Release v1.1.2 #104
Merged
Release v1.1.2 #104
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
ubergesundheit
approved these changes
Mar 2, 2021
ced0ps
added a commit
that referenced
this pull request
Mar 3, 2021
* import kong's helm chart Kong's Helm chart is copied over from github.com/helm/charts repository at version 0.36.5. The kong chart in `helm/chart` repo is now considered deprecated. * remove postgres chart bundle from repo * kong: release v1 chart version From #2 * correct link to FAQs * docs: update installation instructions to use new repo * kong: fix typo in .Release.Namespace From #5 * kong: add Helm3 CRD support From #10 * kong: fix typos for .Release.Namespace From #18 Close #9 Fix #11 Co-authored-by: Łukasz Tomaszkiewicz <[email protected]> * kong: fix changelog for the last release * kong: refactor env block generation Significantly refactor the generation of Kong container env blocks. Add both user-provided variables and variables generated from other sections of values.yaml to dictionaries, merge the dictionaries to ensure only a single instance of a variable is present, and render the resulting dictionary into an EnvVar block. In addition: * Condense kong.env and kong.final_env back into a single kong.env template. * Remove special-case env generation from kong.wait-for-db and use kong.env to ensure consistent behavior accross all Kong containers. * Add a new kong.no_daemon_env template to disable NGINX daemonization for containers other than wait-for-db. * DRY license, session configuration, and auth configuration templates into a generic "secretkeyref" template. * Add a new case to the renderer for handling templated secretKeyRef blocks. Templates can only generate strings, not string maps, and the quote function condenses multi-line strings onto a single line, so neither of the existing render cases work. The additional renderer relies on the presence of "valueFrom" as a magic string to indicate that it should handle that variable. It cannot handle other multi-line blocks as such. At present (API version 1.17), valueFrom is the only such block suppported by the EnvVar specification. Signed-off-by: Travis Raines <[email protected]> From #4 * missing smtp_admin_emails env and explicit disable of smtp_mock because is on by default. (#21) Signed-off-by: paulopez78 <[email protected]> * kong: update README for 1.1.1 From #23 Signed-off-by: Travis Raines <[email protected]> * [kong] ensure environment variables map is ordered Since we are dealing with maps, there is zero guarantee that the output yaml will be the same between runs. In most cases this is not an issue, but the env map is used by jobs. In this case `spec.template` is immutable and if the env list order changes, it results in a failed upgrade. So in the construction of the map, we ensure (by ordering the list of keys) that it is idempotent. From #29 * [kong] terminate wait-for-postgres if host or port not set The script runs forever and simply prints 'waiting for db' if KONG_PG_HOST or KONG_PG_PORT are not set. Which isn't very helpful. This commit hard fails if either of those environment variables are not set, making it easier and quicker to diagnose problems. As a note, the reason why they may not be set is when a user provides there own database but doesn't set pg_port or pg_host. Additional changes: - Message is slightly more informative, so if connecting takes awhile, the use can see host and port being attempted. - Set the default postgres port From #28 * [kong] Don't recreate service account (#31) Remove the temporary ServiceAccount created via hook during pre-upgrade migrations. This was previously in place to automatically handle users upgrading from a configuration that did not use a ServiceAccount to one that did. However, this temporary account overwrites credentials for the real account if left in the template. Add instructions for temporarily modifying the template to re-add this hook to the FAQ, along with examples of the error that will appear. * [kong] add support for HorizontalPodAutoscaler From #12 * [kong] add warning in docs regarding punctuation in secretVolume names From #25 * [kong] release version 1.2.0 * [kong] fix a typo in HPA v1 template From #45 * kong: add support for sub-directories in plugin code This commit is concerning supporting plugins which require multiple configmaps, which is the case if they require a migrations folder for any relational datastore support they have implemented. From #24 Signed-off-by: Yasser Saleemi <[email protected]> Co-authored-by: Cameron Wood <[email protected]> * [kong] document Helm3 warning From #34 * [kong] allow nodePort to be specified when type LoadBalancer for proxy service This PR introduces ability to specify a custom `nodePort` in values passed to `helm`. Before, the chart would only respect the `nodePort` value if `proxy.type` was set to `NodePort`. Now it also respects `nodePort` for default `proxy.type` of `LoadBalancer`. From #48 * [kong] enable reuseport and http2 on ssl port by default These are not configurable and we will have to add that support in future. From #47 * [kong] remove reuseport from proxy listen Partially revert 14c1d82 by removing reuseport from the proxy listener template. Support for reuseport was initially added in 1.3, and there are a number of older releases in the wild. Deferring this for revised listener templates that allow specifying listen parameters in values.yaml. From #54 * Update README.md to include undocumented parameter * [kong] add support for pod scheduling priority class From #56 Signed-off-by: Kevin Lefevre <[email protected]> * [kong] add FAQ entry for init job upgrade error Add a FAQ entry for the immutable job error that appears when running "helm upgrade" while an old init-migrations job is still present. * [kong] bump up kong to 2.0 * [kong] bump up controller to 0.7.1 * [kong] remove dedicated Portal auth settings * Remove enterprise.portal.portal_auth and enterprise.portal.session_conf_secret from values.yaml. Both can be configured per-workspace in Kong Manager, and providing them via environment variables only provides defaults. The standard default values are fine; Manager will prompt users to create a session configuration if necessary. * Add deprecation warning to NOTES.txt. The chart continues to apply the old settings if present, but warns users that they should remove them or migrate them to env values. * Update README.md with new session instructions. * Clean up some outdated comments from values.yaml and adjust NOTES.txt format a bit. * [kong] reword documentation for Portal auth change * [kong] split CHANGELOG.md from README.md * [kong] release version 1.3.0 * [kong] fix broken newline chomp in NOTES.txt From #66 * [kong] update registry secret documentation * [kong] update registry secret documentation * Update the registry secret documentation to add secrets for both kong-enterprise-k8s and kong-enterprise-edition-docker registries. * Update examples to clarify the credential type and format. * Indicate more clearly that users should use their Bintray API key, which may be different from their Bintray password. * [kong] align registry example with docs site From #65 * [kong] release version 1.3.1 * [kong] fix docs to for default value of installCRDs From #78 * [kong] add upgrade documentation From #74 * [kong] refactor listener templates (#72) Unify listener templates and make them more expressive: * Listener strings are now generated by passing the listener/service configuration block (e.g. "proxy") to the "kong.listen" helper, rather than templating each listen string individually. * The admin listen now uses the same configuration format as other listeners, with default values expressing the standard configuration (no service creation, TLS-only listen). Legacy configuration is still supported, but displays a deprecation warning in NOTES.txt. * Listener configuration now allows specifying listen parameters, rather than hard-coding them into the template (though "ssl" is still hard-coded for TLS listens). To avoid too complicated a configuration change, users are still limited to two listens, HTTP and TLS, rather than being able to freely define listens. * CI tests and README.md now account for the above. * NOTES.txt spacing now tries to more closely adhere to 80-char columns. * Add a "kong.adminLocalURL" helper to generate the local URL for the admin API, for use with the ingress controller. * [kong] add support for annotations on Deployment (#81) * [kong] switch to bitnami's chart repo for postgresql * [kong] clarify Helm 2 vs Helm 3 installation commands * [kong] add support for adding CLI args to Ingress Controller From #79 * [kong] fix appVersion in Chart.yaml It is intentional that patch versions of Kong are not pinned in the chart. * [kong] remove documentation of ghost property of ingressController.replicaCount This used to be a thing when controller and kong were in separate pods, which is not the case anymore. Fix #6 * [kong] update CRDs for Ingress Controller 0.8 release Kong Ingress Controller 0.8 add two new CRDs: TCPIngress and KongClusterPlugin. `tcp` and `tls` are now supported protocols and they are added in here as well. * [kong] add RBAC permissions for controller 0.8 release Kong Ingress Controller 0.8 needs more RBAC permissions to support Knative, cluster-level plugins and TCPIngress capabilities. * [kong] bump up Ingress Controller to 0.8.0 * [kong] introduce `threshold and `path_handling` properties in KongIngress These were introduced in Kong 2.0. * [kong] add strip_path instructions to UPGRADE.md * [kong] release chart version 1.4.0 * [kong] release chart version 1.4.1 Release chart version 1.4.1. This fixes an incorrect code example in the 1.4.0 UPGRADE.md section. * [kong] add 1.4 upgrade info for Postgres subchart (#94) * [kong] add support for annotations on ServiceAccount From #97 * [kong] fix default image tag to 2.0 in readme From #96 * [kong] specify tag info for enterprise images * [kong] add deprecation notices to CHANGELOG.md From #91 * [kong] improve RBAC documentation * Add practical examples to the RBAC section of README.md. * Call out setting an initial super-admin password in the brief Enterprise documentation. * Add RBAC documentation for ingress controller. * Fix several minor formatting issues. From #95 * [kong] add basic envvar config for controller Move the default TLS verify setting out of the controller helper template and into its env block in values.yaml. Add a commented example section for the specifying the controller's admin token. * [kong] migrate controller config to envvars Remove the static command-line arguments from the controller template and replace them with equivalent environment variables. This breaks compatibility with controller versions <0.7. Separate the render section of the existing kong.env template into its own kong.renderEnv template, which is now used for both the Kong and controller container env blocks. * [kong] add default kong_admin_tls_skip_verify Set kong_admin_tls_skip_verify to true by default when generating the controller env block. Although this is now set in the standard values.yaml, since the previous values.yaml set env to the empty object, upgraded instances would default to false unless that section was omitted or updated. The setting in values.yaml will still take precedence if present. * [kong] add support for stream listens (#103) Add support for stream listens as additional proxy ports: * Add values.yaml configuration for stream listens under "proxy". * Add new "kong.singleListen" helper for generating individual listen configurations. Refactor "kong.listen" to use "kong.singleListen". * Add new "kong.streamListen" helper to generate stream listen directives. * De-duplicate listen parameters. * Update deployment and proxy service templates to include stream listen ports. * Add stream listens to CI values. * [kong] rework migration job configuration (#102) * Replace runMigrations with settings for upgrade migrations jobs under a migrations block. * Handle deleting init-migrations jobs automatically. * Add warning for deprecated runMigrations setting. * Add support for job annotations, with default annotations to disable some service mesh sidecars. * Add documentation for managing clusters split across multiple releases. * Update NOTES.txt warnings to reference URLs in the upgrade guide rather than explaining the issue in place. * Fix a newline chomp issue in NOTES.txt. * [kong] add status listen (#107) * Add the status listen, which provides a dedicated status endpoint on versions 1.4+. See Kong/kong@dac9f1a for additional context. * Allow removal of the "parameters" list from listen configuration entirely. This allows making the status listen configuration in values.yaml clearer, as it does not support any parameters. * [kong] add read-only root filesystem option (#104) * Move the PodSecurityPolicy spec out of its template into values.yaml. This allows user control over all PSP settings. * Add "podSecurityPolicy.spec.readOnlyRootFilesystem: true" to values.yaml * [kong] bump example Enterprise tag to 1.5.0.0 * [kong] release 1.5.0 * [kong] correct serviceMonitor.interval docs (#110) The scraping interval is not set in the values.yaml file of the Helm chart. As such, the default scraping interval is used. This is actually 30s and not 10s. See https:/coreos/prometheus-operator/blob/7ebf899f9768ead08ac7af6d59688d642cb8ef9c/pkg/prometheus/promcfg.go#L175-L189 * [kong] remove duplicate `installCRDs` description * [kong] Allow the proxy container's lifecycle hooks to be overridden This commit also adds a `sleep 15` to give other controllers and load balancers to remove Kong from their target list to avoid downtime. From #116 * [kong] disable anonymous reports in CI runs * [kong] bump up ingress controller to 0.8.1 From #118 * [kong] enable kic by default * [kong] add support for adding labels to pods From #121 * [kong] target proxy with ServiceMonitor selector (#112) This commit limits the ServiceMonitor, so it only targets the proxy Service resource instead of both the proxy and the admin Service. * [kong] use internal