Skip to content

Commit

Permalink
Ferretdb security context updated (#825)
Browse files Browse the repository at this point in the history 
Signed-off-by: sayedppqq <[email protected]>
  • Loading branch information
@sayedppqq
sayedppqq authored Jan 25, 2024
1 parent 47970ed commit 6c15299
Show file tree
Hide file tree
Showing 64 changed files with 3,763 additions and 10,565 deletions.
2 changes: 1 addition & 1 deletion catalog/kubedb/raw/ferretdb/ferretdb-1.18.0.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,5 +7,5 @@ spec:
image: ghcr.io/appscode-images/ferretdb:1.18.0
deprecated: false
securityContext:
runAsUser: 999
runAsUser: 1000
version: 1.18.0
2 changes: 1 addition & 1 deletion charts/kubedb-catalog/templates/ferretdb/ferretdb-1.18.0.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,6 @@ spec:
image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/ferretdb") $) }}:1.18.0'
deprecated: false
securityContext:
runAsUser: 999
runAsUser: 1000
version: 1.18.0
{{ end }}
2 changes: 2 additions & 0 deletions charts/kubedb-crds/crds/kubedb.com_ferretdbs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,8 @@ spec:
version:
type: string
type: object
required:
- externallyManaged
type: object
halted:
type: boolean
Expand Down
228 changes: 8 additions & 220 deletions charts/kubedb-provider-aws/crds/aws.kubedb.com_providerconfigs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,14 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.13.0
controller-gen.kubebuilder.io/version: v0.11.3
name: providerconfigs.aws.kubedb.com
spec:
group: aws.kubedb.com
names:
categories:
- crossplane
- providerconfig
- provider
- aws
kind: ProviderConfig
listKind: ProviderConfigList
Expand All @@ -21,14 +21,14 @@ spec:
- jsonPath: .metadata.creationTimestamp
name: AGE
type: date
- jsonPath: .spec.source
name: SOURCE
- jsonPath: .spec.credentials.secretRef.name
name: SECRET-NAME
priority: 1
type: string
name: v1beta1
schema:
openAPIV3Schema:
description: A ProviderConfig configures the AWS provider.
description: A ProviderConfig configures a AWS provider.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
Expand All @@ -45,52 +45,6 @@ spec:
spec:
description: A ProviderConfigSpec defines the desired state of a ProviderConfig.
properties:
assumeRoleChain:
description: AssumeRoleChain defines the options for assuming an IAM
role
items:
description: AssumeRoleOptions define the options for assuming an
IAM Role Fields are similar to the STS AssumeRoleOptions in the
AWS SDK
properties:
externalID:
description: ExternalID is the external ID used when assuming
role.
type: string
roleARN:
description: AssumeRoleARN to assume with provider credentials
type: string
tags:
description: Tags is list of session tags that you want to pass.
Each session tag consists of a key name and an associated
value. For more information about session tags, see Tagging
STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html).
items:
description: Tag is session tag that can be used to assume
an IAM Role
properties:
key:
description: Name of the tag. Key is a required field
type: string
value:
description: Value of the tag. Value is a required field
type: string
required:
- key
- value
type: object
type: array
transitiveTagKeys:
description: TransitiveTagKeys is a list of keys for session
tags that you want to set as transitive. If you set a tag
key as transitive, the corresponding key and value passes
to subsequent sessions in a role chain. For more information,
see Chaining Roles with Session Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining).
items:
type: string
type: array
type: object
type: array
credentials:
description: Credentials required to authenticate to this provider.
properties:
Expand Down Expand Up @@ -137,176 +91,13 @@ spec:
enum:
- None
- Secret
- IRSA
- WebIdentity
- Upbound
- InjectedIdentity
- Environment
- Filesystem
type: string
upbound:
description: Upbound defines the options for authenticating using
Upbound as an identity provider.
properties:
webIdentity:
description: WebIdentity defines the options for assuming
an IAM role with a Web Identity.
properties:
roleARN:
description: AssumeRoleARN to assume with provider credentials
type: string
roleSessionName:
description: RoleSessionName is the session name, if you
wish to uniquely identify this session.
type: string
type: object
type: object
webIdentity:
description: WebIdentity defines the options for assuming an IAM
role with a Web Identity.
properties:
roleARN:
description: AssumeRoleARN to assume with provider credentials
type: string
roleSessionName:
description: RoleSessionName is the session name, if you wish
to uniquely identify this session.
type: string
type: object
required:
- source
type: object
endpoint:
description: Endpoint is where you can override the default endpoint
configuration of AWS calls made by the provider.
properties:
hostnameImmutable:
description: "Specifies if the endpoint's hostname can be modified
by the SDK's API client. \n If the hostname is mutable the SDK
API clients may modify any part of the hostname based on the
requirements of the API, (e.g. adding, or removing content in
the hostname). Such as, Amazon S3 API client prefixing \"bucketname\"
