trim }}
{{- end }}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml
index 3d9725c..47264f9 100644
--- a/kubernetes/common/mariadb-galera/values.yaml
+++ b/kubernetes/common/mariadb-galera/values.yaml
@@ -63,9 +63,9 @@
galera:
enabled: true
agentImage: mariadb-operator/mariadb-operator
- agentVersion: v0.0.27
+ agentVersion: v0.0.28
initImage: mariadb-operator/mariadb-operator
- initVersion: v0.0.27
+ initVersion: v0.0.28
## String to partially override common.names.fullname template (will maintain the release name)
##
diff --git a/kubernetes/common/mariadb-init/.helmignore b/kubernetes/common/mariadb-init/.helmignore
index dadf202..f4d0b92 100644
--- a/kubernetes/common/mariadb-init/.helmignore
+++ b/kubernetes/common/mariadb-init/.helmignore
@@ -21,3 +21,14 @@
*.tmproj
tests
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
diff --git a/kubernetes/common/mariadb-init/Chart.yaml b/kubernetes/common/mariadb-init/Chart.yaml
index fa89a66..6414785 100644
--- a/kubernetes/common/mariadb-init/Chart.yaml
+++ b/kubernetes/common/mariadb-init/Chart.yaml
@@ -13,11 +13,11 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
+---
apiVersion: v2
description: Chart for MariaDB Galera init job
name: mariadb-init
-version: 13.0.0
+version: 13.0.1
dependencies:
- name: common
diff --git a/kubernetes/common/mariadb-init/templates/_configmap.tpl b/kubernetes/common/mariadb-init/templates/_configmap.tpl
index ea612a0..8d111b5 100644
--- a/kubernetes/common/mariadb-init/templates/_configmap.tpl
+++ b/kubernetes/common/mariadb-init/templates/_configmap.tpl
@@ -1,4 +1,4 @@
-{{/*
+{{- /*
# Copyright © 2019 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -12,7 +12,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
+*/ -}}
{{/*
Choose the name of the configmap to use.
diff --git a/kubernetes/common/mariadb-init/templates/_mariadb.tpl b/kubernetes/common/mariadb-init/templates/_mariadb.tpl
index 5563fe7..fda93b5 100644
--- a/kubernetes/common/mariadb-init/templates/_mariadb.tpl
+++ b/kubernetes/common/mariadb-init/templates/_mariadb.tpl
@@ -1,4 +1,4 @@
-{{/*
+{{- /*
# Copyright © 2019 Orange
# Copyright © 2020 Samsung Electronics
#
@@ -13,7 +13,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
+*/ -}}
{{/*
Choose the name of the mariadb secret to use.
diff --git a/kubernetes/common/mariadb-init/templates/configmap.yaml b/kubernetes/common/mariadb-init/templates/configmap.yaml
index 6708efd..6df329e 100644
--- a/kubernetes/common/mariadb-init/templates/configmap.yaml
+++ b/kubernetes/common/mariadb-init/templates/configmap.yaml
@@ -1,4 +1,3 @@
-{{/*
# Copyright © 2019 Orange
# Modifications Copyright © 2018 AT&T
#
@@ -13,8 +12,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
-
+---
apiVersion: v1
kind: ConfigMap
metadata:
diff --git a/kubernetes/common/mariadb-init/templates/job.yaml b/kubernetes/common/mariadb-init/templates/job.yaml
index 4bb142d..d620bd2 100644
--- a/kubernetes/common/mariadb-init/templates/job.yaml
+++ b/kubernetes/common/mariadb-init/templates/job.yaml
@@ -1,4 +1,3 @@
-{{/*
# Copyright © 2019 Orange
# Copyright © 2020 Samsung Electronics
#
@@ -13,8 +12,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
-
+---
{{ include "mariadbInit._updateSecrets" . -}}
apiVersion: batch/v1
@@ -42,11 +40,13 @@
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.image.mariadb" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
command:
- /bin/sh
- -c
diff --git a/kubernetes/common/mariadb-init/templates/secret.yaml b/kubernetes/common/mariadb-init/templates/secret.yaml
index a9d9e0b..b2876bc 100644
--- a/kubernetes/common/mariadb-init/templates/secret.yaml
+++ b/kubernetes/common/mariadb-init/templates/secret.yaml
@@ -1,4 +1,3 @@
-{{/*
# Copyright © 2017 Amdocs, Bell Canada, Orange
# Copyright © 2020 Samsung Electronics
#
@@ -13,8 +12,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
-
+---
{{ include "mariadbInit._updateSecrets" . -}}
{{ include "common.secretFast" . }}
diff --git a/kubernetes/common/mariadb-init/tests/job_test.yaml b/kubernetes/common/mariadb-init/tests/job_test.yaml
index cff8f94..33cd1c2 100644
--- a/kubernetes/common/mariadb-init/tests/job_test.yaml
+++ b/kubernetes/common/mariadb-init/tests/job_test.yaml
@@ -98,11 +98,11 @@
- it: "should render with default value (volumes)"
asserts:
- contains:
- path: spec.template.spec.volumes
- content:
- name: mariadb-conf
- configMap:
- name: RELEASE-NAME-mariadb-init
+ path: spec.template.spec.volumes
+ content:
+ name: mariadb-conf
+ configMap:
+ name: RELEASE-NAME-mariadb-init
- it: "should render with nameOverride set"
set:
@@ -136,11 +136,11 @@
name: RELEASE-NAME-myJob-secret
key: db-user-password
- contains:
- path: spec.template.spec.volumes
- content:
- name: mariadb-conf
- configMap:
- name: RELEASE-NAME-myJob
+ path: spec.template.spec.volumes
+ content:
+ name: mariadb-conf
+ configMap:
+ name: RELEASE-NAME-myJob
- it: "should render with configmap set"
set:
@@ -158,8 +158,8 @@
set:
global:
mariadbGalera:
- nameOverride: myMaria
- servicePort: 545
+ nameOverride: myMaria
+ servicePort: 545
asserts:
- contains:
path: spec.template.spec.initContainers[0].args
@@ -187,10 +187,10 @@
set:
global:
mariadbGalera:
- nameOverride: myMaria
- servicePort: 545
- userRootSecret: galera-secret
- userRootSecretKey: root-password
+ nameOverride: myMaria
+ servicePort: 545
+ userRootSecret: galera-secret
+ userRootSecretKey: root-password
asserts:
- contains:
path: spec.template.spec.initContainers[0].args
@@ -230,11 +230,11 @@
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- - key: kubernetes.io/e2e-az-name
- operator: In
- values:
- - e2e-az1
- - e2e-az2
+ - key: kubernetes.io/e2e-az-name
+ operator: In
+ values:
+ - e2e-az1
+ - e2e-az2
asserts:
- equal:
path: spec.template.spec.affinity
@@ -243,11 +243,11 @@
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- - key: kubernetes.io/e2e-az-name
- operator: In
- values:
- - e2e-az1
- - e2e-az2
+ - key: kubernetes.io/e2e-az-name
+ operator: In
+ values:
+ - e2e-az1
+ - e2e-az2
- it: "should use large flavor"
set:
flavor: large
diff --git a/kubernetes/common/mariadb-init/values.yaml b/kubernetes/common/mariadb-init/values.yaml
