forked from argoproj/argo-helm
fix(argo-cd): Sync redis / redis-ha readOnlyRootFilesystem from upstream (#2294)
Signed-off-by: Marco Maurer <mkilchhofer@users.noreply.github.com>main argo-cd-5.46.8
parent
37069f92c9
commit
052454f233
|
@ -3,7 +3,7 @@ appVersion: v2.8.4
|
|||
kubeVersion: ">=1.23.0-0"
|
||||
description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
|
||||
name: argo-cd
|
||||
version: 5.46.7
|
||||
version: 5.46.8
|
||||
home: https://github.com/argoproj/argo-helm
|
||||
icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
|
||||
sources:
|
||||
|
@ -26,5 +26,5 @@ annotations:
|
|||
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
|
||||
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
|
||||
artifacthub.io/changes: |
|
||||
- kind: security
|
||||
description: updated redis dependency to 7.0.13-alpine to fix CVE-2022-48174
|
||||
- kind: fixed
|
||||
description: Sync redis / redis-ha readOnlyRootFilesystem=true option from upstream. This was part of Argo CD 2.8.0.
|
||||
|
|
|
@ -1001,12 +1001,14 @@ The main options are listed here:
|
|||
|-----|------|---------|-------------|
|
||||
| redis-ha.additionalAffinities | object | `{}` | Additional affinities to add to the Redis server pods. |
|
||||
| redis-ha.affinity | string | `""` | Assign custom [affinity] rules to the Redis pods. |
|
||||
| redis-ha.containerSecurityContext | object | See [values.yaml] | Redis HA statefulset container-level security context |
|
||||
| redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment |
|
||||
| redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar |
|
||||
| redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter |
|
||||
| redis-ha.exporter.tag | string | `"1.53.0"` | Tag to use for the redis-exporter |
|
||||
| redis-ha.haproxy.additionalAffinities | object | `{}` | Additional affinities to add to the haproxy pods. |
|
||||
| redis-ha.haproxy.affinity | string | `""` | Assign custom [affinity] rules to the haproxy pods. |
|
||||
| redis-ha.haproxy.containerSecurityContext | object | See [values.yaml] | HAProxy container-level security context |
|
||||
| redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy |
|
||||
| redis-ha.haproxy.hardAntiAffinity | bool | `true` | Whether the haproxy pods should be forced to run on separate nodes. |
|
||||
| redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping |
|
||||
|
|
|
@ -1279,6 +1279,7 @@ redis:
|
|||
# -- Redis container-level security context
|
||||
# @default -- See [values.yaml]
|
||||
containerSecurityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
|
@ -1416,8 +1417,13 @@ redis-ha:
|
|||
additionalAffinities: {}
|
||||
# -- Assign custom [affinity] rules to the haproxy pods.
|
||||
affinity: |
|
||||
|
||||
# -- [Tolerations] for use with node taints for haproxy pods.
|
||||
tolerations: []
|
||||
# -- HAProxy container-level security context
|
||||
# @default -- See [values.yaml]
|
||||
containerSecurityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
|
||||
# -- Whether the Redis server pods should be forced to run on separate nodes.
|
||||
hardAntiAffinity: true
|
||||
|
@ -1445,6 +1451,10 @@ redis-ha:
|
|||
# -- Enforcement policy, hard or soft
|
||||
# @default -- `""` (defaults to `ScheduleAnyway`)
|
||||
whenUnsatisfiable: ""
|
||||
# -- Redis HA statefulset container-level security context
|
||||
# @default -- See [values.yaml]
|
||||
containerSecurityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
|
||||
# External Redis parameters
|
||||
externalRedis:
|
||||
|
|
Loading…
Reference in New Issue