to the hostname, or changing the hostname service name component
from \"s3.\" to \"s3-accesspoint.dualstack.\" for the dualstack
endpoint of an S3 Accesspoint resource. \n Care should be taken
when providing a custom endpoint for an API. If the endpoint
hostname is mutable, and the client cannot modify the endpoint
correctly, the operation call will most likely fail, or have
undefined behavior. \n If hostname is immutable, the SDK API
clients will not modify the hostname of the URL. This may cause
the API client not to function correctly if the API requires
the operation specific hostname values to be used by the client.
\n This flag does not modify the API client's behavior if this
endpoint will be used instead of Endpoint Discovery, or if the
endpoint will be used to perform Endpoint Discovery. That behavior
is configured via the API Client's Options. Note that this is
effective only for resources that use AWS SDK v2."
type: boolean
partitionId:
description: The AWS partition the endpoint belongs to.
type: string
services:
description: Specifies the list of services you want endpoint
to be used for
items:
type: string
type: array
signingMethod:
description: The signing method that should be used for signing
the requests to the endpoint.
type: string
signingName:
description: The service name that should be used for signing
the requests to the endpoint.
type: string
signingRegion:
description: The region that should be used for signing the request
to the endpoint. For IAM, which doesn't have any region, us-east-1
is used to sign the requests, which is the only signing region
of IAM.
type: string
source:
description: The source of the Endpoint. By default, this will
be ServiceMetadata. When providing a custom endpoint, you should
set the source as Custom. If source is not provided when providing
a custom endpoint, the SDK may not perform required host mutations
correctly. Source should be used along with HostnameImmutable
property as per the usage requirement. Note that this is effective
only for resources that use AWS SDK v2.
enum:
- ServiceMetadata
- Custom
type: string
url:
description: URL lets you configure the endpoint URL to be used
in SDK calls.
properties:
dynamic:
description: Dynamic lets you configure the behavior of endpoint
URL resolver.
properties:
host:
description: Host is the address of the main host that
the resolver will use to prepend protocol, service and
region configurations. For example, the final URL for
EC2 in us-east-1 looks like https://ec2.us-east-1.amazonaws.com
You would need to use "amazonaws.com" as Host and "https"
as protocol to have the resolver construct it.
type: string
protocol:
description: Protocol is the HTTP protocol that will be
used in the URL. Currently, only http and https are
supported.
enum:
- http
- https
type: string
required:
- host
- protocol
type: object
static:
description: Static is the full URL you'd like the AWS SDK
to use. Recommended for using tools like localstack where
a single host is exposed for all services and regions.
type: string
type:
description: You can provide a static URL that will be used
regardless of the service and region by choosing Static
type. Alternatively, you can provide configuration for dynamically
resolving the URL with the config you provide once you set
the type as Dynamic.
enum:
- Static
- Dynamic
type: string
required:
- type
type: object
required:
- url
type: object
s3_use_path_style:
description: Whether to enable the request to use path-style addressing,
i.e., https://s3.amazonaws.com/BUCKET/KEY.
type: boolean
skip_credentials_validation:
description: Whether to skip credentials validation via the STS API.
This can be useful for testing and for AWS API implementations that
do not have STS available.
type: boolean
skip_metadata_api_check:
description: Whether to skip the AWS Metadata API check Useful for
AWS API implementations that do not have a metadata API endpoint.
type: boolean
skip_region_validation:
description: Whether to skip validation of provided region name. Useful
for AWS-like implementations that use their own region names or
to bypass the validation for regions that aren't publicly available
yet.
type: boolean
skip_requesting_account_id:
description: Whether to skip requesting the account ID. Useful for
AWS API implementations that do not have the IAM, STS API, or metadata
API
type: boolean
required:
- credentials
type: object
Expand Down Expand Up @@ -346,9 +137,6 @@ spec:
- type
type: object
type: array
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
users:
description: Users of this provider configuration.
format: int64
Expand Down
4 changes: 2 additions & 2 deletions charts/kubedb-provider-aws/crds/aws.kubedb.com_providerconfigusages.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,14 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.13.0
controller-gen.kubebuilder.io/version: v0.11.3
name: providerconfigusages.aws.kubedb.com
spec:
group: aws.kubedb.com
names:
categories:
- crossplane
- providerconfig
- provider
- aws
kind: ProviderConfigUsage
listKind: ProviderConfigUsageList
Expand Down
Loading

0 comments on commit 6c15299

Please sign in to comment.