From ede4754ab61ea1ff5f4732a6bf3998d36e066517 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 19 Aug 2024 08:56:28 +0000 Subject: [PATCH] Update Helm release postgresql to v15 Signed-off-by: Renovate Bot --- class/defaults.yml | 2 +- .../templates/primary/networkpolicy.yaml | 18 +++---- .../postgresql/templates/primary/pdb.yaml | 19 +++++++ .../templates/primary/statefulset.yaml | 52 ++++++++++++++---- .../templates/primary/svc-headless.yaml | 7 ++- .../postgresql/templates/primary/svc.yaml | 4 +- .../postgresql/templates/serviceaccount.yaml | 12 +++++ .../postgresql/templates/primary/pdb.yaml | 0 .../postgresql/templates/serviceaccount.yaml | 12 +++++ .../templates/primary/networkpolicy.yaml | 18 +++---- .../postgresql/templates/primary/pdb.yaml | 19 +++++++ .../templates/primary/statefulset.yaml | 54 +++++++++++++++---- .../templates/primary/svc-headless.yaml | 7 ++- .../postgresql/templates/primary/svc.yaml | 4 +- .../postgresql/templates/serviceaccount.yaml | 12 +++++ .../postgresql/templates/primary/pdb.yaml | 0 .../postgresql/templates/serviceaccount.yaml | 12 +++++ 17 files changed, 200 insertions(+), 52 deletions(-) create mode 100644 tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/pdb.yaml create mode 100644 tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/serviceaccount.yaml create mode 100644 tests/golden/external/external/external/01_keycloak_helmchart/postgresql/templates/primary/pdb.yaml create mode 100644 tests/golden/external/external/external/01_keycloak_helmchart/postgresql/templates/serviceaccount.yaml create mode 100644 tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/pdb.yaml create mode 100644 tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/serviceaccount.yaml create mode 100644 tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/postgresql/templates/primary/pdb.yaml create mode 100644 tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/postgresql/templates/serviceaccount.yaml diff --git a/class/defaults.yml b/class/defaults.yml index 3ad0c150..e1a3e435 100644 --- a/class/defaults.yml +++ b/class/defaults.yml @@ -62,7 +62,7 @@ parameters: version: v2.3.0 postgresql: source: https://charts.bitnami.com/bitnami - version: 12.12.10 + version: 15.5.23 # FQDN should be overwritten on the cluster level fqdn: keycloak.example.com # Default path since Quarkus is "/" rather than "/auth" diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/networkpolicy.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/networkpolicy.yaml index a10253f6..af9daf75 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/networkpolicy.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/networkpolicy.yaml @@ -6,21 +6,21 @@ metadata: app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql - app.kubernetes.io/version: 15.4.0 - helm.sh/chart: postgresql-12.12.10 - name: keycloak-postgresql-ingress + app.kubernetes.io/version: 16.4.0 + helm.sh/chart: postgresql-15.5.23 + name: keycloak-postgresql namespace: syn-builtin spec: + egress: + - {} ingress: - - from: - - podSelector: - matchLabels: - app.kubernetes.io/instance: keycloakx - app.kubernetes.io/name: keycloakx - ports: + - ports: - port: 5432 podSelector: matchLabels: app.kubernetes.io/component: primary app.kubernetes.io/instance: keycloak app.kubernetes.io/name: postgresql + policyTypes: + - Ingress + - Egress diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/pdb.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/pdb.yaml new file mode 100644 index 00000000..33de02c2 --- /dev/null +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/pdb.yaml @@ -0,0 +1,19 @@ +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + labels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: builtin + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: keycloak + app.kubernetes.io/version: 16.4.0 + helm.sh/chart: postgresql-15.5.23 + name: keycloak-postgresql + namespace: syn-builtin +spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: keycloak + app.kubernetes.io/name: postgresql diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/statefulset.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/statefulset.yaml index 8939927e..1966eaeb 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/statefulset.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/statefulset.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: builtin app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.4.0 - helm.sh/chart: postgresql-12.12.10 + app.kubernetes.io/version: 16.4.0 + helm.sh/chart: postgresql-15.5.23 name: keycloak-postgresql namespace: syn-builtin spec: @@ -29,8 +29,8 @@ spec: app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql - app.kubernetes.io/version: 15.4.0 - helm.sh/chart: postgresql-12.12.10 + app.kubernetes.io/version: 16.4.0 + helm.sh/chart: postgresql-15.5.23 name: keycloak-postgresql spec: affinity: @@ -46,6 +46,7 @@ spec: app.kubernetes.io/name: postgresql topologyKey: kubernetes.io/hostname weight: 1 + automountServiceAccountToken: false containers: - env: - name: BITNAMI_DEBUG @@ -125,20 +126,36 @@ spec: successThreshold: 1 timeoutSeconds: 5 resources: - limits: {} + limits: + cpu: 150m + ephemeral-storage: 2Gi + memory: 192Mi requests: - cpu: 250m - memory: 256Mi + cpu: 100m + ephemeral-storage: 50Mi + memory: 128Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL + privileged: false + readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1001 + seLinuxOptions: {} seccompProfile: type: RuntimeDefault volumeMounts: + - mountPath: /tmp + name: empty-dir + subPath: tmp-dir + - mountPath: /opt/bitnami/postgresql/conf + name: empty-dir + subPath: app-conf-dir + - mountPath: /opt/bitnami/postgresql/tmp + name: empty-dir + subPath: app-tmp-dir - mountPath: /opt/bitnami/postgresql/certs name: postgresql-certificates readOnly: true @@ -166,15 +183,25 @@ spec: imagePullPolicy: IfNotPresent name: init-chmod-data resources: - limits: {} - requests: {} + limits: + cpu: 150m + ephemeral-storage: 2Gi + memory: 192Mi + requests: + cpu: 100m + ephemeral-storage: 50Mi + memory: 128Mi securityContext: runAsGroup: 0 runAsNonRoot: false runAsUser: 0 + seLinuxOptions: {} seccompProfile: type: RuntimeDefault volumeMounts: + - mountPath: /tmp + name: empty-dir + subPath: tmp-dir - mountPath: /bitnami/postgresql name: data - mountPath: /dev/shm @@ -185,8 +212,13 @@ spec: name: postgresql-certificates securityContext: fsGroup: 1001 - serviceAccountName: default + fsGroupChangePolicy: Always + supplementalGroups: [] + sysctls: [] + serviceAccountName: keycloak-postgresql volumes: + - emptyDir: {} + name: empty-dir - name: raw-certificates secret: secretName: keycloak-postgresql-tls diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/svc-headless.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/svc-headless.yaml index 654cd220..a8913bbd 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/svc-headless.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/svc-headless.yaml @@ -1,15 +1,14 @@ apiVersion: v1 kind: Service metadata: - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: 'true' + annotations: null labels: app.kubernetes.io/component: primary app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql - app.kubernetes.io/version: 15.4.0 - helm.sh/chart: postgresql-12.12.10 + app.kubernetes.io/version: 16.4.0 + helm.sh/chart: postgresql-15.5.23 name: keycloak-postgresql-hl namespace: syn-builtin spec: diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/svc.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/svc.yaml index bdfb944c..ca1abe22 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/svc.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/svc.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql - app.kubernetes.io/version: 15.4.0 - helm.sh/chart: postgresql-12.12.10 + app.kubernetes.io/version: 16.4.0 + helm.sh/chart: postgresql-15.5.23 name: keycloak-postgresql namespace: syn-builtin spec: diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/serviceaccount.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/serviceaccount.yaml new file mode 100644 index 00000000..47eef0b5 --- /dev/null +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +automountServiceAccountToken: false +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: keycloak + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 16.4.0 + helm.sh/chart: postgresql-15.5.23 + name: keycloak-postgresql + namespace: syn-builtin diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/postgresql/templates/primary/pdb.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/postgresql/templates/primary/pdb.yaml new file mode 100644 index 00000000..e69de29b diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/postgresql/templates/serviceaccount.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/postgresql/templates/serviceaccount.yaml new file mode 100644 index 00000000..7c3f57a3 --- /dev/null +++ b/tests/golden/external/external/external/01_keycloak_helmchart/postgresql/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +automountServiceAccountToken: false +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: keycloak + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 16.4.0 + helm.sh/chart: postgresql-15.5.23 + name: keycloak-postgresql + namespace: syn-external diff --git a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/networkpolicy.yaml b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/networkpolicy.yaml index 6c6d127c..ccf01f03 100644 --- a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/networkpolicy.yaml +++ b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/networkpolicy.yaml @@ -6,21 +6,21 @@ metadata: app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql - app.kubernetes.io/version: 15.4.0 - helm.sh/chart: postgresql-12.12.10 - name: keycloak-postgresql-ingress + app.kubernetes.io/version: 16.4.0 + helm.sh/chart: postgresql-15.5.23 + name: keycloak-postgresql namespace: syn-openshift-postgres spec: + egress: + - {} ingress: - - from: - - podSelector: - matchLabels: - app.kubernetes.io/instance: keycloakx - app.kubernetes.io/name: keycloakx - ports: + - ports: - port: 5432 podSelector: matchLabels: app.kubernetes.io/component: primary app.kubernetes.io/instance: keycloak app.kubernetes.io/name: postgresql + policyTypes: + - Ingress + - Egress diff --git a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/pdb.yaml b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/pdb.yaml new file mode 100644 index 00000000..86b3e595 --- /dev/null +++ b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/pdb.yaml @@ -0,0 +1,19 @@ +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + labels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: openshift-postgres + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: keycloak + app.kubernetes.io/version: 16.4.0 + helm.sh/chart: postgresql-15.5.23 + name: keycloak-postgresql + namespace: syn-openshift-postgres +spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: keycloak + app.kubernetes.io/name: postgresql diff --git a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/statefulset.yaml b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/statefulset.yaml index 342e35a6..e3ceb374 100644 --- a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/statefulset.yaml +++ b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/statefulset.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: openshift-postgres app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 15.4.0 - helm.sh/chart: postgresql-12.12.10 + app.kubernetes.io/version: 16.4.0 + helm.sh/chart: postgresql-15.5.23 name: keycloak-postgresql namespace: syn-openshift-postgres spec: @@ -29,8 +29,8 @@ spec: app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql - app.kubernetes.io/version: 15.4.0 - helm.sh/chart: postgresql-12.12.10 + app.kubernetes.io/version: 16.4.0 + helm.sh/chart: postgresql-15.5.23 name: keycloak-postgresql spec: affinity: @@ -46,6 +46,7 @@ spec: app.kubernetes.io/name: postgresql topologyKey: kubernetes.io/hostname weight: 1 + automountServiceAccountToken: false containers: - env: - name: BITNAMI_DEBUG @@ -125,19 +126,35 @@ spec: successThreshold: 1 timeoutSeconds: 5 resources: - limits: {} + limits: + cpu: 150m + ephemeral-storage: 2Gi + memory: 192Mi requests: - cpu: 250m - memory: 256Mi + cpu: 100m + ephemeral-storage: 50Mi + memory: 128Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL + privileged: false + readOnlyRootFilesystem: true runAsNonRoot: true + seLinuxOptions: {} seccompProfile: type: RuntimeDefault volumeMounts: + - mountPath: /tmp + name: empty-dir + subPath: tmp-dir + - mountPath: /opt/bitnami/postgresql/conf + name: empty-dir + subPath: app-conf-dir + - mountPath: /opt/bitnami/postgresql/tmp + name: empty-dir + subPath: app-tmp-dir - mountPath: /opt/bitnami/postgresql/certs name: postgresql-certificates readOnly: true @@ -156,28 +173,43 @@ spec: imagePullPolicy: IfNotPresent name: copy-certs resources: - limits: {} + limits: + cpu: 150m + ephemeral-storage: 2Gi + memory: 192Mi requests: - cpu: 250m - memory: 256Mi + cpu: 100m + ephemeral-storage: 50Mi + memory: 128Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL + privileged: false + readOnlyRootFilesystem: true runAsNonRoot: true + seLinuxOptions: {} seccompProfile: type: RuntimeDefault volumeMounts: + - mountPath: /tmp + name: empty-dir + subPath: tmp-dir - mountPath: /tmp/certs name: raw-certificates - mountPath: /opt/bitnami/postgresql/certs name: postgresql-certificates securityContext: + fsGroupChangePolicy: Always seccompProfile: type: RuntimeDefault - serviceAccountName: default + supplementalGroups: [] + sysctls: [] + serviceAccountName: keycloak-postgresql volumes: + - emptyDir: {} + name: empty-dir - name: raw-certificates secret: secretName: keycloak-postgresql-tls diff --git a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/svc-headless.yaml b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/svc-headless.yaml index 416f3ed7..f59ada3c 100644 --- a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/svc-headless.yaml +++ b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/svc-headless.yaml @@ -1,15 +1,14 @@ apiVersion: v1 kind: Service metadata: - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: 'true' + annotations: null labels: app.kubernetes.io/component: primary app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql - app.kubernetes.io/version: 15.4.0 - helm.sh/chart: postgresql-12.12.10 + app.kubernetes.io/version: 16.4.0 + helm.sh/chart: postgresql-15.5.23 name: keycloak-postgresql-hl namespace: syn-openshift-postgres spec: diff --git a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/svc.yaml b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/svc.yaml index 7c73c82a..1d8da709 100644 --- a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/svc.yaml +++ b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/svc.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql - app.kubernetes.io/version: 15.4.0 - helm.sh/chart: postgresql-12.12.10 + app.kubernetes.io/version: 16.4.0 + helm.sh/chart: postgresql-15.5.23 name: keycloak-postgresql namespace: syn-openshift-postgres spec: diff --git a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/serviceaccount.yaml b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/serviceaccount.yaml new file mode 100644 index 00000000..2dbecd51 --- /dev/null +++ b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +automountServiceAccountToken: false +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: keycloak + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 16.4.0 + helm.sh/chart: postgresql-15.5.23 + name: keycloak-postgresql + namespace: syn-openshift-postgres diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/postgresql/templates/primary/pdb.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/postgresql/templates/primary/pdb.yaml new file mode 100644 index 00000000..e69de29b diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/postgresql/templates/serviceaccount.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/postgresql/templates/serviceaccount.yaml new file mode 100644 index 00000000..79f25ff8 --- /dev/null +++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/postgresql/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +automountServiceAccountToken: false +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: keycloak + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 16.4.0 + helm.sh/chart: postgresql-15.5.23 + name: keycloak-postgresql + namespace: keycloak-dev