Sync chart with bitnami/kubeapps chart (version 14.6.0) (#7532)

### Description of the change This is an automatic PR for synchronizing the changes performed externally at the [bitnami/kubeapps official chart](https://github.com/bitnami/charts/tree/main/bitnami/kubeapps) to the Kubeapps development version. ### Benefits The Kubeapps [development chart](https://github.com/vmware-tanzu/kubeapps/tree/main/chart/kubeapps) will get the newest changes, including image version updates and other updates. ### Possible drawbacks Although unlikely, some changes implemented by the Bitnami team may not be 100% compatible with the current Kubeapps version. ### Applicable issues N/A ### Additional information This PR is marked as a draft until a Kubeapps maintainer manually reviews it. --------- Signed-off-by: kubeapps-bot <tanzu-kubeapps-team@vmware.com> Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com> Co-authored-by: kubeapps-bot <tanzu-kubeapps-team@vmware.com> Co-authored-by: Antonio Gamez Diaz <agamez@vmware.com>
vmware-tanzu · Mar 1, 2024 · 22cf182 · 22cf182
1 parent 4ffda12
commit 22cf182
Show file tree

Hide file tree

Showing 7 changed files with 78 additions and 13 deletions.
diff --git a/chart/kubeapps/Chart.yaml b/chart/kubeapps/Chart.yaml
@@ -52,4 +52,4 @@ maintainers:
 name: kubeapps
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/kubeapps
-version: 14.5.3-dev
+version: 14.6.1-dev
diff --git a/chart/kubeapps/README.md b/chart/kubeapps/README.md
diff --git a/chart/kubeapps/templates/apprepository/deployment.yaml b/chart/kubeapps/templates/apprepository/deployment.yaml
@@ -142,9 +142,13 @@ spec:
             - secretRef:
                 name: {{ include "common.tplvalues.render" (dict "value" .Values.apprepository.extraEnvVarsSecret "context" $) }}
             {{- end }}
-          {{- if .Values.apprepository.extraVolumeMounts }}
-          volumeMounts: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.extraVolumeMounts "context" $) | nindent 12 }}
-          {{- end }}
+          volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: tmp-dir
+            {{- if .Values.apprepository.extraVolumeMounts }}
+            {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.extraVolumeMounts "context" $) | nindent 12 }}
+            {{- end }}
           {{- if .Values.apprepository.resources }}
           resources: {{- toYaml .Values.apprepository.resources | nindent 12 }}
           {{- else if ne .Values.apprepository.resourcesPreset "none" }}
@@ -153,7 +157,10 @@ spec:
         {{- if .Values.apprepository.sidecars }}
         {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.sidecars "context" $) | trim | nindent 8 }}
         {{- end }}
-      {{- if .Values.apprepository.extraVolumes }}
-      volumes: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.extraVolumes "context" $) | nindent 8 }}
-      {{- end }}
+      volumes:
+        - name: empty-dir
+          emptyDir: {}
+        {{- if .Values.apprepository.extraVolumes }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.extraVolumes "context" $) | nindent 8 }}
+        {{- end }}
 {{- end }}
diff --git a/chart/kubeapps/templates/dashboard/deployment.yaml b/chart/kubeapps/templates/dashboard/deployment.yaml
@@ -140,6 +140,15 @@ spec:
           volumeMounts:
             - name: vhost
               mountPath: /opt/bitnami/nginx/conf/server_blocks
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: tmp-dir
+            - name: empty-dir
+              mountPath: /opt/bitnami/nginx/tmp
+              subPath: app-tmp-dir
+            - name: empty-dir
+              mountPath: /opt/bitnami/nginx/logs
+              subPath: app-logs-dir
             - name: config
               mountPath: /app/config.json
               subPath: config.json
@@ -156,6 +165,8 @@ spec:
         {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.sidecars "context" $) | nindent 8 }}
         {{- end }}
       volumes:
+        - name: empty-dir
+          emptyDir: {}
         - name: vhost
           configMap:
             name: {{ template "kubeapps.dashboard-config.fullname" . }}

