diff --git a/couchdb/Chart.yaml b/couchdb/Chart.yaml index e04d936..01b4e57 100644 --- a/couchdb/Chart.yaml +++ b/couchdb/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: couchdb -version: 4.4.5 +version: 4.5.0 appVersion: 3.3.2 description: A database featuring seamless multi-master sync, that scales from big data to mobile, with an intuitive HTTP/JSON API and designed for diff --git a/couchdb/NEWS.md b/couchdb/NEWS.md index baab199..1c1e95a 100644 --- a/couchdb/NEWS.md +++ b/couchdb/NEWS.md @@ -1,5 +1,9 @@ # NEWS +## 4.5.0 + +- Add capability to set pod and container level securityContext settings. + ## 4.4.1 - Add possibility to customize `service.targetPort` from values. Set default to 5984. diff --git a/couchdb/README.md b/couchdb/README.md index a0b8690..32e8e52 100644 --- a/couchdb/README.md +++ b/couchdb/README.md @@ -1,6 +1,6 @@ # CouchDB -![Version: 4.4.1](https://img.shields.io/badge/Version-4.4.1-informational?style=flat-square) ![AppVersion: 3.3.2](https://img.shields.io/badge/AppVersion-3.3.2-informational?style=flat-square) +![Version: 4.5.0](https://img.shields.io/badge/Version-4.5.0-informational?style=flat-square) ![AppVersion: 3.3.2](https://img.shields.io/badge/AppVersion-3.3.2-informational?style=flat-square) Apache CouchDB is a database featuring seamless multi-master sync, that scales from big data to mobile, with an intuitive HTTP/JSON API and designed for @@ -18,7 +18,7 @@ storage volumes to each Pod in the Deployment. ```bash $ helm repo add couchdb https://apache.github.io/couchdb-helm $ helm install couchdb/couchdb \ - --version=4.4.1 \ + --version=4.5.0 \ --set allowAdminParty=true \ --set couchdbConfig.couchdb.uuid=$(curl https://www.uuidgenerator.net/api/version4 2>/dev/null | tr -d -) ``` @@ -44,7 +44,7 @@ Afterwards install the chart replacing the UUID ```bash $ helm install \ --name my-release \ - --version=4.4.1 \ + --version=4.5.0 \ --set couchdbConfig.couchdb.uuid=decafbaddecafbaddecafbaddecafbad \ couchdb/couchdb ``` @@ -78,7 +78,7 @@ and then install the chart while overriding the `createAdminSecret` setting: ```bash $ helm install \ --name my-release \ - --version=4.4.1 \ + --version=4.5.0 \ --set createAdminSecret=false \ --set couchdbConfig.couchdb.uuid=decafbaddecafbaddecafbaddecafbad \ couchdb/couchdb @@ -133,7 +133,7 @@ version semantics. You can upgrade directly from `stable/couchdb` to this chart ```bash $ helm repo add couchdb https://apache.github.io/couchdb-helm -$ helm upgrade my-release --version=4.4.1 couchdb/couchdb +$ helm upgrade my-release --version=4.5.0 couchdb/couchdb ``` ## Configuration @@ -239,6 +239,8 @@ A variety of other parameters are also configurable. See the comments in the | `placementConfig.enabled` | false | | `placementConfig.image.repository` | caligrafix/couchdb-autoscaler-placement-manager | | `placementConfig.image.tag` | 0.1.0 | +| `podSecurityContext` | | +| `containerSecurityContext` | | ## Feedback, Issues, Contributing diff --git a/couchdb/README.md.gotmpl b/couchdb/README.md.gotmpl index b8de044..9df26cd 100644 --- a/couchdb/README.md.gotmpl +++ b/couchdb/README.md.gotmpl @@ -223,6 +223,8 @@ A variety of other parameters are also configurable. See the comments in the | `placementConfig.enabled` | false | | `placementConfig.image.repository` | caligrafix/couchdb-autoscaler-placement-manager | | `placementConfig.image.tag` | 0.1.0 | +| `podSecurityContext` | | +| `containerSecurityContext | | ## Feedback, Issues, Contributing diff --git