address for admin API when appropriate (#125) Use 127.0.0.1 as the admin listen address if the admin service is disabled. This is primarily for controller-managed deployments, where the admin API should not be exposed outside the pod (removing it from the deployment ports alone does not prevent this). This changes adds generic support for specifying the listen address, but does not use local listens for other services: generally, the admin API is the only service we expect to encounter a disabled service with enabled listens. If SVC.enabled=false, do not render ports for that service in the deployment template. * [kong] add settings to specify images with a single string (#128) Add a new "unifiedRepoTag" key to image configurations. This contains a complete registry:tag reference to a Docker image, and is used if present. If absent, the standard "repository" and "tag" values are used. This is primarily for compliance with Red Hat's offline operator requirements, and is not intended for general use. It is not documented as such. * kong added smtp poperty auth type and ssl added couple missing properties int eh smtp section of the kong chart * [kong] update commented out enterprise versions * [kong] simplify license secret kubectl command Enterprise users frequently run into problems with the current way the secret is created. The files have extensions which cause problem later on in the deployment and this has taken up a lot of time in debugging several support tickets. The new format makes it clear and avoids problems when the file has an extension or is present in a different directory. * [kong] remove default securityContext * [kong] update CRDs for controller 0.9 * [kong] bump controller to 0.9.0 * [kong] release 1.6.0 * [kong] release 1.6.1 * [kong] add example values.yaml configurations (#134) Add example values.yamls with basic settings for common configurations of Kong and Kong Enterprise. * [kong] add support for controller-only deployments (#136) Add a new top-level `deployment.kong.enabled` setting that controls whether the chart deploys Kong and its associated resources. Setting this to `false` allows users to create controller-only deployments. Allow for CRD-only deployments by setting the above to `false`, `ingressController.enabled` to `false`, and `ingressController.installCRDs` to `true`. * [kong] add example values.yaml configurations (#134) Add example values.yamls with basic settings for common configurations of Kong and Kong Enterprise. * [kong] add support for controller-only deployments (#136) Add a new top-level `deployment.kong.enabled` setting that controls whether the chart deploys Kong and its associated resources. Setting this to `false` allows users to create controller-only deployments. Allow for CRD-only deployments by setting the above to `false`, `ingressController.enabled` to `false`, and `ingressController.installCRDs` to `true`. * [kong] release 1.7.0 * [kong] bump controller to 0.9.1 * [kong] fix admission listen type conversion (#155) Fix issue where CONTROLLER_ADMISSION_WEBHOOK_LISTEN would render with a botched type conversion, e.g. "0.0.0.0:%!d(float64=8080)". * [kong] add servicemonitor targetLabels support related to prometheus-operator serviceMonitor CRD capacity to transfer kubernetes service labels to prometheus when using targetLabels spec parameter See https://tinyurl.com/yclly9xx for additional information * [kong] document .env behavior in values.yaml (#163) * [kong] define KONG_PORT_MAPS for the proxy service * [kong] add support for hybrid mode (#160) Add basic support for hybrid mode: * Add a new "cluster" service configuration section, default off. * Add a new cluster service template. * Add a new cluster ingress template. * Update service settings docs in values.yaml to include cluster. * Add Hybrid Mode section to the deployment guides. * Add new hybrid mode examples. * Handle services without http or tls blocks. * [kong] bump Kong image versions * [kong] add non-breaking version info to UPGRADE.md * [kong] release version 1.8.0 * [kong] add Kong Enterprise beta release info * [kong] link Enterprise 2.1 info from README.md * [kong] add support for sidecar containers (#174) * [repo] update references from master to main (#177) * [repo] update references from master to main * [pr] fix broken link Co-authored-by: Michał Flendrich <[email protected]> Co-authored-by: Michał Flendrich <[email protected]> * chore: change links from master to main From #182 * [kong] add example Enterprise DB-less config (#175) * [kong] use bash wait-for-postgres implementation (#179) Replace wait-for-postgres netcat invocation with an equivalent bash script. This removes the dependency for a specific waitImage, which is necessary for environments where busybox is not available (namely in the context of Red Hat certified operators, which must use Red Hat images for all containers). Although this removes the busybox (and netcat) dependency, it does introduce a bash dependency. Because bash is not available on busybox, centos is now the standard waitImage. The bash script uses a static ConfigMap to work around some issues with newline handling in Job declarations. * [kong] fix README service hostname text Fix #184 * [kong] add support for cluster telemetry Add the Enterprise cluster telemetry listen, which handles Vitals data from DP nodes. Update docs to cover cluster telemetry listen. Add missing Deployment port for cluster listen. * [kong] shorten cluster telemetry port name * Update charts/kong/README.md Co-authored-by: Harry <[email protected]> * [kong] release version 1.9.0 Release version 1.9.0 of the Kong chart. This updates the default Enterprise image to 2.1 and removes beta warnings for Enterprise 2.1. As part of the image consolidation, references to the kong-enterprise-k8s image and examples using it have been removed, and UPGRADE.md provides instructions for making the switch to kong-enterprise-edition. * [kong] add support for sidecar containers (#174) * chore: change links from master to main From #182 * [kong] add example Enterprise DB-less config (#175) * [kong] use bash wait-for-postgres implementation (#179) Replace wait-for-postgres netcat invocation with an equivalent bash script. This removes the dependency for a specific waitImage, which is necessary for environments where busybox is not available (namely in the context of Red Hat certified operators, which must use Red Hat images for all containers). Although this removes the busybox (and netcat) dependency, it does introduce a bash dependency. Because bash is not available on busybox, centos is now the standard waitImage. The bash script uses a static ConfigMap to work around some issues with newline handling in Job declarations. * [kong] fix README service hostname text Fix #184 * [kong] add support for cluster telemetry Add the Enterprise cluster telemetry listen, which handles Vitals data from DP nodes. Update docs to cover cluster telemetry listen. Add missing Deployment port for cluster listen. * [kong] shorten cluster telemetry port name * Update charts/kong/README.md