index 57dfb40..591477c 100644
--- a/kubernetes/common/mariadb-init/values.yaml
+++ b/kubernetes/common/mariadb-init/values.yaml
@@ -11,7 +11,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
+---
#################################################################
# Global configuration defaults.
#################################################################
@@ -106,21 +106,25 @@
# externalSecret: some-secret-name
config_map: default
+securityContext:
+ user_id: 100
+ group_id: 65533
+
nodeSelector: {}
affinity: {}
-#resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
+# resources: {}
+# We usually recommend not to specify default resources and to leave this as a conscious
+# choice for the user. This also increases chances charts run on environments with little
+# resources, such as Minikube. If you do want to specify resources, uncomment the following
+# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+#
+# Example:
+# Configure resource requests and limits
+# ref: http://kubernetes.io/docs/user-guide/compute-resources/
+# Minimum memory for development is 2 CPU cores and 4GB memory
+# Minimum memory for production is 4 CPU cores and 8GB memory
flavor: small
resources:
small:
@@ -139,7 +143,7 @@
memory: "20Mi"
unlimited: {}
-#Pods Service Account
+# Pods Service Account
serviceAccount:
nameOverride: mariadb-init
roles:
@@ -152,4 +156,4 @@
readinessCheck:
wait_for:
services:
- - '{{ include "common.mariadbService" . }}'
+ - '{{ include "common.mariadbService" . }}'
diff --git a/kubernetes/common/mongodb/Chart.yaml b/kubernetes/common/mongodb/Chart.yaml
index 2d6bf4b..fc39ce3 100644
--- a/kubernetes/common/mongodb/Chart.yaml
+++ b/kubernetes/common/mongodb/Chart.yaml
@@ -40,4 +40,4 @@
name: mongodb
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/mongodb
-version: 14.12.3
+version: 14.12.4
diff --git a/kubernetes/common/mongodb/README.md b/kubernetes/common/mongodb/README.md
index 065e047..a4d1803 100644
--- a/kubernetes/common/mongodb/README.md
+++ b/kubernetes/common/mongodb/README.md
@@ -1117,4 +1117,4 @@
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
-limitations under the License.
\ No newline at end of file
+limitations under the License.
diff --git a/kubernetes/common/mongodb/common/templates/_images.tpl b/kubernetes/common/mongodb/common/templates/_images.tpl
index 1bcb779..e6acf9e 100644
--- a/kubernetes/common/mongodb/common/templates/_images.tpl
+++ b/kubernetes/common/mongodb/common/templates/_images.tpl
@@ -114,4 +114,3 @@
{{- print .chart.AppVersion -}}
{{- end -}}
{{- end -}}
-
diff --git a/kubernetes/common/mongodb/templates/arbiter/statefulset.yaml b/kubernetes/common/mongodb/templates/arbiter/statefulset.yaml
index 041b0cb..ee033e9 100644
--- a/kubernetes/common/mongodb/templates/arbiter/statefulset.yaml
+++ b/kubernetes/common/mongodb/templates/arbiter/statefulset.yaml
@@ -274,7 +274,8 @@
{{- end }}
volumes:
- name: empty-dir
- emptyDir: {}
+ emptyDir:
+ sizeLimit: {{ .Values.arbiter.emptyDir.sizeLimit }}
{{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap .Values.arbiter.extraVolumes .Values.tls.enabled }}
- name: common-scripts
configMap:
@@ -287,7 +288,8 @@
{{- end }}
{{- if and .Values.tls.enabled .Values.arbiter.enabled }}
- name: certs
- emptyDir: {}
+ emptyDir:
+ sizeLimit: 64Mi
{{- if (include "mongodb.autoGenerateCerts" .) }}
- name: certs-volume
secret:
diff --git a/kubernetes/common/mongodb/templates/backup/cronjob.yaml b/kubernetes/common/mongodb/templates/backup/cronjob.yaml
index 2e884b1..44c297a 100644
--- a/kubernetes/common/mongodb/templates/backup/cronjob.yaml
+++ b/kubernetes/common/mongodb/templates/backup/cronjob.yaml
@@ -167,7 +167,7 @@
volumes:
- name: empty-dir
emptyDir:
- sizeLimit: 64Mi
+ sizeLimit: {{ .Values.arbiter.emptyDir.sizeLimit }}
- name: common-scripts
configMap:
name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }}
diff --git a/kubernetes/common/mongodb/templates/hidden/statefulset.yaml b/kubernetes/common/mongodb/templates/hidden/statefulset.yaml
index 08a55eb..a64002a 100644
--- a/kubernetes/common/mongodb/templates/hidden/statefulset.yaml
+++ b/kubernetes/common/mongodb/templates/hidden/statefulset.yaml
@@ -515,7 +515,7 @@
volumes:
- name: empty-dir
emptyDir:
- sizeLimit: 64Mi
+ sizeLimit: {{ .Values.arbiter.emptyDir.sizeLimit }}
- name: common-scripts
configMap:
name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }}
diff --git a/kubernetes/common/mongodb/templates/networkpolicy.yaml b/kubernetes/common/mongodb/templates/networkpolicy.yaml
index f6d62ca..63c4d71 100644
--- a/kubernetes/common/mongodb/templates/networkpolicy.yaml
+++ b/kubernetes/common/mongodb/templates/networkpolicy.yaml
@@ -80,4 +80,4 @@
{{- if $extraIngress }}
{{- include "common.tplvalues.render" ( dict "value" $extraIngress "context" $ ) | nindent 4 }}
{{- end }}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/mongodb/templates/replicaset/statefulset.yaml b/kubernetes/common/mongodb/templates/replicaset/statefulset.yaml
index b171eca..089119c 100644
--- a/kubernetes/common/mongodb/templates/replicaset/statefulset.yaml
+++ b/kubernetes/common/mongodb/templates/replicaset/statefulset.yaml
@@ -513,7 +513,7 @@
volumes:
- name: empty-dir
emptyDir:
- sizeLimit: 64Mi
+ sizeLimit: {{ .Values.arbiter.emptyDir.sizeLimit }}
- name: common-scripts
configMap:
name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }}
diff --git a/kubernetes/common/mongodb/templates/standalone/dep-sts.yaml b/kubernetes/common/mongodb/templates/standalone/dep-sts.yaml
index 6f63f0b..619533d 100644
--- a/kubernetes/common/mongodb/templates/standalone/dep-sts.yaml
+++ b/kubernetes/common/mongodb/templates/standalone/dep-sts.yaml
@@ -438,7 +438,7 @@
volumes:
- name: empty-dir
emptyDir:
- sizeLimit: 64Mi
+ sizeLimit: {{ .Values.arbiter.emptyDir.sizeLimit }}
- name: common-scripts
configMap:
name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }}
diff --git a/kubernetes/common/mongodb/values.yaml b/kubernetes/common/mongodb/values.yaml
index 9612859..7628846 100644
--- a/kubernetes/common/mongodb/values.yaml
+++ b/kubernetes/common/mongodb/values.yaml
@@ -307,6 +307,14 @@
## @param replicaSetName Name of the replica set (only when `architecture=replicaset`)
## Ignored when mongodb.architecture=standalone
##
+replicaSet:
+ emptyDir:
+ sizeLimit: 1Gi
+
+standalone:
+ emptyDir:
+ sizeLimit: 1Gi
+
replicaSetName: rs0
## @param replicaSetHostnames Enable DNS hostnames in the replicaset config (only when `architecture=replicaset`)
## Ignored when mongodb.architecture=standalone
@@ -1166,6 +1174,8 @@
## @param backup.enabled Enable the logical dump of the database "regularly"
##
enabled: false
+ emptyDir:
+ sizeLimit: 1Gi
## Fine tuning cronjob's config
##
cronjob:
@@ -1438,6 +1448,8 @@
## @section Arbiter parameters
##
arbiter:
+ emptyDir:
+ sizeLimit: 1Gi
## @param arbiter.enabled Enable deploying the arbiter
## https://docs.mongodb.com/manual/tutorial/add-replica-set-arbiter/
##
@@ -1616,8 +1628,8 @@
allowPrivilegeEscalation: false
capabilities:
drop:
- - ALL
- - CAP_NET_RAW
+ - ALL
+ - CAP_NET_RAW
seccompProfile:
type: "RuntimeDefault"
## MongoDB(®) Arbiter containers' resource requests and limits.
@@ -1783,6 +1795,8 @@
## https://docs.mongodb.com/manual/tutorial/configure-a-hidden-replica-set-member/
##
enabled: false
+ emptyDir:
+ sizeLimit: 1Gi
## @param hidden.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: false
@@ -1960,9 +1974,7 @@
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
- drop:
- - ALL
- - CAP_NET_RAW
+ drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## MongoDB(®) Hidden containers' resource requests and limits.
@@ -1971,7 +1983,7 @@
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- ## @param hidden.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if hidden.resources is set (hidden.resources is recommended for production).
+ ## @param hidden.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if hidden.resources is set (hidden.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
diff --git a/kubernetes/common/postgres-init/.helmignore b/kubernetes/common/postgres-init/.helmignore
index f0c1319..0bab41b 100644
--- a/kubernetes/common/postgres-init/.helmignore
+++ b/kubernetes/common/postgres-init/.helmignore
@@ -19,3 +19,14 @@
.project
.idea/
*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
diff --git a/kubernetes/common/postgres-init/Chart.yaml b/kubernetes/common/postgres-init/Chart.yaml
index 81f566f..be9ecc2 100644
--- a/kubernetes/common/postgres-init/Chart.yaml
+++ b/kubernetes/common/postgres-init/Chart.yaml
@@ -31,4 +31,4 @@
repository: '@local'
- name: serviceAccount
version: ~13.x-0
- repository: '@local'
\ No newline at end of file
+ repository: '@local'
diff --git a/kubernetes/common/postgres-init/values.yaml b/kubernetes/common/postgres-init/values.yaml
index 160e672..cede7e0 100644
--- a/kubernetes/common/postgres-init/values.yaml
+++ b/kubernetes/common/postgres-init/values.yaml
@@ -104,4 +104,4 @@
wait_for_job_container:
containers:
- - '{{ include "common.name" . }}-update-config'
\ No newline at end of file
+ - '{{ include "common.name" . }}-update-config'
diff --git a/kubernetes/common/postgres/.helmignore b/kubernetes/common/postgres/.helmignore
index f0c1319..0bab41b 100644
--- a/kubernetes/common/postgres/.helmignore
+++ b/kubernetes/common/postgres/.helmignore
@@ -19,3 +19,14 @@
.project
.idea/
*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
diff --git a/kubernetes/common/postgres/Chart.yaml b/kubernetes/common/postgres/Chart.yaml
index 3920d8e..d1fb768 100644
--- a/kubernetes/common/postgres/Chart.yaml
+++ b/kubernetes/common/postgres/Chart.yaml
@@ -25,4 +25,4 @@
repository: 'file://../common'
- name: repositoryGenerator
version: ~13.x-0
- repository: 'file://../repositoryGenerator'
\ No newline at end of file
+ repository: 'file://../repositoryGenerator'
diff --git a/kubernetes/common/postgres/configs/pg_hba.conf b/kubernetes/common/postgres/configs/pg_hba.conf
index 580185c..d891840 100644
--- a/kubernetes/common/postgres/configs/pg_hba.conf
+++ b/kubernetes/common/postgres/configs/pg_hba.conf
@@ -65,4 +65,3 @@
#local all all trust
# IPv4 local connections:
host all all 0.0.0.0/0 md5
-
diff --git a/kubernetes/common/postgres/templates/deployment-primary.yaml b/kubernetes/common/postgres/templates/deployment-primary.yaml
index 535eefa..7947559 100644
--- a/kubernetes/common/postgres/templates/deployment-primary.yaml
+++ b/kubernetes/common/postgres/templates/deployment-primary.yaml
@@ -15,4 +15,4 @@
*/}}
{{- if not .Values.global.postgres.useOperator }}
{{ include "common.postgres.deployment" (dict "dot" . "pgMode" "primary") }}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/postgres/templates/deployment-replica.yaml b/kubernetes/common/postgres/templates/deployment-replica.yaml
index 97c7e11..246e1e9 100644
--- a/kubernetes/common/postgres/templates/deployment-replica.yaml
+++ b/kubernetes/common/postgres/templates/deployment-replica.yaml
@@ -15,4 +15,4 @@
*/}}
{{- if not .Values.global.postgres.useOperator }}
{{ include "common.postgres.deployment" (dict "dot" . "pgMode" "replica") }}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/postgres/templates/metrics-svc-primary.yaml b/kubernetes/common/postgres/templates/metrics-svc-primary.yaml
index 00a5182..b8d7912 100644
