Set custom securityContext for import-certs init container. Make affi…

…nity independent for Synchrony
atlassian · Jan 13, 2025 · 0db20e1 · 0db20e1
1 parent 95ed993
commit 0db20e1
Showing 25 changed files with 413 additions and 24 deletions.
diff --git a/src/main/charts/bamboo/README.md b/src/main/charts/bamboo/README.md
@@ -35,7 +35,10 @@ Kubernetes: `>=1.21.x-0`
 | bamboo.accessLog.mountPath | string | `"/opt/atlassian/bamboo/logs"` | The path within the Bamboo container where the local-home volume should be mounted in order to capture access logs.  |
 | bamboo.additionalAnnotations | object | `{}` | Defines additional annotations to the Bamboo StateFulSet. This might be required when deploying using a GitOps approach |
 | bamboo.additionalBundledPlugins | list | `[]` | Specifies a list of additional Bamboo plugins that should be added to the Bamboo container. Note plugins installed via this method will appear as bundled plugins rather than user plugins. These should be specified in the same manner as the 'additionalLibraries' property. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/  NOTE: only .jar files can be loaded using this approach. OBR's can be extracted (unzipped) to access the associated .jar  An alternative to this method is to install the plugins via "Manage Apps" in the product system administration UI.  |
-| bamboo.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":[],"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates  |
+| bamboo.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{},"securityContext":{}},"secretList":[],"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates  |
+| bamboo.additionalCertificates.customCmd | string | `nil` | Custom command to be executed in the init container to import certificates  |
+| bamboo.additionalCertificates.initContainer.resources | object | `{}` | Resources allocated to the import-certs init container  |
+| bamboo.additionalCertificates.initContainer.securityContext | object | `{}` | Custom SecurityContext for the import-certs init container  |
 | bamboo.additionalCertificates.secretList | list | `[]` | A list of secrets with their respective keys holding certificates to be added to the Java truststore. It is mandatory to specify which keys from secret data need to be mounted as files to the init container.  |
 | bamboo.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList.  |
 | bamboo.additionalEnvironmentVariables | list | `[]` | Defines any additional environment variables to be passed to the Bamboo container. See https://hub.docker.com/r/atlassian/bamboo for supported variables.  |

diff --git a/src/main/charts/bamboo/templates/statefulset.yaml b/src/main/charts/bamboo/templates/statefulset.yaml
@@ -104,6 +104,10 @@ spec:
           {{- with .Values.bamboo.additionalCertificates.initContainer.resources }}
           {{- toYaml . | nindent 12 }}
           {{- end }}
+          securityContext:
+          {{- with .Values.bamboo.additionalCertificates.initContainer.securityContext }}
+          {{- toYaml . | nindent 12 }}
+          {{- end }}
         {{- end }}
       containers:
         - name: {{ if .Values.bamboo.useHelmReleaseNameAsContainerName}}{{ include "common.names.fullname" . }}{{ else }}{{ .Chart.Name }}{{ end }}

diff --git a/src/main/charts/bamboo/values.yaml b/src/main/charts/bamboo/values.yaml
@@ -1004,9 +1004,19 @@ bamboo:
     #- name: stg-intermediate
     #  keys:
     #    - stg.crt
+
+    # -- Custom command to be executed in the init container to import certificates
+    #
     customCmd:
+
     initContainer:
+      # -- Resources allocated to the import-certs init container
+      #
+
       resources: {}
+      # -- Custom SecurityContext for the import-certs init container
+      #
+      securityContext: {}
 
 # Monitoring
 #

diff --git a/src/main/charts/bitbucket/README.md b/src/main/charts/bitbucket/README.md
@@ -35,7 +35,10 @@ Kubernetes: `>=1.21.x-0`
 | atlassianAnalyticsAndSupport.helmValues.enabled | bool | `true` | Mount ConfigMap with selected Helm chart values as a YAML file which can be optionally including to support.zip  |
 | bitbucket.additionalAnnotations | object | `{}` | Defines additional annotations to the Bitbucket StateFulSet. This might be required when deploying using a GitOps approach |
 | bitbucket.additionalBundledPlugins | list | `[]` | Specifies a list of additional Bitbucket plugins that should be added to the Bitbucket container. Note plugins installed via this method will appear as bundled plugins rather than user plugins. These should be specified in the same manner as the 'additionalLibraries' property. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/  NOTE: only .jar files can be loaded using this approach. OBR's can be extracted (unzipped) to access the associated .jar  An alternative to this method is to install the plugins via "Manage Apps" in the product system administration UI.  |
-| bitbucket.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":[],"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates  |
+| bitbucket.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{},"securityContext":{}},"secretList":[],"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates  |
+| bitbucket.additionalCertificates.customCmd | string | `nil` | Custom command to be executed in the init container to import certificates  |
+| bitbucket.additionalCertificates.initContainer.resources | object | `{}` | Resources allocated to the import-certs init container  |
+| bitbucket.additionalCertificates.initContainer.securityContext | object | `{}` | Custom SecurityContext for the import-certs init container  |
 | bitbucket.additionalCertificates.secretList | list | `[]` | A list of secrets with their respective keys holding certificates to be added to the Java truststore. It is mandatory to specify which keys from secret data need to be mounted as files to the init container.  |
 | bitbucket.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList.  |
 | bitbucket.additionalEnvironmentVariables | list | `[]` | Defines any additional environment variables to be passed to the Bitbucket container. See https://hub.docker.com/r/atlassian/bitbucket for supported variables.  |
@@ -68,7 +71,10 @@ Kubernetes: `>=1.21.x-0`
 | bitbucket.livenessProbe.periodSeconds | int | `5` | How often (in seconds) the Bitbucket container liveness probe will run  |
 | bitbucket.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the probe times out  |
 | bitbucket.mesh.additionalAnnotations | object | `{}` | Defines additional annotations to the Bitbucket Mesh StateFulSet. This might be required when deploying using a GitOps approach |
-| bitbucket.mesh.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":[],"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates  |
+| bitbucket.mesh.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{},"securityContext":{}},"secretList":[],"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates  |
+| bitbucket.mesh.additionalCertificates.customCmd | string | `nil` | Custom command to be executed in the init container to import certificates  |
+| bitbucket.mesh.additionalCertificates.initContainer.resources | object | `{}` | Resources allocated to the import-certs init container  |
+| bitbucket.mesh.additionalCertificates.initContainer.securityContext | object | `{}` | Custom SecurityContext for the import-certs init container  |
 | bitbucket.mesh.additionalCertificates.secretList | list | `[]` | A list of secrets with their respective keys holding certificates to be added to the Java truststore. It is mandatory to specify which keys from secret data need to be mounted as files to the init container.  |
 | bitbucket.mesh.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList.  |
 | bitbucket.mesh.additionalEnvironmentVariables | object | `{}` | Defines any additional environment variables to be passed to the Bitbucket mesh containers.  |

diff --git a/src/main/charts/bitbucket/templates/statefulset-mesh.yaml b/src/main/charts/bitbucket/templates/statefulset-mesh.yaml
@@ -93,6 +93,10 @@ spec:
           {{- with .Values.bitbucket.mesh.additionalCertificates.initContainer.resources }}
           {{- toYaml . | nindent 12 }}
           {{- end }}
+          securityContext:
+          {{- with .Values.bitbucket.mesh.additionalCertificates.initContainer.securityContext }}
+          {{- toYaml . | nindent 12 }}
+          {{- end }}
         {{- end }}
       containers:
         - name: {{ if .Values.bitbucket.useHelmReleaseNameAsContainerName}}{{ include "common.names.fullname" . }}-mesh{{ else }}{{ .Chart.Name }}-mesh{{ end }}

diff --git a/src/main/charts/bitbucket/templates/statefulset.yaml b/src/main/charts/bitbucket/templates/statefulset.yaml
@@ -116,6 +116,10 @@ spec:
           {{- with .Values.bitbucket.additionalCertificates.initContainer.resources }}
           {{- toYaml . | nindent 12 }}
           {{- end }}
+          securityContext:
+          {{- with .Values.bitbucket.additionalCertificates.initContainer.securityContext }}
+          {{- toYaml . | nindent 12 }}
+          {{- end }}
         {{- end }}
       containers:
         - name: {{ if .Values.bitbucket.useHelmReleaseNameAsContainerName}}{{ include "common.names.fullname" . }}{{ else }}{{ .Chart.Name }}{{ end }}

diff --git a/src/main/charts/bitbucket/values.yaml b/src/main/charts/bitbucket/values.yaml
@@ -1158,9 +1158,19 @@ bitbucket:
       #- name: stg-intermediate
       #  keys:
       #    - stg.crt
+
+      # -- Custom command to be executed in the init container to import certificates
+      #
       customCmd:
+
       initContainer:
+        # -- Resources allocated to the import-certs init container
+        #
+
         resources: {}
+        # -- Custom SecurityContext for the import-certs init container
+        #
+        securityContext: {}
   # -- Specifies a list of additional arguments that can be passed to the Bitbucket JVM, e.g.
   # system properties.
   #
@@ -1257,9 +1267,19 @@ bitbucket:
     #- name: stg-intermediate
     #  keys:
     #    - stg.crt
+
+    # -- Custom command to be executed in the init container to import certificates
+    #
     customCmd:
+
     initContainer:
+      # -- Resources allocated to the import-certs init container
+      #
+
       resources: {}
+      # -- Custom SecurityContext for the import-certs init container
+      #
+      securityContext: {}
 
 # Monitoring
 #