Co-authored-by: Harry <[email protected]> * [kong] release version 1.9.0 Release version 1.9.0 of the Kong chart. This updates the default Enterprise image to 2.1 and removes beta warnings for Enterprise 2.1. As part of the image consolidation, references to the kong-enterprise-k8s image and examples using it have been removed, and UPGRADE.md provides instructions for making the switch to kong-enterprise-edition. * [kong] disable CRD installation for CI * [kong] remove crd status from tcpingresses From #188 * [kong] use latest Enterprise version in examples * [kong] release 1.9.1 Release version 1.9.1. This version clarifies upgrade documentation for 1.9.0, and does not include functional changes of its own. * [kong] bump controller to 0.10.0 * [kong] release 1.10.0 * [kong] use policy API for PSP since v1.11 (#195) Signed-off-by: Kevin Lefevre <[email protected]> * [kong] streamline annotation block population (#200) * [kong] add explicit namespace to manifests (#193) * [kong] bump controller to 0.10.0 * [kong] release 1.10.0 * [kong] bump controller default version to 1.0 * [kong] use CONTROLLER_KONG_ADMIN_URL Replace deprecated CONTROLLER_ADMIN_URL with CONTROLLER_KONG_ADMIN_URL. * [kong] use latest CRD manifest from controller * [kong] update changelog and upgrade instructions * [kong] update chart version to 1.11.0 * [kong] fix merge commit errors * [kong] Add custom extra configmaps/secrets (#208) * [kong] bump default kong tag to 2.2 * [kong] add Job-level migration annotations (#219) Add a new migrations.jobAnnotations value. This sets annotations on the Job resources used to run migrations. * [kong] fix autoscaling and replicaCount conflict (#222) * [kong] fix autoscaling and replicaCount conflict Whenever the deployment is updated the number of pods is scaled down to replicaCount, even though autoscaling is enabled. Related issue: kubernetes/kubernetes#25238. * [kong] update doc on replicaCount * docs: tiny formatting fix Co-authored-by: Michał Flendrich <[email protected]> * [kong] increase worker default to 2 Increase the default nginx_worker_processes setting for Kong containers to 2. This addresses latency issues stemming from config updates blocking connection handling. Increase the example memory limit/requests to 256MB. Although these are not enforced by default, the previous example (128MB) was excessively low, even for single-worker deployments. * [kong] create deprecation warning helper Use a helper function to print deprecation warnings in NOTES.txt. This addresses an issue with unwanted extra newlines and hard-wraps warning text automatically. * [kong] bump Enterprise tags to 2.1.4.1 * [kong] release 1.12.0 * Upstream-sync the git way * Upstream sync patch apply * Upstream sync patch apply take 2 * Squashed 'helm/kong-app/' changes from 58800fb..7f040ad 7f040ad [kong] release 1.13.0 b477bac [kong] bump image tags 1b84a37 [kong] clarify HPA requirements (#236) db7aa7d [kong] add nodeSelector to migration Jobs (#238) ebb461b [kong] fix incorrect volume mount 16f4962 [kong] use YAML boolean instead of string c47d357 [kong] Add 'namespace' value (#231) 1188abf [kong] fix v0.12.0 changelog entry title git-subtree-dir: helm/kong-app git-subtree-split: 7f040ad * Squashed 'helm/kong-app/' changes from 7f040ad..7cf812f 7cf812f [kong] clarify documentation 513a87c [kong] simplify leftover socket workaround ace6e63 [kong] release 1.15.0 28760d6 [kong] add workaround for leftover stream socket d4a5571 [kong] bump Kong versions to 2.3 c93729f Merge branch 'main' into next b5e1502 Revert "[kong] readme: pull secrets are not needed anymore since Kong Enterprise 2.3 (#296)" 8c7f782 [kong] readme: pull secrets are not needed anymore since Kong Enterprise 2.3 (#296) efd6c3b [kong] add user-configurable Service labels (#290) 9884bde [kong] able to configure resources for all containers (#294) efb4ef8 [kong] remove duplicate subresources entry from CRDs (#281) f15e9e6 [kong] add helper for image selection 256ab39 [kong] clarify documentation copy 274f511 [kong] condition migration waits on PG sub-chart d6385c9 [kong] fix deployment wait-for-db logic 980556b [kong] default DB waits back on and add mesh FAQ b40a6b8 [kong] re-enable the sidecar injection for Kuma adab2ec [kong] update database README 84a4199 [kong] add missing block to initial migrations 0663499 [kong] use Kong image by default for waitImage ca32ade [kong] disable database waits by default d71a11d Merge branch 'main' into next 976477b [kong] release 1.14.5 f35ea93 Merge branch 'main' into next da39834 [kong] release 1.14.4 cc79e32 [kong] disable Portal service for example ebbd32c [kong] update minimal Enterprise DB-less example bbef990 [kong] support changing terminationGracePeriodSeconds (#271) 98a3e11 [kong] release 1.14.3 5f7be61 [kong] fix legacy proxy ingress yaml indent 7825a9d [kong] Move the end of the {{- else -}} block from line 18 to correct position. This fixes #265. 5c2e90b [kong] release 1.14.2 c68a3fc [kong] default smtp_auth to empty string 94b3c4c [kong] release 1.14.1 9a32ef4 [kong] move end of Kong container block 763b353 [kong] release 1.14.0 1510618 [kong] consolidate Ingress and Service templates (#251) 853be0f [kong] remove default custom server block (#255) 5b27378 [kong] fix migrations.init git-subtree-dir: helm/kong-app git-subtree-split: 7cf812f * Update app charts CHANGELOG.md Co-authored-by: Harry Bagdi <[email protected]> Co-authored-by: Łukasz Tomaszkiewicz <[email protected]> Co-authored-by: Yoel Spotts <[email protected]> Co-authored-by: Travis Raines <[email protected]> Co-authored-by: Pau <[email protected]> Co-authored-by: Yasser Saleemi <[email protected]> Co-authored-by: oscar.lofwenhamn <[email protected]> Co-authored-by: ChethanU <[email protected]> Co-authored-by: Cameron Wood <[email protected]> Co-authored-by: Arthur Burkart <[email protected]> Co-authored-by: Tony Dai <[email protected]> Co-authored-by: Scott Ranger <[email protected]> Co-authored-by: Kevin Lefevre <[email protected]> Co-authored-by: TCShain <[email protected]> Co-authored-by: Wojciech Polus <[email protected]> Co-authored-by: Tam Mach <[email protected]> Co-authored-by: bforbis <[email protected]> Co-authored-by: Austin Cawley-Edwards <[email protected]> Co-authored-by: Peter Rifel <[email protected]> Co-authored-by: Anthony Spring <[email protected]> Co-authored-by: satwant17 <[email protected]> Co-authored-by: Xiao Xiong <[email protected]> Co-authored-by: Franck Labatut <[email protected]> Co-authored-by: Michał Flendrich <[email protected]> Co-authored-by: Michał Flendrich <[email protected]> Co-authored-by: Dylan Semler <[email protected]> Co-authored-by: Kennon Kwok <[email protected]> Co-authored-by: Roman Zhuzha <[email protected]> Co-authored-by: Martin Dostal <[email protected]> Co-authored-by: Mike Menaker <[email protected]> Co-authored-by: Sean Johnson <[email protected]> Co-authored-by: Marco Miglierina <[email protected]>
ubergesundheit
pushed a commit
that referenced
this pull request
Jun 14, 2021
Co-authored-by: github-actions <[email protected]>
ubergesundheit
pushed a commit
that referenced
this pull request
Jun 14, 2021
* import kong's helm chart Kong's Helm chart is copied over from github.com/helm/charts repository at version 0.36.5. The kong chart in `helm/chart` repo is now considered deprecated. * remove postgres chart bundle from repo * kong: release v1 chart version From #2 * correct link to FAQs * docs: update installation instructions to use new repo * kong: fix typo in .Release.Namespace From #5 * kong: add Helm3 CRD support From #10 * kong: fix typos for .Release.Namespace From #18 Close #9 Fix #11 Co-authored-by: Łukasz Tomaszkiewicz <[email protected]> * kong: fix changelog for the last release * kong: refactor env block generation Significantly refactor the generation of Kong container env blocks. Add both user-provided variables and variables generated from other sections of values.yaml to dictionaries, merge the dictionaries to ensure only a single instance of a variable is present, and render the resulting dictionary into an EnvVar block. In addition: * Condense kong.env and kong.final_env back into a single kong.env template. * Remove special-case env generation from kong.wait-for-db and use kong.env to ensure consistent behavior accross all Kong containers. * Add a new kong.no_daemon_env template to disable NGINX daemonization for containers other than wait-for-db. * DRY license, session configuration, and auth configuration templates into a generic "secretkeyref" template. * Add a new case to the renderer for handling templated secretKeyRef blocks. Templates can only generate strings, not string maps, and the quote function condenses multi-line strings onto a single line, so neither of the existing render cases work. The additional renderer relies on the presence of "valueFrom" as a magic string to indicate that it should handle that variable. It cannot handle other multi-line blocks as such. At present (API version 1.17), valueFrom is the only such block suppported by the EnvVar specification. Signed-off-by: Travis Raines <[email protected]> From #4 * missing smtp_admin_emails env and explicit disable of smtp_mock because is on by default. (#21) Signed-off-by: paulopez78 <[email protected]> * kong: update README for 1.1.1 From #23 Signed-off-by: Travis Raines <[email protected]> * [kong] ensure environment variables map is ordered Since we are dealing with maps, there is zero guarantee that the output yaml will be the same between runs. In most cases this is not an issue, but the env map is used by jobs. In this case `spec.template` is immutable and if the env list order changes, it results in a failed upgrade. So in the construction of the map, we ensure (by ordering the list of keys) that it is idempotent. From #29 * [kong] terminate wait-for-postgres if host or port not set The script runs forever and simply prints 'waiting for db' if KONG_PG_HOST or KONG_PG_PORT are not set. Which isn't very helpful. This commit hard fails if either of those environment variables are not set, making it easier and quicker to diagnose problems. As a note, the reason why they may not be set is when a user provides there own database but doesn't set pg_port or pg_host. Additional changes: - Message is slightly more informative, so if connecting takes awhile, the use can see host and port being attempted. - Set the default postgres port From #28 * [kong] Don't recreate service account (#31) Remove the temporary ServiceAccount created via hook during pre-upgrade migrations. This was previously in place to automatically handle users upgrading from a configuration that did not use a ServiceAccount to one that did. However, this temporary account overwrites credentials for the real account if left in the template. Add instructions for temporarily modifying the template to re-add this hook to the FAQ, along with examples of the error that will appear. * [kong] add support for HorizontalPodAutoscaler From #12 * [kong] add warning in docs regarding punctuation in secretVolume names From #25 * [kong] release version 1.2.0 * [kong] fix a typo in HPA v1 template From #45 * kong: add support for sub-directories in plugin code This commit is concerning supporting plugins which require multiple configmaps, which is the case if they require a migrations folder for any relational datastore support they have implemented. From #24 Signed-off-by: Yasser Saleemi <[email protected]> Co-authored-by: Cameron Wood <[email protected]> * [kong] document Helm3 warning From #34 * [kong] allow nodePort to be specified when type LoadBalancer for proxy service This PR introduces ability to specify a custom `nodePort` in values passed to `helm`. Before, the chart would only respect the `nodePort` value if `proxy.type` was set to `NodePort`. Now it also respects `nodePort` for default `proxy.type` of `LoadBalancer`. From #48 * [kong] enable reuseport and http2 on ssl port by default These are not configurable and we will have to add that support in future. From #47 * [kong] remove reuseport from proxy listen Partially revert 14c1d82 by removing reuseport from the proxy listener template. Support for reuseport was initially added in 1.3, and there are a number of older releases in the wild. Deferring this for revised listener templates that allow specifying listen parameters in values.yaml. From #54 * Update README.md to include undocumented parameter * [kong] add support for pod scheduling priority class From #56 Signed-off-by: Kevin Lefevre <[email protected]> * [kong] add FAQ entry for init job upgrade error Add a FAQ entry for the immutable job error that appears when running "helm upgrade" while an old init-migrations job is still present. * [kong] bump up kong to 2.0 * [kong] bump up controller to 0.7.1 * [kong] remove dedicated Portal auth settings * Remove enterprise.portal.portal_auth and enterprise.portal.session_conf_secret from values.yaml. Both can be configured per-workspace in Kong Manager, and providing them via environment variables only provides defaults. The standard default values are fine; Manager will prompt users to create a session configuration if necessary. * Add deprecation warning to NOTES.txt. The chart continues to apply the old settings if present, but warns users that they should remove them or migrate them to env values. * Update README.md with new session instructions. * Clean up some outdated comments from values.yaml and adjust NOTES.txt format a bit. * [kong] reword documentation for Portal auth change * [kong] split CHANGELOG.md from README.md * [kong] release version 1.3.0 * [kong] fix broken newline chomp in NOTES.txt From #66 * [kong] update registry secret documentation * [kong] update registry secret documentation * Update the registry secret documentation to add secrets for both kong-enterprise-k8s and kong-enterprise-edition-docker registries. * Update examples to clarify the credential type and format. * Indicate more clearly that users should use their Bintray API key, which may be different from their Bintray password. * [kong] align registry example with docs site From #65 * [kong] release version 1.3.1 * [kong] fix docs to for default value of installCRDs From #78 * [kong] add upgrade documentation From #74 * [kong] refactor listener templates (#72) Unify listener templates and make them more expressive: * Listener strings are now generated by passing the listener/service configuration block (e.g. "proxy") to the "kong.listen" helper, rather than templating each listen string individually. * The admin listen now uses the same configuration format as other listeners, with default values expressing the standard configuration (no service creation, TLS-only listen). Legacy configuration is still supported, but displays a deprecation warning in NOTES.txt. * Listener configuration now allows specifying listen parameters, rather than hard-coding them into the template (though "ssl" is still hard-coded for TLS listens). To avoid too complicated a configuration change, users are still limited to two listens, HTTP and TLS, rather than being able to freely define listens. * CI tests and README.md now account for the above. * NOTES.txt spacing now tries to more closely adhere to 80-char columns. * Add a "kong.adminLocalURL" helper to generate the local URL for the admin API, for use with the ingress controller. * [kong] add support for annotations on Deployment (#81) * [kong] switch to bitnami's chart repo for postgresql * [kong] clarify Helm 2 vs Helm 3 installation commands * [kong] add support for adding CLI args to Ingress Controller From #79 * [kong] fix appVersion in Chart.yaml It is intentional that patch versions of Kong are not pinned in the chart. * [kong] remove documentation of ghost property of ingressController.replicaCount This used to be a thing when controller and kong were in separate pods, which is not the case anymore. Fix #6 * [kong] update CRDs for Ingress Controller 0.8 release Kong Ingress Controller 0.8 add two new CRDs: TCPIngress and KongClusterPlugin. `tcp` and `tls` are now supported protocols and they are added in here as well. * [kong] add RBAC permissions for controller 0.8 release Kong Ingress Controller 0.8 needs more RBAC permissions to support Knative, cluster-level plugins and TCPIngress capabilities. * [kong] bump up Ingress Controller to 0.8.0 * [kong] introduce `threshold and `path_handling` properties in KongIngress These were introduced in Kong 2.0. * [kong] add strip_path instructions to UPGRADE.md * [kong] release chart version 1.4.0 * [kong] release chart version 1.4.1 Release chart version 1.4.1. This fixes an incorrect code example in the 1.4.0 UPGRADE.md section. * [kong] add 1.4 upgrade info for Postgres subchart (#94) * [kong] add support for annotations on ServiceAccount From #97 * [kong] fix default image tag to 2.0 in readme From #96 * [kong] specify tag info for enterprise images * [kong] add deprecation notices to CHANGELOG.md From #91 * [kong] improve RBAC documentation * Add practical examples to the RBAC section of README.md. * Call out setting an initial super-admin password in the brief Enterprise documentation. * Add RBAC documentation for ingress controller. * Fix several minor formatting issues. From #95 * [kong] add basic envvar config for controller Move the default TLS verify setting out of the controller helper template and into its env block in values.yaml. Add a commented example section for the specifying the controller's admin token. * [kong] migrate controller config to envvars Remove the static command-line arguments from the controller template and replace them with equivalent environment variables. This breaks compatibility with controller versions <0.7. Separate the render section of the existing kong.env template into its own kong.renderEnv template, which is now used for both the Kong and controller container env blocks. * [kong] add default kong_admin_tls_skip_verify Set kong_admin_tls_skip_verify to true by default when generating the controller env block. Although this is now set in the standard values.yaml, since the previous values.yaml set env to the empty object, upgraded instances would default to false unless that section was omitted or updated. The setting in values.yaml will still take precedence if present. * [kong] add support for stream listens (#103) Add support for stream listens as additional proxy ports: * Add values.yaml configuration for stream listens under "proxy". * Add new "kong.singleListen" helper for generating individual listen configurations. Refactor "kong.listen" to use "kong.singleListen". * Add new "kong.streamListen" helper to generate stream listen directives. * De-duplicate listen parameters. * Update deployment and proxy service templates to include stream listen ports. * Add stream listens to CI values. * [kong] rework migration job configuration (#102) * Replace runMigrations with settings for upgrade migrations jobs under a migrations block. * Handle deleting init-migrations jobs automatically. * Add warning for deprecated runMigrations setting. * Add support for job annotations, with default annotations to disable some service mesh sidecars. * Add documentation for managing clusters split across multiple releases. * Update NOTES.txt warnings to reference URLs in the upgrade guide rather than explaining the issue in place. * Fix a newline chomp issue in NOTES.txt. * [kong] add status listen (#107) * Add the status listen, which provides a dedicated status endpoint on versions 1.4+. See Kong/kong@dac9f1a for additional context. * Allow removal of the "parameters" list from listen configuration entirely. This allows making the status listen configuration in values.yaml clearer, as it does not support any parameters. * [kong] add read-only root filesystem option (#104) * Move the PodSecurityPolicy spec out of its template into values.yaml. This allows user control over all PSP settings. * Add "podSecurityPolicy.spec.readOnlyRootFilesystem: true" to values.yaml * [kong] bump example Enterprise tag to 1.5.0.0 * [kong] release 1.5.0 * [kong] correct serviceMonitor.interval docs (#110) The scraping interval is not set in the values.yaml file of the Helm chart. As such, the default scraping interval is used. This is actually 30s and not 10s. See https:/coreos/prometheus-operator/blob/7ebf899f9768ead08ac7af6d59688d642cb8ef9c/pkg/prometheus/promcfg.go#L175-L189 * [kong] remove duplicate `installCRDs` description * [kong] Allow the proxy container's lifecycle hooks to be overridden This commit also adds a `sleep 15` to give other controllers and load balancers to remove Kong from their target list to avoid downtime. From #116 * [kong] disable anonymous reports in CI runs * [kong] bump up ingress controller to 0.8.1 From #118 * [kong] enable kic by default * [kong] add support for adding labels to pods From #121 * [kong] target proxy with ServiceMonitor selector (#112) This commit limits the ServiceMonitor, so it only targets the proxy Service resource instead of both the proxy and the admin Service. * [kong] use internal address for admin API when appropriate (#125) Use 127.0.0.1 as the admin listen address if the admin service is disabled. This is primarily for controller-managed deployments, where the admin API should not be exposed outside the pod (removing it from the deployment ports alone does not prevent this). This changes adds generic support for specifying the listen address, but does not use local listens for other services: generally, the admin API is the only service we expect to encounter a disabled service with enabled listens. If SVC.enabled=false, do not render ports for that service in the deployment template. * [kong] add settings to specify images with a single string (#128) Add a new "unifiedRepoTag" key to image configurations. This contains a complete registry:tag reference to a Docker image, and is used if present. If absent, the standard "repository" and "tag" values are used. This is primarily for compliance with Red Hat's offline operator requirements, and is not intended for general use. It is not documented as such. * kong added smtp poperty auth type and ssl added couple missing properties int eh smtp section of the kong chart * [kong] update commented out enterprise versions * [kong] simplify license secret kubectl command Enterprise users frequently run into problems with the current way the secret is created. The files have extensions which cause problem later on in the deployment and this has taken up a lot of time in debugging several support tickets. The new format makes it clear and avoids problems when the file has an extension or is present in a different directory. * [kong] remove default securityContext * [kong] update CRDs for controller 0.9 * [kong] bump controller to 0.9.0 * [kong] release 1.6.0 * [kong] release 1.6.1 * [kong] add example values.yaml configurations (#134) Add example values.yamls with basic settings for common configurations of Kong and Kong Enterprise. * [kong] add support for controller-only deployments (#136) Add a new top-level `deployment.kong.enabled` setting that controls whether the chart deploys Kong and its associated resources. Setting this to `false` allows users to create controller-only deployments. Allow for CRD-only deployments by setting the above to `false`, `ingressController.enabled` to `false`, and `ingressController.installCRDs` to `true`. * [kong] add example values.yaml configurations (#134) Add example values.yamls with basic settings for common configurations of Kong and Kong Enterprise. * [kong] add support for controller-only deployments (#136) Add a new top-level `deployment.kong.enabled` setting that controls whether the chart deploys Kong and its associated resources. Setting this to `false` allows users to create controller-only deployments. Allow for CRD-only deployments by setting the above to `false`, `ingressController.enabled` to `false`, and `ingressController.installCRDs` to `true`. * [kong] release 1.7.0 * [kong] bump controller to 0.9.1 * [kong] fix admission listen type conversion (#155) Fix issue where CONTROLLER_ADMISSION_WEBHOOK_LISTEN would render with a botched type conversion, e.g. "0.0.0.0:%!d(float64=8080)". * [kong] add servicemonitor targetLabels support related to prometheus-operator serviceMonitor CRD capacity to transfer kubernetes service labels to prometheus when using targetLabels spec parameter See https://tinyurl.com/yclly9xx for additional information * [kong] document .env behavior in values.yaml (#163) * [kong] define KONG_PORT_MAPS for the proxy service * [kong] add support for hybrid mode (#160) Add basic support for hybrid mode: * Add a new "cluster" service configuration section, default off. * Add a new cluster service template. * Add a new cluster ingress template. * Update service settings docs in values.yaml to include cluster. * Add Hybrid Mode section to the deployment guides. * Add new hybrid mode examples. * Handle services without http or tls blocks. * [kong] bump Kong image versions * [kong] add non-breaking version info to UPGRADE.md * [kong] release version 1.8.0 * [kong] add Kong Enterprise beta release info * [kong] link Enterprise 2.1 info from README.md * [kong] add support for sidecar containers (#174) * [repo] update references from master to main (#177) * [repo] update references from master to main * [pr] fix broken link Co-authored-by: Michał Flendrich <[email protected]> Co-authored-by: Michał Flendrich <[email protected]> * chore: change links from master to main From #182 * [kong] add example Enterprise DB-less config (#175) * [kong] use bash wait-for-postgres implementation (#179) Replace wait-for-postgres netcat invocation with an equivalent bash script. This removes the dependency for a specific waitImage, which is necessary for environments where busybox is not available (namely in the context of Red Hat certified operators, which must use Red Hat images for all containers). Although this removes the busybox (and netcat) dependency, it does introduce a bash dependency. Because bash is not available on busybox, centos is now the standard waitImage. The bash script uses a static ConfigMap to work around some issues with newline handling in Job declarations. * [kong] fix README service hostname text Fix #184 * [kong] add support for cluster telemetry Add the Enterprise cluster telemetry listen, which handles Vitals data from DP nodes. Update docs to cover cluster telemetry listen. Add missing Deployment port for cluster listen. * [kong] shorten cluster telemetry port name * Update charts/kong/README.md Co-authored-by: Harry <[email protected]> * [kong] release version 1.9.0 Release version 1.9.0 of the Kong chart. This updates the default Enterprise image to 2.1 and removes beta warnings for Enterprise 2.1. As part of the image consolidation, references to the kong-enterprise-k8s image and examples using it have been removed, and UPGRADE.md provides instructions for making the switch to kong-enterprise-edition. * [kong] add support for sidecar containers (#174) * chore: change links from master to main From #182 * [kong] add example Enterprise DB-less config (#175) * [kong] use bash wait-for-postgres implementation (#179) Replace wait-for-postgres netcat invocation with an equivalent bash script. This removes the dependency for a specific waitImage, which is necessary for environments where busybox is not available (namely in the context of Red Hat certified operators, which must use Red Hat images for all containers). Although this removes the busybox (and netcat) dependency, it does introduce a bash dependency. Because bash is not available on busybox, centos is now the standard waitImage. The bash script uses a static ConfigMap to work around some issues with newline handling in Job declarations. * [kong] fix README service hostname text Fix #184 * [kong] add support for cluster telemetry Add the Enterprise cluster telemetry listen, which handles Vitals data from DP nodes. Update docs to cover cluster telemetry listen. Add missing Deployment port for cluster listen. * [kong] shorten cluster telemetry port name * Update charts/kong/README.md Co-authored-by: Harry <[email protected]> * [kong] release version 1.9.0 Release version 1.9.0 of the Kong chart. This updates the default Enterprise image to 2.1 and