--- a/kubernetes/common/postgres/templates/metrics-svc-primary.yaml
+++ b/kubernetes/common/postgres/templates/metrics-svc-primary.yaml
@@ -35,4 +35,4 @@
name: {{ .Values.container.name.primary }}
release: {{ include "common.release" . }}
{{- end }}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/postgres/templates/metrics-svc-replica.yaml b/kubernetes/common/postgres/templates/metrics-svc-replica.yaml
index b8b9e79..6d9990a 100644
--- a/kubernetes/common/postgres/templates/metrics-svc-replica.yaml
+++ b/kubernetes/common/postgres/templates/metrics-svc-replica.yaml
@@ -35,4 +35,4 @@
name: {{ .Values.container.name.replica }}
release: {{ include "common.release" . }}
{{- end }}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/postgres/templates/postgres.yaml b/kubernetes/common/postgres/templates/postgres.yaml
index aca6aa2..0dad7f5 100644
--- a/kubernetes/common/postgres/templates/postgres.yaml
+++ b/kubernetes/common/postgres/templates/postgres.yaml
@@ -16,4 +16,4 @@
{{- if .Values.global.postgres.useOperator }}
{{ include "common.postgresOpInstance" . }}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/postgres/templates/pv-primary.yaml b/kubernetes/common/postgres/templates/pv-primary.yaml
index 8db79d6..9e73ceb 100644
--- a/kubernetes/common/postgres/templates/pv-primary.yaml
+++ b/kubernetes/common/postgres/templates/pv-primary.yaml
@@ -38,4 +38,4 @@
path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}/primary
{{- end -}}
{{- end -}}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/postgres/templates/pvc-replica.yaml b/kubernetes/common/postgres/templates/pvc-replica.yaml
index f59adf7..e71284f 100644
--- a/kubernetes/common/postgres/templates/pvc-replica.yaml
+++ b/kubernetes/common/postgres/templates/pvc-replica.yaml
@@ -43,4 +43,4 @@
storageClassName: {{ include "common.storageClass" . }}
{{- end }}
{{- end }}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/postgres/templates/service-replica.yaml b/kubernetes/common/postgres/templates/service-replica.yaml
index 6869456..878a02e 100644
--- a/kubernetes/common/postgres/templates/service-replica.yaml
+++ b/kubernetes/common/postgres/templates/service-replica.yaml
@@ -40,4 +40,4 @@
selector:
name: "{{.Values.container.name.replica}}"
release: {{ include "common.release" . }}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/postgres/templates/servicemonitor.yaml b/kubernetes/common/postgres/templates/servicemonitor.yaml
index 522e515..3fb716b 100644
--- a/kubernetes/common/postgres/templates/servicemonitor.yaml
+++ b/kubernetes/common/postgres/templates/servicemonitor.yaml
@@ -17,4 +17,4 @@
{{- if .Values.metrics.serviceMonitor.enabled }}
{{ include "common.serviceMonitor" . }}
{{- end }}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/readinessCheck/.helmignore b/kubernetes/common/readinessCheck/.helmignore
new file mode 100644
index 0000000..0bab41b
--- /dev/null
+++ b/kubernetes/common/readinessCheck/.helmignore
@@ -0,0 +1,32 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
diff --git a/kubernetes/common/readinessCheck/Chart.yaml b/kubernetes/common/readinessCheck/Chart.yaml
index bb2986a..bd8adbf 100644
--- a/kubernetes/common/readinessCheck/Chart.yaml
+++ b/kubernetes/common/readinessCheck/Chart.yaml
@@ -17,7 +17,7 @@
apiVersion: v2
description: Template used to wait for other deployment/sts/jobs in onap
name: readinessCheck
-version: 13.1.0
+version: 13.1.1
dependencies:
- name: common
@@ -25,4 +25,4 @@
repository: 'file://../common'
- name: repositoryGenerator
version: ~13.x-0
- repository: 'file://../repositoryGenerator'
\ No newline at end of file
+ repository: 'file://../repositoryGenerator'
diff --git a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
