k8s-gitops
k8s-gitops copied to clipboard
npawelek
feat(helm)!: Update chart nginx to 18.2.0
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| nginx (source) | major | 15.12.2 -> 18.2.0 |
Release Notes
bitnami/charts (nginx)
v18.2.0
- [bitnami/nginx] stream server blocks (#29491)
v18.1.15
v18.1.14
v18.1.13
v18.1.12
- [bitnami/nginx] Release 18.1.12 - bugfix prometheusrules label collision (#29276) (c44ac28), closes #29276
v18.1.11
v18.1.10
v18.1.9
v18.1.8
- [bitnami/nginx] Support for Non-Bitnami Nginx Images in nginx Helm Chart (#28741) (00a53e4), closes #28741
v18.1.7
v18.1.6
v18.1.5
v18.1.4
v18.1.3
- [bitnami/*] Update README changing TAC wording (#27530) (52dfed6), closes #27530
- [bitnami/nginx] Release 18.1.3 (#27704) (682210e), closes #27704
v18.1.2
v18.1.1
- [bitnami/nginx] Release 18.1.15 (#29510)
v18.1.0
- [bitnami/nginx] Allowing for customize dnsPolicy and dnsConfig for nginx (#26619) (d7f4af3), closes #26619
v18.0.3
v18.0.2
- [bitnami/nginx] fix: Revert back use of http port instead of https (#27040) (1d65098), closes #27040 #20934
v18.0.1
v18.0.0
v17.3.2
v17.3.1
v17.3.0
v17.2.1
v17.2.0
- [bitnami/nginx] Allow custom path for readinessProbe and update startupProbe (#26362) (24fcc5a), closes #26362
v17.1.0
- [bitnami/*] ci: :construction_worker: Add tag and changelog support (#25359) (91c707c), closes #25359
- [bitnami/nginx] feat: :sparkles: :lock: Add warning when original images are replaced (#26253) (b10be08), closes #26253
- [bitnami/nginx] Use different liveness/readiness probes (#25969) (6a52e0d), closes #25969
v17.0.2
v17.0.1
v17.0.0
- [bitnami/*] Change non-root and rolling-tags doc URLs (#25628) (b067c94), closes #25628
- [bitnami/nginx] Release 17.0.0 updating components versions (#25708) (c43c4bd), closes #25708
v16.0.7
- [bitnami/*] Set new header/owner (#25558) (8d1dc11), closes #25558
- [bitnami/multiple charts] Fix typo: "NetworkPolice" vs "NetworkPolicy" (#25348) (6970c1b), closes #25348
- [bitnami/nginx] deployment fail because of OpenShift restricted-v2 issue 25425 (#25443) (1d37888), closes #25443
- Replace VMware by Broadcom copyright text (#25306) (a5e4bd0), closes #25306
v16.0.6
v16.0.5
- [bitnami/nginx] Define by default a https container port now TLS is enabled (#25091) (189d9e0), closes #25091
v16.0.4
v16.0.3
v16.0.2
v16.0.1
v16.0.0
- [bitnami/nginx] feat!: 🔒 💥 Improve security defaults (#24371) (66f3026), closes #24371
- Update resourcesPreset comments (#24467) (92e3e8a), closes #24467
v15.14.2
v15.14.1
- [bitnami/*] Reorder Chart sections (#24455) (0cf4048), closes #24455
- [bitnami/nginx] Release 15.14.1 updating components versions (#24803) (74c6f43), closes #24803
v15.14.0
- [bitnami/nginx] feat: :sparkles: :lock: Add readOnlyRootFilesystem support (#24041) (668e128), closes #24041
v15.13.0
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, check this box
This PR was generated by Mend Renovate. View the repository job log.
