From f0a7490abef4c19b3d3ed9e6e96842b7ba95af92 Mon Sep 17 00:00:00 2001 From: Michael Kriese Date: Tue, 19 Mar 2024 14:11:02 +0100 Subject: [PATCH] fix: wrong deployments (#472) --- helm-charts/mend-renovate-ce/Chart.yaml | 2 +- .../mend-renovate-ce/templates/deployment.yaml | 12 ++++++------ helm-charts/mend-renovate-ee/Chart.yaml | 2 +- .../templates/server-deployment.yaml | 4 ++-- .../templates/worker-deployment.yaml | 4 ++-- helm-charts/mend-renovate-ee/values.yaml | 13 +++++++++++++ 6 files changed, 25 insertions(+), 12 deletions(-) diff --git a/helm-charts/mend-renovate-ce/Chart.yaml b/helm-charts/mend-renovate-ce/Chart.yaml index 5ba8cc9a..28433ca6 100644 --- a/helm-charts/mend-renovate-ce/Chart.yaml +++ b/helm-charts/mend-renovate-ce/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: mend-renovate-ce -version: 6.11.0 +version: 6.11.1 appVersion: 6.11.0 description: Mend Renovate Community Edition home: https://github.com/mend/renovate-ce-ee diff --git a/helm-charts/mend-renovate-ce/templates/deployment.yaml b/helm-charts/mend-renovate-ce/templates/deployment.yaml index a364c56e..f8efd254 100644 --- a/helm-charts/mend-renovate-ce/templates/deployment.yaml +++ b/helm-charts/mend-renovate-ce/templates/deployment.yaml @@ -101,7 +101,7 @@ spec: - name: MEND_RNV_BITBUCKET_PAT valueFrom: secretKeyRef: - name: {{ include "mend-renovate.server-secret-name" . }} + name: {{ include "mend-renovate.secret-name" . }} key: mendRnvBitbucketPat optional: true {{- end }} @@ -122,7 +122,7 @@ spec: - name: PGPASSWORD valueFrom: secretKeyRef: - name: {{ include "mend-renovate.server-secret-name" . }} + name: {{ include "mend-renovate.secret-name" . }} key: pgPassword optional: true {{- end }} @@ -131,7 +131,7 @@ spec: - name: MEND_RNV_ADMIN_TOKEN valueFrom: secretKeyRef: - name: {{ include "mend-renovate.server-secret-name" . }} + name: {{ include "mend-renovate.secret-name" . }} key: mendRnvAdminToken optional: true {{- end }} @@ -262,10 +262,10 @@ spec: {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} - {{- if $.Values.imagePullSecrets }} - imagePullSecrets: - - name: {{ $.Values.imagePullSecrets }} {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + - name: {{ .Values.imagePullSecrets }} {{- end }} volumes: - name: {{ .Release.Name }}-config-js-volume diff --git a/helm-charts/mend-renovate-ee/Chart.yaml b/helm-charts/mend-renovate-ee/Chart.yaml index 41104f07..6f23203e 100644 --- a/helm-charts/mend-renovate-ee/Chart.yaml +++ b/helm-charts/mend-renovate-ee/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: mend-renovate-enterprise-edition -version: 0.6.0 +version: 0.7.0 appVersion: 6.11.0 description: Mend Renovate Enterprise Edition home: https://github.com/mend/renovate-ce-ee diff --git a/helm-charts/mend-renovate-ee/templates/server-deployment.yaml b/helm-charts/mend-renovate-ee/templates/server-deployment.yaml index 53133c34..2f281b93 100644 --- a/helm-charts/mend-renovate-ee/templates/server-deployment.yaml +++ b/helm-charts/mend-renovate-ee/templates/server-deployment.yaml @@ -39,7 +39,7 @@ spec: - name: {{ .Chart.Name }}-server image: "{{ .Values.renovateServer.image.repository }}:{{ .Values.renovateServer.image.tag }}" imagePullPolicy: {{ .Values.renovateServer.image.pullPolicy }} - {{- with .Values.containerSecurityContext }} + {{- with .Values.renovateServer.containerSecurityContext }} securityContext: {{- toYaml . | nindent 12 }} {{- end }} env: @@ -224,11 +224,11 @@ spec: {{- with .Values.renovateServer.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} + {{- end }} {{- if .Values.renovateServer.imagePullSecrets }} imagePullSecrets: - name: .Values.renovateServer.imagePullSecrets {{- end }} - {{- end }} volumes: - name: {{ .Release.Name }}-database-volume {{- if .Values.dataPersistence.enabled }} diff --git a/helm-charts/mend-renovate-ee/templates/worker-deployment.yaml b/helm-charts/mend-renovate-ee/templates/worker-deployment.yaml index 99937414..b9219273 100644 --- a/helm-charts/mend-renovate-ee/templates/worker-deployment.yaml +++ b/helm-charts/mend-renovate-ee/templates/worker-deployment.yaml @@ -37,7 +37,7 @@ spec: - name: {{ .Chart.Name }}-worker image: "{{ .Values.renovateWorker.image.repository }}:{{ .Values.renovateWorker.image.tag }}" imagePullPolicy: {{ .Values.renovateWorker.image.pullPolicy }} - {{- with .Values.containerSecurityContext }} + {{- with .Values.renovateServer.containerSecurityContext }} securityContext: {{- toYaml . | nindent 12 }} {{- end }} env: @@ -124,11 +124,11 @@ spec: {{- with .Values.renovateWorker.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} + {{- end }} {{- if .Values.renovateWorker.imagePullSecrets }} imagePullSecrets: - name: .Values.renovateWorker.imagePullSecrets {{- end }} - {{- end }} volumes: - name: {{ .Release.Name }}-config-js-volume configMap: diff --git a/helm-charts/mend-renovate-ee/values.yaml b/helm-charts/mend-renovate-ee/values.yaml index d5cf4a4c..7ed7efe4 100644 --- a/helm-charts/mend-renovate-ee/values.yaml +++ b/helm-charts/mend-renovate-ee/values.yaml @@ -256,6 +256,19 @@ renovateWorker: affinity: {} + + podSecurityContext: {} + # runAsNonRoot: true + # seccompProfile: + # type: RuntimeDefault + + containerSecurityContext: {} + # allowPrivilegeEscalation: false + # readOnlyRootFilesystem: true + # capabilities: + # drop: + # - ALL + # name of the image pull secret imagePullSecrets: ""