Skip to content

Commit

Permalink
Set custom securityContext for import-certs init container. Make affi…
Browse files Browse the repository at this point in the history
…nity independent for Synchrony
  • Loading branch information
Yevhen Ivantsov committed Jan 13, 2025

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
1 parent 95ed993 commit 0db20e1
Showing 25 changed files with 413 additions and 24 deletions.
5 changes: 4 additions & 1 deletion src/main/charts/bamboo/README.md
Original file line number Diff line number Diff line change
@@ -35,7 +35,10 @@ Kubernetes: `>=1.21.x-0`
| bamboo.accessLog.mountPath | string | `"/opt/atlassian/bamboo/logs"` | The path within the Bamboo container where the local-home volume should be mounted in order to capture access logs. |
| bamboo.additionalAnnotations | object | `{}` | Defines additional annotations to the Bamboo StateFulSet. This might be required when deploying using a GitOps approach |
| bamboo.additionalBundledPlugins | list | `[]` | Specifies a list of additional Bamboo plugins that should be added to the Bamboo container. Note plugins installed via this method will appear as bundled plugins rather than user plugins. These should be specified in the same manner as the 'additionalLibraries' property. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ NOTE: only .jar files can be loaded using this approach. OBR's can be extracted (unzipped) to access the associated .jar An alternative to this method is to install the plugins via "Manage Apps" in the product system administration UI. |
| bamboo.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":[],"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates |
| bamboo.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{},"securityContext":{}},"secretList":[],"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates |
| bamboo.additionalCertificates.customCmd | string | `nil` | Custom command to be executed in the init container to import certificates |
| bamboo.additionalCertificates.initContainer.resources | object | `{}` | Resources allocated to the import-certs init container |
| bamboo.additionalCertificates.initContainer.securityContext | object | `{}` | Custom SecurityContext for the import-certs init container |
| bamboo.additionalCertificates.secretList | list | `[]` | A list of secrets with their respective keys holding certificates to be added to the Java truststore. It is mandatory to specify which keys from secret data need to be mounted as files to the init container. |
| bamboo.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList. |
| bamboo.additionalEnvironmentVariables | list | `[]` | Defines any additional environment variables to be passed to the Bamboo container. See https://hub.docker.com/r/atlassian/bamboo for supported variables. |
4 changes: 4 additions & 0 deletions src/main/charts/bamboo/templates/statefulset.yaml
Original file line number Diff line number Diff line change
@@ -104,6 +104,10 @@ spec:
{{- with .Values.bamboo.additionalCertificates.initContainer.resources }}
{{- toYaml . | nindent 12 }}
{{- end }}
securityContext:
{{- with .Values.bamboo.additionalCertificates.initContainer.securityContext }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
containers:
- name: {{ if .Values.bamboo.useHelmReleaseNameAsContainerName}}{{ include "common.names.fullname" . }}{{ else }}{{ .Chart.Name }}{{ end }}
10 changes: 10 additions & 0 deletions src/main/charts/bamboo/values.yaml
Original file line number Diff line number Diff line change
@@ -1004,9 +1004,19 @@ bamboo:
#- name: stg-intermediate
# keys:
# - stg.crt

# -- Custom command to be executed in the init container to import certificates
#
customCmd:

initContainer:
# -- Resources allocated to the import-certs init container
#

resources: {}
# -- Custom SecurityContext for the import-certs init container
#
securityContext: {}

# Monitoring
#
10 changes: 8 additions & 2 deletions src/main/charts/bitbucket/README.md
Original file line number Diff line number Diff line change
@@ -35,7 +35,10 @@ Kubernetes: `>=1.21.x-0`
| atlassianAnalyticsAndSupport.helmValues.enabled | bool | `true` | Mount ConfigMap with selected Helm chart values as a YAML file which can be optionally including to support.zip |
| bitbucket.additionalAnnotations | object | `{}` | Defines additional annotations to the Bitbucket StateFulSet. This might be required when deploying using a GitOps approach |
| bitbucket.additionalBundledPlugins | list | `[]` | Specifies a list of additional Bitbucket plugins that should be added to the Bitbucket container. Note plugins installed via this method will appear as bundled plugins rather than user plugins. These should be specified in the same manner as the 'additionalLibraries' property. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ NOTE: only .jar files can be loaded using this approach. OBR's can be extracted (unzipped) to access the associated .jar An alternative to this method is to install the plugins via "Manage Apps" in the product system administration UI. |
| bitbucket.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":[],"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates |
| bitbucket.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{},"securityContext":{}},"secretList":[],"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates |
| bitbucket.additionalCertificates.customCmd | string | `nil` | Custom command to be executed in the init container to import certificates |
| bitbucket.additionalCertificates.initContainer.resources | object | `{}` | Resources allocated to the import-certs init container |
| bitbucket.additionalCertificates.initContainer.securityContext | object | `{}` | Custom SecurityContext for the import-certs init container |
| bitbucket.additionalCertificates.secretList | list | `[]` | A list of secrets with their respective keys holding certificates to be added to the Java truststore. It is mandatory to specify which keys from secret data need to be mounted as files to the init container. |
| bitbucket.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList. |
| bitbucket.additionalEnvironmentVariables | list | `[]` | Defines any additional environment variables to be passed to the Bitbucket container. See https://hub.docker.com/r/atlassian/bitbucket for supported variables. |
@@ -68,7 +71,10 @@ Kubernetes: `>=1.21.x-0`
| bitbucket.livenessProbe.periodSeconds | int | `5` | How often (in seconds) the Bitbucket container liveness probe will run |
| bitbucket.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the probe times out |
| bitbucket.mesh.additionalAnnotations | object | `{}` | Defines additional annotations to the Bitbucket Mesh StateFulSet. This might be required when deploying using a GitOps approach |
| bitbucket.mesh.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":[],"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates |
| bitbucket.mesh.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{},"securityContext":{}},"secretList":[],"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates |
| bitbucket.mesh.additionalCertificates.customCmd | string | `nil` | Custom command to be executed in the init container to import certificates |
| bitbucket.mesh.additionalCertificates.initContainer.resources | object | `{}` | Resources allocated to the import-certs init container |
| bitbucket.mesh.additionalCertificates.initContainer.securityContext | object | `{}` | Custom SecurityContext for the import-certs init container |
| bitbucket.mesh.additionalCertificates.secretList | list | `[]` | A list of secrets with their respective keys holding certificates to be added to the Java truststore. It is mandatory to specify which keys from secret data need to be mounted as files to the init container. |
| bitbucket.mesh.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList. |
| bitbucket.mesh.additionalEnvironmentVariables | object | `{}` | Defines any additional environment variables to be passed to the Bitbucket mesh containers. |
4 changes: 4 additions & 0 deletions src/main/charts/bitbucket/templates/statefulset-mesh.yaml
Original file line number Diff line number Diff line change
@@ -93,6 +93,10 @@ spec:
{{- with .Values.bitbucket.mesh.additionalCertificates.initContainer.resources }}
{{- toYaml . | nindent 12 }}
{{- end }}
securityContext:
{{- with .Values.bitbucket.mesh.additionalCertificates.initContainer.securityContext }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
containers:
- name: {{ if .Values.bitbucket.useHelmReleaseNameAsContainerName}}{{ include "common.names.fullname" . }}-mesh{{ else }}{{ .Chart.Name }}-mesh{{ end }}
4 changes: 4 additions & 0 deletions src/main/charts/bitbucket/templates/statefulset.yaml
Original file line number Diff line number Diff line change
@@ -116,6 +116,10 @@ spec:
{{- with .Values.bitbucket.additionalCertificates.initContainer.resources }}
{{- toYaml . | nindent 12 }}
{{- end }}
securityContext:
{{- with .Values.bitbucket.additionalCertificates.initContainer.securityContext }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
containers:
- name: {{ if .Values.bitbucket.useHelmReleaseNameAsContainerName}}{{ include "common.names.fullname" . }}{{ else }}{{ .Chart.Name }}{{ end }}
20 changes: 20 additions & 0 deletions src/main/charts/bitbucket/values.yaml
Original file line number Diff line number Diff line change
@@ -1158,9 +1158,19 @@ bitbucket:
#- name: stg-intermediate
# keys:
# - stg.crt

# -- Custom command to be executed in the init container to import certificates
#
customCmd:

initContainer:
# -- Resources allocated to the import-certs init container
#

resources: {}
# -- Custom SecurityContext for the import-certs init container
#
securityContext: {}
# -- Specifies a list of additional arguments that can be passed to the Bitbucket JVM, e.g.
# system properties.
#
@@ -1257,9 +1267,19 @@ bitbucket:
#- name: stg-intermediate
# keys:
# - stg.crt

# -- Custom command to be executed in the init container to import certificates
#
customCmd:

initContainer:
# -- Resources allocated to the import-certs init container
#

resources: {}
# -- Custom SecurityContext for the import-certs init container
#
securityContext: {}

# Monitoring
#
Loading

0 comments on commit 0db20e1

Please sign in to comment.