index 51791fe..42f5261 100644
--- a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
+++ b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
@@ -95,6 +95,13 @@
securityContext:
runAsUser: {{ $subchartDot.Values.user }}
runAsGroup: {{ $subchartDot.Values.group }}
+ readOnlyRootFilesystem: true
+ privileged: false
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
command:
- /app/ready.py
args:
diff --git a/kubernetes/common/repositoryGenerator/.helmignore b/kubernetes/common/repositoryGenerator/.helmignore
new file mode 100644
index 0000000..0bab41b
--- /dev/null
+++ b/kubernetes/common/repositoryGenerator/.helmignore
@@ -0,0 +1,32 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
diff --git a/kubernetes/common/serviceAccount/.helmignore b/kubernetes/common/serviceAccount/.helmignore
new file mode 100644
index 0000000..0bab41b
--- /dev/null
+++ b/kubernetes/common/serviceAccount/.helmignore
@@ -0,0 +1,32 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
diff --git a/kubernetes/common/serviceAccount/Chart.yaml b/kubernetes/common/serviceAccount/Chart.yaml
index 7afd31f..4e3eab3 100644
--- a/kubernetes/common/serviceAccount/Chart.yaml
+++ b/kubernetes/common/serviceAccount/Chart.yaml
@@ -23,4 +23,4 @@
dependencies:
- name: common
version: ~13.x-0
- repository: 'file://../common'
\ No newline at end of file
+ repository: 'file://../common'
diff --git a/kubernetes/common/serviceAccount/templates/role.yaml b/kubernetes/common/serviceAccount/templates/role.yaml
index 83cb945..d6d041f 100644
--- a/kubernetes/common/serviceAccount/templates/role.yaml
+++ b/kubernetes/common/serviceAccount/templates/role.yaml
@@ -128,6 +128,7 @@
- pods/exec
verbs:
- create
+ - get
- apiGroups:
- cert-manager.io
resources:
diff --git a/kubernetes/common/serviceAccount/templates/service-account.yaml b/kubernetes/common/serviceAccount/templates/service-account.yaml
index 20bd94f..683d5d2 100644
--- a/kubernetes/common/serviceAccount/templates/service-account.yaml
+++ b/kubernetes/common/serviceAccount/templates/service-account.yaml
@@ -21,4 +21,4 @@
kind: ServiceAccount
metadata:
name: {{ include "common.fullname" (dict "suffix" $role_type "dot" $dot ) }}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/timescaledb/.helmignore b/kubernetes/common/timescaledb/.helmignore
index 50af031..0bab41b 100644
--- a/kubernetes/common/timescaledb/.helmignore
+++ b/kubernetes/common/timescaledb/.helmignore
@@ -19,4 +19,14 @@
.project
.idea/
*.tmproj
-.vscode/
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
diff --git a/kubernetes/common/timescaledb/Chart.yaml b/kubernetes/common/timescaledb/Chart.yaml
index d8b9869..dd92121 100644
--- a/kubernetes/common/timescaledb/Chart.yaml
+++ b/kubernetes/common/timescaledb/Chart.yaml
@@ -33,4 +33,4 @@
repository: '@local'
- name: repositoryGenerator
version: ~13.x-0
- repository: 'file://../repositoryGenerator'
\ No newline at end of file
+ repository: 'file://../repositoryGenerator'
diff --git a/kubernetes/common/timescaledb/templates/statefulset.yaml b/kubernetes/common/timescaledb/templates/statefulset.yaml
index 653326b..bee389f 100644
--- a/kubernetes/common/timescaledb/templates/statefulset.yaml
+++ b/kubernetes/common/timescaledb/templates/statefulset.yaml
@@ -30,22 +30,6 @@
spec:
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }}
{{ include "common.podSecurityContext" . | indent 10 | trim}}
- initContainers:
- # we shouldn't need this but for unknown reason, it's fsGroup is not
- # applied
- - name: fix-permission
- command:
- - /bin/sh
- args:
- - -c
- - chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /var/lib/postgresql/data
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- securityContext:
- runAsUser: 0
- volumeMounts:
- - mountPath: /var/lib/postgresql/data
- name: {{ include "common.fullname" . }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/Chart.yaml
index 7b30414..8596dcd 100644
--- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/Chart.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/Chart.yaml
@@ -41,5 +41,5 @@
version: ~13.x-0
repository: '@local'
- name: mongodb
- version: 14.12.3
+ version: ~14.12.x-0
repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
index 2795a2b..4bb5706 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
@@ -23,7 +23,11 @@
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- {{ include "common.podSecurityContext" . | indent 6 | trim}}
+ # temporarily use less restrictions
+ securityContext:
+ runAsUser: {{ .Values.securityContext.user_id }}
+ runAsGroup: {{ .Values.securityContext.group_id }}
+ fsGroup: {{ .Values.securityContext.group_id }}
initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 8 }}
- name: {{ include "common.name" . }}-permission-fixer
securityContext:
diff --git a/kubernetes/multicloud/components/multicloud-k8s/Chart.yaml b/kubernetes/multicloud/components/multicloud-k8s/Chart.yaml
index 8d50814..5dc3752 100644
--- a/kubernetes/multicloud/components/multicloud-k8s/Chart.yaml
+++ b/kubernetes/multicloud/components/multicloud-k8s/Chart.yaml
@@ -27,7 +27,7 @@
# be published independently to a repo (at this point)
repository: '@local'
- name: mongodb
- version: 14.12.3
+ version: ~14.12.x-0
repository: '@local'
- name: etcd
version: ~13.x-0
diff --git a/kubernetes/nbi/Chart.yaml b/kubernetes/nbi/Chart.yaml
index 6f403f7..3ffd2a1 100644
--- a/kubernetes/nbi/Chart.yaml
+++ b/kubernetes/nbi/Chart.yaml
@@ -27,7 +27,7 @@
# be published independently to a repo (at this point)
repository: '@local'
- name: mongodb
- version: 14.12.3
+ version: ~14.12.x-0
repository: '@local'
- name: mariadb-galera
version: ~13.x-0
diff --git a/kubernetes/platform/components/chartmuseum/templates/deployment.yaml b/kubernetes/platform/components/chartmuseum/templates/deployment.yaml
index 3956255..fea1a1a 100644
--- a/kubernetes/platform/components/chartmuseum/templates/deployment.yaml
+++ b/kubernetes/platform/components/chartmuseum/templates/deployment.yaml
@@ -27,21 +27,6 @@
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
{{ include "common.podSecurityContext" . | indent 7 | trim}}
- initContainers:
- - name: volume-permissions
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- args:
- - "-c"
- - |
- chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} //chartmuseum-persist
- securityContext:
- runAsUser: 0
- volumeMounts:
- - name: chart-persistent
- mountPath: "/chartmuseum-persist"
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.githubContainerRegistry" . }}/{{ .Values.image }}
diff --git a/kubernetes/portal-ng/components/portal-ng-history/Chart.yaml b/kubernetes/portal-ng/components/portal-ng-history/Chart.yaml
index ab28bf2..4b62b5d 100644
--- a/kubernetes/portal-ng/components/portal-ng-history/Chart.yaml
+++ b/kubernetes/portal-ng/components/portal-ng-history/Chart.yaml
@@ -47,5 +47,5 @@
version: ~13.x-0
repository: '@local'
- name: mongodb
- version: 14.12.3
+ version: ~14.12.x-0
repository: '@local'
diff --git a/kubernetes/portal-ng/components/portal-ng-preferences/Chart.yaml b/kubernetes/portal-ng/components/portal-ng-preferences/Chart.yaml
index 8f8c494..9608858 100644
--- a/kubernetes/portal-ng/components/portal-ng-preferences/Chart.yaml
+++ b/kubernetes/portal-ng/components/portal-ng-preferences/Chart.yaml
@@ -47,7 +47,7 @@
version: ~13.x-0
repository: '@local'
- name: mongodb
- version: 14.12.3
+ version: ~14.12.x-0
repository: '@local'