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}
Path: cluster/apps/nginx/helmrelease.yaml
Version: 15.12.2 -> 18.2.6
@@ -1,4 +1,37 @@
---
+# Source: nginx/templates/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: nginx
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: nginx
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: nginx
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: nginx
+ app.kubernetes.io/name: nginx
+---
+# Source: nginx/templates/tls-secret.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+ name: nginx-tls
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: nginx
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: nginx
+type: kubernetes.io/tls
+data:
+ tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURaRENDQWt5Z0F3SUJBZ0lRYTM4SFUyMGpFTFcrRngyR3JiSXlSVEFOQmdrcWhraUc5dzBCQVFzRkFEQVQKTVJFd0R3WURWUVFERXdodVoybHVlQzFqWVRBZUZ3MHlOREV4TWpZeU1qRTRNREphRncweU5URXhNall5TWpFNApNREphTUJBeERqQU1CZ05WQkFNVEJXNW5hVzU0TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCCkNnS0NBUUVBcGRLTE4yY3ZzTmo3TWFGaXZHcm8xamtHUSs3S2tzek1qeHl5UzdjMTNOOEVSdHpKTVB6WGZFZmsKNXRjSUY2QnRUZnJYOW8vejBiSkFQc1NjemJsVlQwZHZTZi85Z0JNMlJlY2l2WlZkcWhBSkZKSHhWeXZ0OWJTcQpORUdEYVFtSGFyL09OT1VqeC9tSUY5djN3eUpMV09yYUJLMzRrNFloR2R5Sjh0d0Q4UkVsWW1vNWkrdHZENnhhCmhLMjBRZ0FOUHUwM05HNG45RlhHekI3S1lRbm5OVTJLT013SG12VDdkZTlucnV2N0VPdE0zY1dkT1pxUEZaRlIKUlg0R3JiRWh3ZEFLTzl2VlphNklBMFJ1Wm1lcDZ5T2VMaUwvS253UW15MGUvdjBUNlRkZVRqRXQ5TS9jbVJOeQpCRHkrek1SdjJrRVRiWU0yMmZybDk3SDJjU0NuL1FJREFRQUJvNEcyTUlHek1BNEdBMVVkRHdFQi93UUVBd0lGCm9EQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3REFZRFZSMFRBUUgvQkFJd0FEQWYKQmdOVkhTTUVHREFXZ0JRWjY1d2w5QmJvaXlQMXhlaFlyLzBoMHBiWTBUQlRCZ05WSFJFRVREQktnZ1Z1WjJsdQplSUlOYm1kcGJuZ3VaR1ZtWVhWc2RJSVJibWRwYm5ndVpHVm1ZWFZzZEM1emRtT0NIMjVuYVc1NExtUmxabUYxCmJIUXVjM1pqTG1Oc2RYTjBaWEl1Ykc5allXd3dEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBSkxFM1ZEcDA1K1MKdmhveTlScVRaQzVpdDhNd1k1clNBakc4VE4zZndTMExUOXlVYW85RmRnZzZTbFd3OFZ6TkF3WlI3MjlodzFWSAp4UE5oendpVDU1Q2pPNEU1eDlzR2drWTJLeUtadE9mL3liYitnL0l0OEMxYUlKSlhLSzVmMFFPRFhwSXIxNmtZClg4ei90cG0yQ0lLR1hRVmxiOGRXSWxEYkF3T0NzemZkZ1RIeTkrOTBmaW44VUdzcmpkSWRkOStya2RnSVJUZjQKOVZUaXNiSHVLenZYNDR6dFB2RUdsR3hpTnRuMTk1U1JUNjFhdnJTRjd3ZVltWkFibjBTSWRNZ0wwREtZdko0bgpSWkt5M0RUN3NiQ1VjY3F0Zm9Salo5MEs2dGk5SkRUbk5QQ1d4NnV6ZTh2bFYrOXlrYTYwZ3dFQUhsN2dGM29oCnJLNVoyajBMdnRFPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+ tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBcGRLTE4yY3ZzTmo3TWFGaXZHcm8xamtHUSs3S2tzek1qeHl5UzdjMTNOOEVSdHpKCk1QelhmRWZrNXRjSUY2QnRUZnJYOW8vejBiSkFQc1NjemJsVlQwZHZTZi85Z0JNMlJlY2l2WlZkcWhBSkZKSHgKVnl2dDliU3FORUdEYVFtSGFyL09OT1VqeC9tSUY5djN3eUpMV09yYUJLMzRrNFloR2R5Sjh0d0Q4UkVsWW1vNQppK3R2RDZ4YWhLMjBRZ0FOUHUwM05HNG45RlhHekI3S1lRbm5OVTJLT013SG12VDdkZTlucnV2N0VPdE0zY1dkCk9acVBGWkZSUlg0R3JiRWh3ZEFLTzl2VlphNklBMFJ1Wm1lcDZ5T2VMaUwvS253UW15MGUvdjBUNlRkZVRqRXQKOU0vY21STnlCRHkrek1SdjJrRVRiWU0yMmZybDk3SDJjU0NuL1FJREFRQUJBb0lCQUdsZGxsNTI3NlBVekJCbQpOdUg0b01oMlpaZkc1T3RRdk81MjBvZ3YrMGJFWXVoUUpIcy9QZ0ZYZ1loNHZFaWZCTFZYSGVFcTZVZW1seElMClJvT21MeUg0Qnl3alFFWWdidzBONkZKRTFjWlkrQndjL0JoaTdvcUE2T0haZXhIRUgwcmlZN25TbStEV212Wm0KTEZIT3VjZmZPdmRjUUNZbFJXVTBjR2RrREJFaHlPZzQvYzV6T3oxUndndEFSS1VwMnVMOE94dE8xcUd2K05YTwpZZDJ0UVVFdWt0cVk5alZkemlyWXF5RjJOZEJNVGdoM1hWWGNaZ05jN3MzQStFNjJDZGtRZThTbmZtdVhRYnV2CmNMWTAwT0NhL29zRnBzSUZpQzYwcGxWR0RzNE5oRks0dVptYkFUc2hkeUY5NEVJZ0tiMU0xeG5JV0xka0pHenQKd2FnVTVHRUNnWUVBMXVmUVRxdm5jVC8xQ0p1TGEyVkdZTnE5aXc5NDF1Sk5vVXFoZnBtTXgvV0FHamdIOTFyUgpqOWk0MlNUZ0RZdkFKYU9NK0FCWS84Y3dmVUxqbzE1MDVuS3gyOWRjM3RmZG5TaHpRM0NzaTVrUkh3ODFaK25iCm1wTmU5SStvTjl2V2dsZzZ6ZnI2Um1TbWxsY05YUit4WElXNWhIb09wOUhDMTRub2JBOFFydWtDZ1lFQXhZZjgKSmVnZUpSRGVBcEl6U0hkVFV0RTJGVzNjbVJYSE1GdUZiTTJmaXRQZzBHNTJmVTRXUVZ1LzNnZ2EzdVJtRE9GMApoNEx0NUtqTzVFOGc0ZU5wakN3cTJKanArL3ppZ25DaFgvRHV3Y0ZXSklUYnc3TnBObGpmazBHWkR6TGVzOFJiCnBZNnVDT2RqQUlmdVpkL3kxUzZ1bDY3SStxbjhKTjkzTDJhelMvVUNnWUFYL2xlMmdPRGROd3ZQZ3paRXJsRDIKUFZYT01kTUhBc3N5QjlnUi8yakZablovOXVPRXpXSDZVbk1JNDJJVWdSYlozUEcvT3FLMUkvTVkrUi9iUEkrRwpyeVdHYXZ3V2NUbHY4M1V6QVdCeVVZdWswUmpnV2k3SGlrNmV0VzlObFVEVTJxN3VFbWhnOVpuWHpTNVR5RmNRCkFtb2REVmVYaXdiYTg2MjhhczR0Q1FLQmdRQ2cwNElCbndhRUtVS0pGMTMzdjJleEF6T2txT2sySHR3cHpDcEwKRnZPeUJhYUNMWjM5a2NsZTk0TzFGQ1pFbWZOWXcydXNOWGJaZUhQU3dYWkZWSElJTmFIQTdtZDd5ajdsOHl3QQp3RnEwbUdRNW9ZNkl2UmVKcnp5QldhUjBFbmZ1SjQ1eXNrT1Nia3BXRVZhUnpZK1o4TU1vTHAvbUx1WmpZeXBZCkJxY3V6UUtCZ1FDakdsaERoTVJDekszcnNleTZMUUJYY256SExSc214bW1lRC95RzYrQ0E0a0gvZUpZUHo2c2IKYXdZZkE5R1BVd3JMQXdMOFFuTnA5d1Z2anhxNzBRTUl5UnBIc2gzZGxHbVdCdElFK1BQQTVYQUw5QnU5OVpoWAplL29DdXNycm5CZzNqNEFFTURtYTNNaXN3QnJYMlYrNFlUWDR3TkdibU9NZzdvc1hETWFOYlE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
+ ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFakNDQWZxZ0F3SUJBZ0lSQUk0S3ZpcU5VaGxleTgxK3A5STllVXd3RFFZSktvWklodmNOQVFFTEJRQXcKRXpFUk1BOEdBMVVFQXhNSWJtZHBibmd0WTJFd0hoY05NalF4TVRJMk1qSXhPREF5V2hjTk1qVXhNVEkyTWpJeApPREF5V2pBVE1SRXdEd1lEVlFRREV3aHVaMmx1ZUMxallUQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQCkFEQ0NBUW9DZ2dFQkFKMkhucGVNNXBRQ1htZGo4WWxrU3FuejJOVm5HVU9FaGZ0QkFNVENMWTE2Nk50NG9uQTMKVzlGOTlieEhnVUlPM2pmWHdjQ1lmV2NGdlgzMFNtTmRTNTM5TzBnL0ZnTnVlbUszVFk5TmJlcER2dFcvTHdpTQo2bVVYUDhNMkRaTWFyU3dGVEZ6bnh0bEg5V1BMZVpkeGM2b2xRYmV1elpxVUd1dFpqNWVsZVpVSFRhRXRDQVJ6CmZrWVFkb1hrTnMvOWhNamxKV05xV3hDSjRNTTRNQWdnOHpPUVZ0M0QwMVJlTXllT3p3Z2kwTEdvMVJNT05oeEcKK0RhTGMwbmovRkc2bkJsQ21SS3dia0tneVVEOGZ1dzlHZkMwcXRLRjJyb01DR3NjQ25lOGJFVnBrQVYyQ1FCbAoySi9JY1F3VkR3d3Y1c3ppSHFCcUZUT29CV0wxbktBSk9RMENBd0VBQWFOaE1GOHdEZ1lEVlIwUEFRSC9CQVFECkFnS2tNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBUEJnTlZIUk1CQWY4RUJUQUQKQVFIL01CMEdBMVVkRGdRV0JCUVo2NXdsOUJib2l5UDF4ZWhZci8waDBwYlkwVEFOQmdrcWhraUc5dzBCQVFzRgpBQU9DQVFFQWFkTUlIMmNvYzcrSlhFNE5nd3krb2N3UkVWNktjVk9WSTJJMjcxc2lmZ1lPVmo4QkNVRm5sSHJiCjY1MFB2YkI3RVBOY0c5VGZmQTdrWXM4WXpiVVNyQjE4ZnV3OUFCeDJKM3JkTldvT2hCU0hkaGR3TkFCclZuUm4KYkJiNzVLdWJXZ3FJNFdIREVEVnFEREVERzV3VGNma01lNVRYTDBPSU10ckZuR1ZCNmE1QlJEYzg1VmgzL09QZAp1MmRsNUQ1Y2pZK3N0NlZNSEhqcXJld1B0TTRHN1B0RTVZR2ZCVDdmRVpHSXk5dFZ0ZkRodXNQSWJnMmw3TXNtCm42N1BGMWVoMkxQdTRSaVA3WjlZSnVWV3NuQ2NSY0VNbzY5ci80Uy9KUDVPajNlUzVnWGd6dFpQUXZzSm1mZzYKelRNaTN6Z2xFMzliR2hZTVhicnpUN1orYkJHRm1RPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+---
# Source: nginx/templates/server-block-configmap.yaml
apiVersion: v1
kind: ConfigMap
@@ -52,6 +85,9 @@
- name: http
port: 80
targetPort: http
+ - name: https
+ port: 443
+ targetPort: https
selector:
app.kubernetes.io/instance: nginx
app.kubernetes.io/name: nginx
@@ -83,7 +119,7 @@
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: nginx
annotations:
- checksum/server-block-configuration: 500dd08aaf2d81d263307fbc091e1943e2134dc864cc6aa38ddcef58ac9a7648
+ checksum/server-block-configuration: edd77f48ee2f95712ec13a9fc63ff907f069994a525422b5ee57b44ead2846f1
spec:
shareProcessNamespace: false
serviceAccountName: default
@@ -108,8 +144,44 @@
supplementalGroups: []
sysctls: []
initContainers:
+ - name: preserve-logs-symlinks
+ image: public.ecr.aws/bitnami/nginx:1.25.4
+ imagePullPolicy: "IfNotPresent"
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
+ runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
+ resources:
+ limits:
+ memory: 300Mi
+ requests:
+ cpu: 100m
+ memory: 100Mi
+ command:
+ - /bin/bash
+ args:
+ - -ec
+ - |
+ #!/bin/bash
+ . /opt/bitnami/scripts/libfs.sh
+ # We copy the logs folder because it has symlinks to stdout and stderr
+ if ! is_dir_empty /opt/bitnami/nginx/logs; then
+ cp -r /opt/bitnami/nginx/logs /emptydir/app-logs-dir
+ fi
+ volumeMounts:
+ - name: empty-dir
+ mountPath: /emptydir
- name: git-clone-repository
- image: docker.io/bitnami/git:2.43.2-debian-12-r2
+ image: docker.io/bitnami/git:2.47.1-debian-12-r0
imagePullPolicy: "IfNotPresent"
securityContext:
allowPrivilegeEscalation: false
@@ -117,10 +189,11 @@
drop:
- ALL
privileged: false
- readOnlyRootFilesystem: false
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
- seLinuxOptions: null
+ seLinuxOptions: {}
seccompProfile:
type: RuntimeDefault
command:
@@ -131,6 +204,15 @@
git clone https://github.com/npawelek/firmware.git --branch main /tmp/app
[[ "$?" -eq 0 ]] && shopt -s dotglob && rm -rf /app/* && mv /tmp/app/* /app/
volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - name: empty-dir
+ mountPath: /etc/ssh
+ subPath: etc-ssh-dir
+ - name: empty-dir
+ mountPath: /.ssh
+ subPath: ssh-dir
- name: staticsite
mountPath: /app
env:
@@ -138,7 +220,7 @@
value: /tmp
containers:
- name: git-repo-syncer
- image: docker.io/bitnami/git:2.43.2-debian-12-r2
+ image: docker.io/bitnami/git:2.47.1-debian-12-r0
imagePullPolicy: "IfNotPresent"
securityContext:
allowPrivilegeEscalation: false
@@ -146,10 +228,11 @@
drop:
- ALL
privileged: false
- readOnlyRootFilesystem: false
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
- seLinuxOptions: null
+ seLinuxOptions: {}
seccompProfile:
type: RuntimeDefault
command:
@@ -163,7 +246,25 @@
cd /app && git pull origin main
sleep 60
done
+ resources:
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - name: empty-dir
+ mountPath: /etc/ssh
+ subPath: etc-ssh-dir
+ - name: empty-dir
+ mountPath: /.ssh
+ subPath: ssh-dir
- name: staticsite
mountPath: /app
env:
@@ -178,10 +279,11 @@
drop:
- ALL
privileged: false
- readOnlyRootFilesystem: false
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
- seLinuxOptions: null
+ seLinuxOptions: {}
seccompProfile:
type: RuntimeDefault
env:
@@ -189,12 +291,16 @@
value: "false"
- name: NGINX_HTTP_PORT_NUMBER
value: "8080"
+ - name: NGINX_HTTPS_PORT_NUMBER
+ value: "8443"
- name: TZ
value: America/Chicago
envFrom:
ports:
- name: http
containerPort: 8080
+ - name: https
+ containerPort: 8443
livenessProbe:
failureThreshold: 6
initialDelaySeconds: 30
@@ -209,7 +315,8 @@
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 3
- tcpSocket:
+ httpGet:
+ path: /
port: http
resources:
limits:
@@ -218,11 +325,35 @@
cpu: 100m
memory: 100Mi
volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - name: empty-dir
+ mountPath: /opt/bitnami/nginx/conf
+ subPath: app-conf-dir
+ - name: empty-dir
+ mountPath: /opt/bitnami/nginx/logs
+ subPath: app-logs-dir
+ - name: empty-dir
+ mountPath: /opt/bitnami/nginx/tmp
+ subPath: app-tmp-dir
- name: nginx-server-block
mountPath: /opt/bitnami/nginx/conf/server_blocks
- name: staticsite
mountPath: /app
+ - name: certificate
+ mountPath: /certs
volumes:
+ - name: empty-dir
+ emptyDir: {}
+ - name: certificate
+ secret:
+ secretName: nginx-tls
+ items:
+ - key: tls.crt
+ path: server.crt
+ - key: tls.key
+ path: server.key
- name: nginx-server-block
configMap:
name: nginx-server-block
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}