diff --git a/chart/kubeapps/templates/frontend/deployment.yaml b/chart/kubeapps/templates/frontend/deployment.yaml
@@ -137,6 +137,15 @@ spec:
           resources: {{- include "common.resources.preset" (dict "type" .Values.frontend.resourcesPreset) | nindent 12 }}
           {{- end }}
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: tmp-dir
+            - name: empty-dir
+              mountPath: /opt/bitnami/nginx/tmp
+              subPath: app-tmp-dir
+            - name: empty-dir
+              mountPath: /opt/bitnami/nginx/logs
+              subPath: app-logs-dir
             - name: vhost
               mountPath: /opt/bitnami/nginx/conf/server_blocks
             {{- if .Values.frontend.extraVolumeMounts }}
@@ -225,9 +234,13 @@ spec:
           {{- else if ne .Values.authProxy.resourcesPreset "none" }}
           resources: {{- include "common.resources.preset" (dict "type" .Values.authProxy.resourcesPreset) | nindent 12 }}
           {{- end }}
-          {{- if .Values.authProxy.extraVolumeMounts }}
-          volumeMounts: {{- include "common.tplvalues.render" (dict "value" .Values.authProxy.extraVolumeMounts "context" $) | nindent 12 }}
-          {{- end }}
+          volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: tmp-dir
+            {{- if .Values.authProxy.extraVolumeMounts }}
+            {{- include "common.tplvalues.render" (dict "value" .Values.authProxy.extraVolumeMounts "context" $) | nindent 12 }}
+            {{- end }}
         {{- end }}
         {{- if and (gt (len .Values.clusters) 1) (not .Values.authProxy.enabled) }}
           {{ fail "clusters can be configured only when using an auth proxy for cluster oidc authentication." }}
@@ -292,6 +305,9 @@ spec:
           resources: {{- include "common.resources.preset" (dict "type" .Values.pinnipedProxy.resourcesPreset) | nindent 12 }}
           {{- end }}
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: tmp-dir
             {{- if .Values.pinnipedProxy.tls.existingSecret }}
             - name: pinniped-tls-secret
               mountPath: "/etc/pinniped-tls"
@@ -305,6 +321,8 @@ spec:
         {{- include "common.tplvalues.render" (dict "value" .Values.frontend.sidecars "context" $) | nindent 8 }}
         {{- end }}
       volumes:
+        - name: empty-dir
+          emptyDir: {}
         - name: vhost
           configMap:
             name: {{ template "kubeapps.frontend-config.fullname" . }}

diff --git a/chart/kubeapps/templates/kubeappsapis/deployment.yaml b/chart/kubeapps/templates/kubeappsapis/deployment.yaml
@@ -213,6 +213,9 @@ spec:
           resources: {{- include "common.resources.preset" (dict "type" .Values.kubeappsapis.resourcesPreset) | nindent 12 }}
           {{- end }}
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: tmp-dir
           {{- if .Values.clusters }}
             - name: clusters-config
               mountPath: /config
@@ -310,14 +313,19 @@ spec:
           resources: {{- include "common.resources.preset" (dict "type" .Values.ociCatalog.resourcesPreset) | nindent 12 }}
           {{- end }}
           volumeMounts:
-          {{- if .Values.ociCatalog.extraVolumeMounts }}
-          {{- include "common.tplvalues.render" (dict "value" .Values.ociCatalog.extraVolumeMounts "context" $) | nindent 12 }}
-          {{- end }}
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: tmp-dir
+            {{- if .Values.ociCatalog.extraVolumeMounts }}
+            {{- include "common.tplvalues.render" (dict "value" .Values.ociCatalog.extraVolumeMounts "context" $) | nindent 12 }}
+            {{- end }}
         {{- end }}
         {{- if .Values.kubeappsapis.sidecars }}
         {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.sidecars "context" $) | trim | nindent 8 }}
         {{- end }}
       volumes:
+        - name: empty-dir
+          emptyDir: {}
       {{- if .Values.clusters }}
         - name: clusters-config
           configMap:

diff --git a/chart/kubeapps/values.yaml b/chart/kubeapps/values.yaml
@@ -301,6 +301,7 @@ frontend:
   ## @param frontend.containerSecurityContext.enabled Enabled containers' Security Context
   ## @param frontend.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
   ## @param frontend.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
+  ## @param frontend.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
   ## @param frontend.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
   ## @param frontend.containerSecurityContext.privileged Set container's Security Context privileged
   ## @param frontend.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
@@ -312,6 +313,7 @@ frontend:
     enabled: true
     seLinuxOptions: null
     runAsUser: 1001
+    runAsGroup: 0
     runAsNonRoot: true
     privileged: false
     readOnlyRootFilesystem: false
@@ -678,6 +680,7 @@ dashboard:
   ## @param dashboard.containerSecurityContext.enabled Enabled containers' Security Context
   ## @param dashboard.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
   ## @param dashboard.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
+  ## @param dashboard.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
   ## @param dashboard.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
   ## @param dashboard.containerSecurityContext.privileged Set container's Security Context privileged
   ## @param dashboard.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
@@ -689,6 +692,7 @@ dashboard:
     enabled: true
     seLinuxOptions: null
     runAsUser: 1001
+    runAsGroup: 0
     runAsNonRoot: true
     privileged: false
     readOnlyRootFilesystem: false
@@ -1051,6 +1055,7 @@ apprepository:
   ## @param apprepository.containerSecurityContext.enabled Enabled containers' Security Context
   ## @param apprepository.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
   ## @param apprepository.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
+  ## @param apprepository.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
   ## @param apprepository.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
   ## @param apprepository.containerSecurityContext.privileged Set container's Security Context privileged
   ## @param apprepository.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
@@ -1062,6 +1067,7 @@ apprepository:
     enabled: true
     seLinuxOptions: null
     runAsUser: 1001
+    runAsGroup: 0
     runAsNonRoot: true
     privileged: false
     readOnlyRootFilesystem: false
@@ -1315,6 +1321,7 @@ authProxy:
   ## @param authProxy.containerSecurityContext.enabled Enabled containers' Security Context
   ## @param authProxy.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
   ## @param authProxy.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
+  ## @param authProxy.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
   ## @param authProxy.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
   ## @param authProxy.containerSecurityContext.privileged Set container's Security Context privileged
   ## @param authProxy.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
@@ -1326,6 +1333,7 @@ authProxy:
     enabled: true
     seLinuxOptions: null
     runAsUser: 1001
+    runAsGroup: 0
     runAsNonRoot: true
     privileged: false
     readOnlyRootFilesystem: false
@@ -1444,6 +1452,7 @@ pinnipedProxy:
   ## @param pinnipedProxy.containerSecurityContext.enabled Enabled containers' Security Context
   ## @param pinnipedProxy.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
   ## @param pinnipedProxy.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
+  ## @param pinnipedProxy.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
   ## @param pinnipedProxy.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
   ## @param pinnipedProxy.containerSecurityContext.privileged Set container's Security Context privileged
   ## @param pinnipedProxy.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
@@ -1455,6 +1464,7 @@ pinnipedProxy:
     enabled: true
     seLinuxOptions: null
     runAsUser: 1001
+    runAsGroup: 0
     runAsNonRoot: true
     privileged: false
     readOnlyRootFilesystem: false
@@ -1781,6 +1791,7 @@ kubeappsapis:
   ## @param kubeappsapis.containerSecurityContext.enabled Enabled containers' Security Context
   ## @param kubeappsapis.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
   ## @param kubeappsapis.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
+  ## @param kubeappsapis.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
   ## @param kubeappsapis.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
   ## @param kubeappsapis.containerSecurityContext.privileged Set container's Security Context privileged
   ## @param kubeappsapis.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
@@ -1792,6 +1803,7 @@ kubeappsapis:
     enabled: true
     seLinuxOptions: null
     runAsUser: 1001
+    runAsGroup: 0
     runAsNonRoot: true
     privileged: false
     readOnlyRootFilesystem: false
@@ -2057,6 +2069,7 @@ ociCatalog:
   ## @param ociCatalog.containerSecurityContext.enabled Enabled containers' Security Context
   ## @param ociCatalog.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
   ## @param ociCatalog.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
+  ## @param ociCatalog.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
   ## @param ociCatalog.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
   ## @param ociCatalog.containerSecurityContext.privileged Set container's Security Context privileged
   ## @param ociCatalog.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
@@ -2068,6 +2081,7 @@ ociCatalog:
     enabled: true
     seLinuxOptions: null
     runAsUser: 1001
+    runAsGroup: 0
     runAsNonRoot: true
     privileged: false
     readOnlyRootFilesystem: false