removes beta warnings for Enterprise 2.1. As part of the image consolidation, references to the kong-enterprise-k8s image and examples using it have been removed, and UPGRADE.md provides instructions for making the switch to kong-enterprise-edition. * [kong] disable CRD installation for CI * [kong] remove crd status from tcpingresses From #188 * [kong] use latest Enterprise version in examples * [kong] release 1.9.1 Release version 1.9.1. This version clarifies upgrade documentation for 1.9.0, and does not include functional changes of its own. * [kong] bump controller to 0.10.0 * [kong] release 1.10.0 * [kong] use policy API for PSP since v1.11 (#195) Signed-off-by: Kevin Lefevre <[email protected]> * [kong] streamline annotation block population (#200) * [kong] add explicit namespace to manifests (#193) * [kong] bump controller to 0.10.0 * [kong] release 1.10.0 * [kong] bump controller default version to 1.0 * [kong] use CONTROLLER_KONG_ADMIN_URL Replace deprecated CONTROLLER_ADMIN_URL with CONTROLLER_KONG_ADMIN_URL. * [kong] use latest CRD manifest from controller * [kong] update changelog and upgrade instructions * [kong] update chart version to 1.11.0 * [kong] fix merge commit errors * [kong] Add custom extra configmaps/secrets (#208) * [kong] bump default kong tag to 2.2 * [kong] add Job-level migration annotations (#219) Add a new migrations.jobAnnotations value. This sets annotations on the Job resources used to run migrations. * [kong] fix autoscaling and replicaCount conflict (#222) * [kong] fix autoscaling and replicaCount conflict Whenever the deployment is updated the number of pods is scaled down to replicaCount, even though autoscaling is enabled. Related issue: kubernetes/kubernetes#25238. * [kong] update doc on replicaCount * docs: tiny formatting fix Co-authored-by: Michał Flendrich <[email protected]> * [kong] increase worker default to 2 Increase the default nginx_worker_processes setting for Kong containers to 2. This addresses latency issues stemming from config updates blocking connection handling. Increase the example memory limit/requests to 256MB. Although these are not enforced by default, the previous example (128MB) was excessively low, even for single-worker deployments. * [kong] create deprecation warning helper Use a helper function to print deprecation warnings in NOTES.txt. This addresses an issue with unwanted extra newlines and hard-wraps warning text automatically. * [kong] bump Enterprise tags to 2.1.4.1 * [kong] release 1.12.0 * Upstream-sync the git way * Upstream sync patch apply * Upstream sync patch apply take 2 * Squashed 'helm/kong-app/' changes from 58800fb..7f040ad 7f040ad [kong] release 1.13.0 b477bac [kong] bump image tags 1b84a37 [kong] clarify HPA requirements (#236) db7aa7d [kong] add nodeSelector to migration Jobs (#238) ebb461b [kong] fix incorrect volume mount 16f4962 [kong] use YAML boolean instead of string c47d357 [kong] Add 'namespace' value (#231) 1188abf [kong] fix v0.12.0 changelog entry title git-subtree-dir: helm/kong-app git-subtree-split: 7f040ad * Squashed 'helm/kong-app/' changes from 7f040ad..7cf812f 7cf812f [kong] clarify documentation 513a87c [kong] simplify leftover socket workaround ace6e63 [kong] release 1.15.0 28760d6 [kong] add workaround for leftover stream socket d4a5571 [kong] bump Kong versions to 2.3 c93729f Merge branch 'main' into next b5e1502 Revert "[kong] readme: pull secrets are not needed anymore since Kong Enterprise 2.3 (#296)" 8c7f782 [kong] readme: pull secrets are not needed anymore since Kong Enterprise 2.3 (#296) efd6c3b [kong] add user-configurable Service labels (#290) 9884bde [kong] able to configure resources for all containers (#294) efb4ef8 [kong] remove duplicate subresources entry from CRDs (#281) f15e9e6 [kong] add helper for image selection 256ab39 [kong] clarify documentation copy 274f511 [kong] condition migration waits on PG sub-chart d6385c9 [kong] fix deployment wait-for-db logic 980556b [kong] default DB waits back on and add mesh FAQ b40a6b8 [kong] re-enable the sidecar injection for Kuma adab2ec [kong] update database README 84a4199 [kong] add missing block to initial migrations 0663499 [kong] use Kong image by default for waitImage ca32ade [kong] disable database waits by default d71a11d Merge branch 'main' into next 976477b [kong] release 1.14.5 f35ea93 Merge branch 'main' into next da39834 [kong] release 1.14.4 cc79e32 [kong] disable Portal service for example ebbd32c [kong] update minimal Enterprise DB-less example bbef990 [kong] support changing terminationGracePeriodSeconds (#271) 98a3e11 [kong] release 1.14.3 5f7be61 [kong] fix legacy proxy ingress yaml indent 7825a9d [kong] Move the end of the {{- else -}} block from line 18 to correct position. This fixes #265. 5c2e90b [kong] release 1.14.2 c68a3fc [kong] default smtp_auth to empty string 94b3c4c [kong] release 1.14.1 9a32ef4 [kong] move end of Kong container block 763b353 [kong] release 1.14.0 1510618 [kong] consolidate Ingress and Service templates (#251) 853be0f [kong] remove default custom server block (#255) 5b27378 [kong] fix migrations.init git-subtree-dir: helm/kong-app git-subtree-split: 7cf812f * Update app charts CHANGELOG.md Co-authored-by: Harry Bagdi <[email protected]> Co-authored-by: Łukasz Tomaszkiewicz <[email protected]> Co-authored-by: Yoel Spotts <[email protected]> Co-authored-by: Travis Raines <[email protected]> Co-authored-by: Pau <[email protected]> Co-authored-by: Yasser Saleemi <[email protected]> Co-authored-by: oscar.lofwenhamn <[email protected]> Co-authored-by: ChethanU <[email protected]> Co-authored-by: Cameron Wood <[email protected]> Co-authored-by: Arthur Burkart <[email protected]> Co-authored-by: Tony Dai <[email protected]> Co-authored-by: Scott Ranger <[email protected]> Co-authored-by: Kevin Lefevre <[email protected]> Co-authored-by: TCShain <[email protected]> Co-authored-by: Wojciech Polus <[email protected]> Co-authored-by: Tam Mach <[email protected]> Co-authored-by: bforbis <[email protected]> Co-authored-by: Austin Cawley-Edwards <[email protected]> Co-authored-by: Peter Rifel <[email protected]> Co-authored-by: Anthony Spring <[email protected]> Co-authored-by: satwant17 <[email protected]> Co-authored-by: Xiao Xiong <[email protected]> Co-authored-by: Franck Labatut <[email protected]> Co-authored-by: Michał Flendrich <[email protected]> Co-authored-by: Michał Flendrich <[email protected]> Co-authored-by: Dylan Semler <[email protected]> Co-authored-by: Kennon Kwok <[email protected]> Co-authored-by: Roman Zhuzha <[email protected]> Co-authored-by: Martin Dostal <[email protected]> Co-authored-by: Mike Menaker <[email protected]> Co-authored-by: Sean Johnson <[email protected]> Co-authored-by: Marco Miglierina <[email protected]>
ubergesundheit
pushed a commit
that referenced
this pull request
Jun 14, 2021
* Move the PodSecurityPolicy spec out of its template into values.yaml. This allows user control over all PSP settings. * Add "podSecurityPolicy.spec.readOnlyRootFilesystem: true" to values.yaml
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.