a/couchdb/templates/job.yaml b/couchdb/templates/job.yaml index 174e3ed..544955b 100644 --- a/couchdb/templates/job.yaml +++ b/couchdb/templates/job.yaml @@ -21,6 +21,9 @@ spec: helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} spec: restartPolicy: OnFailure + {{- if .Values.podSecurityContext }} + securityContext: {{ .Values.podSecurityContext | toYaml | nindent 8 }} + {{- end }} containers: - name: cluster-setup image: {{ .Values.autoSetup.image.repository }}:{{ .Values.autoSetup.image.tag }} @@ -44,6 +47,9 @@ spec: secretKeyRef: name: {{ template "couchdb.fullname" . }} key: adminPassword + {{- if .Values.containerSecurityContext }} + securityContext: {{ .Values.containerSecurityContext | toYaml | nindent 12 }} + {{- end }} backoffLimit: 2 ttlSecondsAfterFinished: 600 {{- end -}} diff --git a/couchdb/templates/placementmanager.yaml b/couchdb/templates/placementmanager.yaml index b77d723..3e2f511 100644 --- a/couchdb/templates/placementmanager.yaml +++ b/couchdb/templates/placementmanager.yaml @@ -24,6 +24,9 @@ spec: helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} spec: restartPolicy: OnFailure + {{- if .Values.podSecurityContext }} + securityContext: {{ .Values.podSecurityContext | toYaml | nindent 8 }} + {{- end }} containers: - name: placement-tagging-job image: {{ .Values.placementConfig.image.repository }}:{{ .Values.placementConfig.image.tag }} @@ -41,4 +44,7 @@ spec: value: {{ template "couchdb.svcname" . }} - name: COUCHDB_PORT value: {{ .Values.service.externalPort | quote }} + {{- if .Values.containerSecurityContext }} + securityContext: {{ .Values.containerSecurityContext | toYaml | nindent 10 }} + {{- end }} {{- end -}} diff --git a/couchdb/templates/statefulset.yaml b/couchdb/templates/statefulset.yaml index f5c93bd..619a46d 100644 --- a/couchdb/templates/statefulset.yaml +++ b/couchdb/templates/statefulset.yaml @@ -31,6 +31,9 @@ spec: {{- if .Values.schedulerName }} schedulerName: "{{ .Values.schedulerName }}" {{- end }} + {{- if .Values.podSecurityContext }} + securityContext: {{ .Values.podSecurityContext | toYaml | nindent 8 }} + {{- end }} {{- if .Values.serviceAccount.enabled }} serviceAccountName: {{ template "couchdb.serviceAccount" . }} {{- end }} @@ -51,6 +54,9 @@ spec: mountPath: /tmp/ - name: config-storage mountPath: /default.d + {{- if .Values.containerSecurityContext }} + securityContext: {{ .Values.containerSecurityContext | toYaml | nindent 12 }} + {{- end }} resources: {{ toYaml .Values.initResources | indent 12 }} {{- if .Values.adminHash }} @@ -72,6 +78,9 @@ spec: volumeMounts: - name: local-config-storage mountPath: /local.d + {{- if .Values.containerSecurityContext }} + securityContext: {{ .Values.containerSecurityContext | toYaml | nindent 12 }} + {{- end }} resources: {{ toYaml .Values.initResources | indent 12 }} {{- end }} @@ -163,6 +172,9 @@ spec: {{- end }} - name: database-storage mountPath: /opt/couchdb/data + {{- if .Values.containerSecurityContext }} + securityContext: {{ .Values.containerSecurityContext | toYaml | nindent 12 }} + {{- end }} {{- if .Values.enableSearch }} - name: clouseau image: "{{ .Values.searchImage.repository }}:{{ .Values.searchImage.tag }}" @@ -170,6 +182,9 @@ spec: volumeMounts: - name: database-storage mountPath: /opt/couchdb-search/data + {{- if .Values.containerSecurityContext }} + securityContext: {{ .Values.containerSecurityContext | toYaml | nindent 12 }} + {{- end }} {{- end }} {{- if .Values.sidecars }} {{ toYaml .Values.sidecars | indent 8}}