diff --git a/class/defaults.yml b/class/defaults.yml index fdc78cb9..24db6663 100644 --- a/class/defaults.yml +++ b/class/defaults.yml @@ -62,7 +62,7 @@ parameters: version: v2.2.2 postgresql: source: https://charts.bitnami.com/bitnami - version: v12.5.6 + version: 12.12.4 # FQDN should be overwritten on the cluster level fqdn: keycloak.example.com # Disables dynamically resolving the hostname from request headers. diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/networkpolicy.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/networkpolicy.yaml index 42bab512..52138be0 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/networkpolicy.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/networkpolicy.yaml @@ -6,7 +6,8 @@ metadata: app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-12.5.6 + app.kubernetes.io/version: 15.4.0 + helm.sh/chart: postgresql-12.12.4 name: keycloak-postgresql-ingress namespace: syn-builtin spec: diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/statefulset.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/statefulset.yaml index 86ca17c2..7690059e 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/statefulset.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/statefulset.yaml @@ -2,11 +2,12 @@ apiVersion: apps/v1 kind: StatefulSet metadata: labels: - app.kubernetes.io/component: keycloak + app.kubernetes.io/component: primary app.kubernetes.io/instance: builtin app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - helm.sh/chart: postgresql-12.5.6 + app.kubernetes.io/version: 15.4.0 + helm.sh/chart: postgresql-12.12.4 name: keycloak-postgresql namespace: syn-builtin spec: @@ -28,7 +29,8 @@ spec: app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-12.5.6 + app.kubernetes.io/version: 15.4.0 + helm.sh/chart: postgresql-12.12.4 name: keycloak-postgresql spec: affinity: @@ -56,17 +58,17 @@ spec: value: /bitnami/postgresql/data - name: POSTGRES_USER value: keycloak - - name: POSTGRES_POSTGRES_PASSWORD + - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - key: postgres-password + key: password name: keycloak-postgresql - - name: POSTGRES_PASSWORD + - name: POSTGRES_POSTGRES_PASSWORD valueFrom: secretKeyRef: - key: password + key: postgres-password name: keycloak-postgresql - - name: POSTGRES_DB + - name: POSTGRES_DATABASE value: keycloak - name: POSTGRESQL_ENABLE_LDAP value: 'no' @@ -128,7 +130,15 @@ spec: cpu: 250m memory: 256Mi securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 0 + runAsNonRoot: true runAsUser: 1001 + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /opt/bitnami/postgresql/certs name: postgresql-certificates @@ -160,7 +170,11 @@ spec: limits: {} requests: {} securityContext: + runAsGroup: 0 + runAsNonRoot: false runAsUser: 0 + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /bitnami/postgresql name: data @@ -186,7 +200,9 @@ spec: rollingUpdate: {} type: RollingUpdate volumeClaimTemplates: - - metadata: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: name: data spec: accessModes: diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/svc-headless.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/svc-headless.yaml index bb13dd96..32a61035 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/svc-headless.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/svc-headless.yaml @@ -1,13 +1,15 @@ apiVersion: v1 kind: Service metadata: + annotations: + service.alpha.kubernetes.io/tolerate-unready-endpoints: 'true' labels: app.kubernetes.io/component: primary app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-12.5.6 - service.alpha.kubernetes.io/tolerate-unready-endpoints: 'true' + app.kubernetes.io/version: 15.4.0 + helm.sh/chart: postgresql-12.12.4 name: keycloak-postgresql-hl namespace: syn-builtin spec: diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/svc.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/svc.yaml index f4543e5e..05486773 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/svc.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/svc.yaml @@ -6,7 +6,8 @@ metadata: app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-12.5.6 + app.kubernetes.io/version: 15.4.0 + helm.sh/chart: postgresql-12.12.4 name: keycloak-postgresql namespace: syn-builtin spec: diff --git a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/networkpolicy.yaml b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/networkpolicy.yaml index bc583379..a73fbac1 100644 --- a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/networkpolicy.yaml +++ b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/networkpolicy.yaml @@ -6,7 +6,8 @@ metadata: app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-12.5.6 + app.kubernetes.io/version: 15.4.0 + helm.sh/chart: postgresql-12.12.4 name: keycloak-postgresql-ingress namespace: syn-openshift-postgres spec: diff --git a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/statefulset.yaml b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/statefulset.yaml index 37bd55e9..26682f49 100644 --- a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/statefulset.yaml +++ b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/statefulset.yaml @@ -2,11 +2,12 @@ apiVersion: apps/v1 kind: StatefulSet metadata: labels: - app.kubernetes.io/component: keycloak + app.kubernetes.io/component: primary app.kubernetes.io/instance: openshift-postgres app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - helm.sh/chart: postgresql-12.5.6 + app.kubernetes.io/version: 15.4.0 + helm.sh/chart: postgresql-12.12.4 name: keycloak-postgresql namespace: syn-openshift-postgres spec: @@ -28,7 +29,8 @@ spec: app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-12.5.6 + app.kubernetes.io/version: 15.4.0 + helm.sh/chart: postgresql-12.12.4 name: keycloak-postgresql spec: affinity: @@ -56,17 +58,17 @@ spec: value: /bitnami/postgresql/data - name: POSTGRES_USER value: keycloak - - name: POSTGRES_POSTGRES_PASSWORD + - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - key: postgres-password + key: password name: keycloak-postgresql - - name: POSTGRES_PASSWORD + - name: POSTGRES_POSTGRES_PASSWORD valueFrom: secretKeyRef: - key: password + key: postgres-password name: keycloak-postgresql - - name: POSTGRES_DB + - name: POSTGRES_DATABASE value: keycloak - name: POSTGRESQL_ENABLE_LDAP value: 'no' @@ -132,6 +134,7 @@ spec: capabilities: drop: - ALL + runAsGroup: 0 runAsNonRoot: true seccompProfile: type: RuntimeDefault @@ -163,6 +166,7 @@ spec: capabilities: drop: - ALL + runAsGroup: 0 runAsNonRoot: true seccompProfile: type: RuntimeDefault @@ -185,7 +189,9 @@ spec: rollingUpdate: {} type: RollingUpdate volumeClaimTemplates: - - metadata: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: name: data spec: accessModes: diff --git a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/svc-headless.yaml b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/svc-headless.yaml index 97566948..29903572 100644 --- a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/svc-headless.yaml +++ b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/svc-headless.yaml @@ -1,13 +1,15 @@ apiVersion: v1 kind: Service metadata: + annotations: + service.alpha.kubernetes.io/tolerate-unready-endpoints: 'true' labels: app.kubernetes.io/component: primary app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-12.5.6 - service.alpha.kubernetes.io/tolerate-unready-endpoints: 'true' + app.kubernetes.io/version: 15.4.0 + helm.sh/chart: postgresql-12.12.4 name: keycloak-postgresql-hl namespace: syn-openshift-postgres spec: diff --git a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/svc.yaml b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/svc.yaml index d81678b5..4a5bdc54 100644 --- a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/svc.yaml +++ b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/svc.yaml @@ -6,7 +6,8 @@ metadata: app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-12.5.6 + app.kubernetes.io/version: 15.4.0 + helm.sh/chart: postgresql-12.12.4 name: keycloak-postgresql namespace: syn-openshift-postgres spec: