diff --git a/src/main/charts/bamboo-agent/Chart.lock b/src/main/charts/bamboo-agent/Chart.lock index c0bcee7d1..6422deec8 100644 --- a/src/main/charts/bamboo-agent/Chart.lock +++ b/src/main/charts/bamboo-agent/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: https://atlassian.github.io/data-center-helm-charts - version: 1.2.3 -digest: sha256:19b32588659e732b2f75427b8bf2040b4daf93893f72f2de19ab76cc7f0e8623 -generated: "2023-06-28T12:28:34.897846+10:00" + version: 1.2.4 +digest: sha256:a373258f4c668f70e249c8310ba3a105e9b86301a9a7eb659b95d8449eafc05b +generated: "2023-09-18T10:41:52.696271+10:00" diff --git a/src/main/charts/bamboo-agent/Chart.yaml b/src/main/charts/bamboo-agent/Chart.yaml index 1f51ff724..5de497bf7 100644 --- a/src/main/charts/bamboo-agent/Chart.yaml +++ b/src/main/charts/bamboo-agent/Chart.yaml @@ -23,5 +23,5 @@ annotations: - "Update Helm chart version" dependencies: - name: common - version: 1.2.3 + version: 1.2.4 repository: https://atlassian.github.io/data-center-helm-charts diff --git a/src/main/charts/bamboo-agent/README.md b/src/main/charts/bamboo-agent/README.md index 39302325e..f2299fe14 100644 --- a/src/main/charts/bamboo-agent/README.md +++ b/src/main/charts/bamboo-agent/README.md @@ -17,7 +17,7 @@ Kubernetes: `>=1.21.x-0` | Repository | Name | Version | |------------|------|---------| -| https://atlassian.github.io/data-center-helm-charts | common | 1.2.3 | +| https://atlassian.github.io/data-center-helm-charts | common | 1.2.4 | ## Values diff --git a/src/main/charts/bamboo/Chart.lock b/src/main/charts/bamboo/Chart.lock index ef5cbbb53..5f2363214 100644 --- a/src/main/charts/bamboo/Chart.lock +++ b/src/main/charts/bamboo/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: https://atlassian.github.io/data-center-helm-charts - version: 1.2.3 -digest: sha256:19b32588659e732b2f75427b8bf2040b4daf93893f72f2de19ab76cc7f0e8623 -generated: "2023-06-28T12:28:14.264452+10:00" + version: 1.2.4 +digest: sha256:a373258f4c668f70e249c8310ba3a105e9b86301a9a7eb659b95d8449eafc05b +generated: "2023-09-18T10:41:07.792956+10:00" diff --git a/src/main/charts/bamboo/Chart.yaml b/src/main/charts/bamboo/Chart.yaml index f7122c9e7..8cc8e1a9c 100644 --- a/src/main/charts/bamboo/Chart.yaml +++ b/src/main/charts/bamboo/Chart.yaml @@ -24,5 +24,5 @@ annotations: - "Disable startup probes by default (#653)" dependencies: - name: common - version: 1.2.3 + version: 1.2.4 repository: https://atlassian.github.io/data-center-helm-charts diff --git a/src/main/charts/bamboo/README.md b/src/main/charts/bamboo/README.md index d3e86864d..ca13b57c9 100644 --- a/src/main/charts/bamboo/README.md +++ b/src/main/charts/bamboo/README.md @@ -17,7 +17,7 @@ Kubernetes: `>=1.21.x-0` | Repository | Name | Version | |------------|------|---------| -| https://atlassian.github.io/data-center-helm-charts | common | 1.2.3 | +| https://atlassian.github.io/data-center-helm-charts | common | 1.2.4 | ## Values @@ -139,6 +139,9 @@ Kubernetes: `>=1.21.x-0` | monitoring.jmxExporterCustomJarLocation | string | `nil` | Location of jmx_exporter jar file if mounted from a secret or manually copied to shared home | | monitoring.jmxExporterImageRepo | string | `"bitnami/jmx-exporter"` | Image repository with jmx_exporter jar | | monitoring.jmxExporterImageTag | string | `"0.18.0"` | Image tag to be used to pull jmxExporterImageRepo | +| monitoring.jmxExporterInitContainer | object | `{"customSecurityContext":{},"runAsRoot":true}` | JMX exporter init container configuration | +| monitoring.jmxExporterInitContainer.customSecurityContext | object | `{}` | Custom SecurityContext for the jmx exporter init container | +| monitoring.jmxExporterInitContainer.runAsRoot | bool | `true` | Whether to run JMX exporter init container as root to copy JMX exporter binary to shared home volume. Set to false if running containers as root is not allowed in the cluster. | | monitoring.jmxExporterPort | int | `9999` | Port number on which metrics will be available | | monitoring.jmxExporterPortType | string | `"ClusterIP"` | JMX exporter port type | | monitoring.jmxServiceAnnotations | object | `{}` | Annotations added to the jmx service | diff --git a/src/main/charts/bamboo/values.yaml b/src/main/charts/bamboo/values.yaml index ef67a873d..a6abe2d2b 100644 --- a/src/main/charts/bamboo/values.yaml +++ b/src/main/charts/bamboo/values.yaml @@ -843,6 +843,19 @@ monitoring: # exposeJmxMetrics: false + # -- JMX exporter init container configuration + # + jmxExporterInitContainer: + + # -- Whether to run JMX exporter init container as root to copy JMX exporter binary to shared home volume. + # Set to false if running containers as root is not allowed in the cluster. + # + runAsRoot: true + + # -- Custom SecurityContext for the jmx exporter init container + # + customSecurityContext: {} + # -- Annotations added to the jmx service # jmxServiceAnnotations: {} diff --git a/src/main/charts/bitbucket/Chart.lock b/src/main/charts/bitbucket/Chart.lock index eb5e27ffb..6b79c77c8 100644 --- a/src/main/charts/bitbucket/Chart.lock +++ b/src/main/charts/bitbucket/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: https://atlassian.github.io/data-center-helm-charts - version: 1.2.3 -digest: sha256:19b32588659e732b2f75427b8bf2040b4daf93893f72f2de19ab76cc7f0e8623 -generated: "2023-06-28T12:28:46.378103+10:00" + version: 1.2.4 +digest: sha256:a373258f4c668f70e249c8310ba3a105e9b86301a9a7eb659b95d8449eafc05b +generated: "2023-09-18T10:41:59.662404+10:00" diff --git a/src/main/charts/bitbucket/Chart.yaml b/src/main/charts/bitbucket/Chart.yaml index 93a0eded7..9e6e696fa 100644 --- a/src/main/charts/bitbucket/Chart.yaml +++ b/src/main/charts/bitbucket/Chart.yaml @@ -25,5 +25,5 @@ annotations: dependencies: - name: common - version: 1.2.3 + version: 1.2.4 repository: https://atlassian.github.io/data-center-helm-charts diff --git a/src/main/charts/bitbucket/README.md b/src/main/charts/bitbucket/README.md index 2ac4c75d7..c0a456a1b 100644 --- a/src/main/charts/bitbucket/README.md +++ b/src/main/charts/bitbucket/README.md @@ -17,7 +17,7 @@ Kubernetes: `>=1.21.x-0` | Repository | Name | Version | |------------|------|---------| -| https://atlassian.github.io/data-center-helm-charts | common | 1.2.3 | +| https://atlassian.github.io/data-center-helm-charts | common | 1.2.4 | ## Values @@ -172,6 +172,9 @@ Kubernetes: `>=1.21.x-0` | monitoring.jmxExporterCustomJarLocation | string | `nil` | Location of jmx_exporter jar file if mounted from a secret or manually copied to shared home | | monitoring.jmxExporterImageRepo | string | `"bitnami/jmx-exporter"` | Image repository with jmx_exporter jar | | monitoring.jmxExporterImageTag | string | `"0.18.0"` | Image tag to be used to pull jmxExporterImageRepo | +| monitoring.jmxExporterInitContainer | object | `{"customSecurityContext":{},"runAsRoot":true}` | JMX exporter init container configuration | +| monitoring.jmxExporterInitContainer.customSecurityContext | object | `{}` | Custom SecurityContext for the jmx exporter init container | +| monitoring.jmxExporterInitContainer.runAsRoot | bool | `true` | Whether to run JMX exporter init container as root to copy JMX exporter binary to shared home volume. Set to false if running containers as root is not allowed in the cluster. | | monitoring.jmxExporterPort | int | `9999` | Port number on which metrics will be available | | monitoring.jmxExporterPortType | string | `"ClusterIP"` | JMX exporter port type | | monitoring.jmxServiceAnnotations | object | `{}` | Annotations added to the jmx service | diff --git a/src/main/charts/bitbucket/values.yaml b/src/main/charts/bitbucket/values.yaml index 4cc875ac7..40cece239 100644 --- a/src/main/charts/bitbucket/values.yaml +++ b/src/main/charts/bitbucket/values.yaml @@ -1122,6 +1122,19 @@ monitoring: # exposeJmxMetrics: false + # -- JMX exporter init container configuration + # + jmxExporterInitContainer: + + # -- Whether to run JMX exporter init container as root to copy JMX exporter binary to shared home volume. + # Set to false if running containers as root is not allowed in the cluster. + # + runAsRoot: true + + # -- Custom SecurityContext for the jmx exporter init container + # + customSecurityContext: {} + # -- Annotations added to the jmx service # jmxServiceAnnotations: {} diff --git a/src/main/charts/confluence/Chart.lock b/src/main/charts/confluence/Chart.lock index 0c2c8e300..996dbb98f 100644 --- a/src/main/charts/confluence/Chart.lock +++ b/src/main/charts/confluence/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: https://atlassian.github.io/data-center-helm-charts - version: 1.2.3 -digest: sha256:19b32588659e732b2f75427b8bf2040b4daf93893f72f2de19ab76cc7f0e8623 -generated: "2023-06-28T12:28:55.882836+10:00" + version: 1.2.4 +digest: sha256:a373258f4c668f70e249c8310ba3a105e9b86301a9a7eb659b95d8449eafc05b +generated: "2023-09-18T10:42:03.96129+10:00" diff --git a/src/main/charts/confluence/Chart.yaml b/src/main/charts/confluence/Chart.yaml index fba9ddc7b..bd6e07735 100644 --- a/src/main/charts/confluence/Chart.yaml +++ b/src/main/charts/confluence/Chart.yaml @@ -26,5 +26,5 @@ annotations: dependencies: - name: common - version: 1.2.3 + version: 1.2.4 repository: https://atlassian.github.io/data-center-helm-charts diff --git a/src/main/charts/confluence/README.md b/src/main/charts/confluence/README.md index 098c00111..7132b9e17 100644 --- a/src/main/charts/confluence/README.md +++ b/src/main/charts/confluence/README.md @@ -17,7 +17,7 @@ Kubernetes: `>=1.21.x-0` | Repository | Name | Version | |------------|------|---------| -| https://atlassian.github.io/data-center-helm-charts | common | 1.2.3 | +| https://atlassian.github.io/data-center-helm-charts | common | 1.2.4 | ## Values @@ -134,6 +134,9 @@ Kubernetes: `>=1.21.x-0` | monitoring.jmxExporterCustomJarLocation | string | `nil` | Location of jmx_exporter jar file if mounted from a secret or manually copied to shared home | | monitoring.jmxExporterImageRepo | string | `"bitnami/jmx-exporter"` | Image repository with jmx_exporter jar | | monitoring.jmxExporterImageTag | string | `"0.18.0"` | Image tag to be used to pull jmxExporterImageRepo | +| monitoring.jmxExporterInitContainer | object | `{"customSecurityContext":{},"runAsRoot":true}` | JMX exporter init container configuration | +| monitoring.jmxExporterInitContainer.customSecurityContext | object | `{}` | Custom SecurityContext for the jmx exporter init container | +| monitoring.jmxExporterInitContainer.runAsRoot | bool | `true` | Whether to run JMX exporter init container as root to copy JMX exporter binary to shared home volume. Set to false if running containers as root is not allowed in the cluster. | | monitoring.jmxExporterPort | int | `9999` | Port number on which metrics will be available | | monitoring.jmxExporterPortType | string | `"ClusterIP"` | JMX exporter port type | | monitoring.jmxServiceAnnotations | object | `{}` | Annotations added to the jmx service | diff --git a/src/main/charts/confluence/values.yaml b/src/main/charts/confluence/values.yaml index a7880af65..456c18329 100644 --- a/src/main/charts/confluence/values.yaml +++ b/src/main/charts/confluence/values.yaml @@ -947,6 +947,19 @@ monitoring: # exposeJmxMetrics: false + # -- JMX exporter init container configuration + # + jmxExporterInitContainer: + + # -- Whether to run JMX exporter init container as root to copy JMX exporter binary to shared home volume. + # Set to false if running containers as root is not allowed in the cluster. + # + runAsRoot: true + + # -- Custom SecurityContext for the jmx exporter init container + # + customSecurityContext: {} + # -- Annotations added to the jmx service # jmxServiceAnnotations: {} diff --git a/src/main/charts/crowd/Chart.lock b/src/main/charts/crowd/Chart.lock index 456a360ca..170161854 100644 --- a/src/main/charts/crowd/Chart.lock +++ b/src/main/charts/crowd/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: https://atlassian.github.io/data-center-helm-charts - version: 1.2.3 -digest: sha256:19b32588659e732b2f75427b8bf2040b4daf93893f72f2de19ab76cc7f0e8623 -generated: "2023-06-28T12:29:08.571023+10:00" + version: 1.2.4 +digest: sha256:a373258f4c668f70e249c8310ba3a105e9b86301a9a7eb659b95d8449eafc05b +generated: "2023-09-18T10:42:11.392333+10:00" diff --git a/src/main/charts/crowd/Chart.yaml b/src/main/charts/crowd/Chart.yaml index b4ed3fa15..0f15ead6d 100644 --- a/src/main/charts/crowd/Chart.yaml +++ b/src/main/charts/crowd/Chart.yaml @@ -25,5 +25,5 @@ annotations: dependencies: - name: common - version: 1.2.3 + version: 1.2.4 repository: https://atlassian.github.io/data-center-helm-charts diff --git a/src/main/charts/crowd/README.md b/src/main/charts/crowd/README.md index 0bfe95f58..98c203fb5 100644 --- a/src/main/charts/crowd/README.md +++ b/src/main/charts/crowd/README.md @@ -17,7 +17,7 @@ Kubernetes: `>=1.21.x-0` | Repository | Name | Version | |------------|------|---------| -| https://atlassian.github.io/data-center-helm-charts | common | 1.2.3 | +| https://atlassian.github.io/data-center-helm-charts | common | 1.2.4 | ## Values @@ -113,6 +113,9 @@ Kubernetes: `>=1.21.x-0` | monitoring.jmxExporterCustomJarLocation | string | `nil` | Location of jmx_exporter jar file if mounted from a secret or manually copied to shared home | | monitoring.jmxExporterImageRepo | string | `"bitnami/jmx-exporter"` | Image repository with jmx_exporter jar | | monitoring.jmxExporterImageTag | string | `"0.18.0"` | Image tag to be used to pull jmxExporterImageRepo | +| monitoring.jmxExporterInitContainer | object | `{"customSecurityContext":{},"runAsRoot":true}` | JMX exporter init container configuration | +| monitoring.jmxExporterInitContainer.customSecurityContext | object | `{}` | Custom SecurityContext for the jmx exporter init container | +| monitoring.jmxExporterInitContainer.runAsRoot | bool | `true` | Whether to run JMX exporter init container as root to copy JMX exporter binary to shared home volume. Set to false if running containers as root is not allowed in the cluster. | | monitoring.jmxExporterPort | int | `9999` | Port number on which metrics will be available | | monitoring.jmxExporterPortType | string | `"ClusterIP"` | JMX exporter port type | | monitoring.jmxServiceAnnotations | object | `{}` | Annotations added to the jmx service | diff --git a/src/main/charts/crowd/values.yaml b/src/main/charts/crowd/values.yaml index 9e9268260..1f406fe77 100644 --- a/src/main/charts/crowd/values.yaml +++ b/src/main/charts/crowd/values.yaml @@ -819,6 +819,19 @@ monitoring: # exposeJmxMetrics: false + # -- JMX exporter init container configuration + # + jmxExporterInitContainer: + + # -- Whether to run JMX exporter init container as root to copy JMX exporter binary to shared home volume. + # Set to false if running containers as root is not allowed in the cluster. + # + runAsRoot: true + + # -- Custom SecurityContext for the jmx exporter init container + # + customSecurityContext: {} + # -- Annotations added to the jmx service # jmxServiceAnnotations: {} diff --git a/src/main/charts/jira/Chart.lock b/src/main/charts/jira/Chart.lock index 7aee9c05b..4489a11ab 100644 --- a/src/main/charts/jira/Chart.lock +++ b/src/main/charts/jira/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: https://atlassian.github.io/data-center-helm-charts - version: 1.2.3 -digest: sha256:19b32588659e732b2f75427b8bf2040b4daf93893f72f2de19ab76cc7f0e8623 -generated: "2023-06-28T12:29:27.369749+10:00" + version: 1.2.4 +digest: sha256:a373258f4c668f70e249c8310ba3a105e9b86301a9a7eb659b95d8449eafc05b +generated: "2023-09-18T10:42:18.321112+10:00" diff --git a/src/main/charts/jira/Chart.yaml b/src/main/charts/jira/Chart.yaml index 610aaf420..09ccc6756 100644 --- a/src/main/charts/jira/Chart.yaml +++ b/src/main/charts/jira/Chart.yaml @@ -26,5 +26,5 @@ annotations: dependencies: - name: common - version: 1.2.3 + version: 1.2.4 repository: https://atlassian.github.io/data-center-helm-charts diff --git a/src/main/charts/jira/README.md b/src/main/charts/jira/README.md index bc3021d37..1cc8ffcfa 100644 --- a/src/main/charts/jira/README.md +++ b/src/main/charts/jira/README.md @@ -17,7 +17,7 @@ Kubernetes: `>=1.21.x-0` | Repository | Name | Version | |------------|------|---------| -| https://atlassian.github.io/data-center-helm-charts | common | 1.2.3 | +| https://atlassian.github.io/data-center-helm-charts | common | 1.2.4 | ## Values @@ -130,6 +130,9 @@ Kubernetes: `>=1.21.x-0` | monitoring.jmxExporterCustomJarLocation | string | `nil` | Location of jmx_exporter jar file if mounted from a secret or manually copied to shared home | | monitoring.jmxExporterImageRepo | string | `"bitnami/jmx-exporter"` | Image repository with jmx_exporter jar | | monitoring.jmxExporterImageTag | string | `"0.18.0"` | Image tag to be used to pull jmxExporterImageRepo | +| monitoring.jmxExporterInitContainer | object | `{"customSecurityContext":{},"runAsRoot":true}` | JMX exporter init container configuration | +| monitoring.jmxExporterInitContainer.customSecurityContext | object | `{}` | Custom SecurityContext for the jmx exporter init container | +| monitoring.jmxExporterInitContainer.runAsRoot | bool | `true` | Whether to run JMX exporter init container as root to copy JMX exporter binary to shared home volume. Set to false if running containers as root is not allowed in the cluster. | | monitoring.jmxExporterPort | int | `9999` | Port number on which metrics will be available | | monitoring.jmxExporterPortType | string | `"ClusterIP"` | JMX exporter port type | | monitoring.jmxServiceAnnotations | object | `{}` | Annotations added to the jmx service | diff --git a/src/main/charts/jira/values.yaml b/src/main/charts/jira/values.yaml index 79dd6eeb0..f53c3749f 100644 --- a/src/main/charts/jira/values.yaml +++ b/src/main/charts/jira/values.yaml @@ -809,6 +809,19 @@ monitoring: # exposeJmxMetrics: false + # -- JMX exporter init container configuration + # + jmxExporterInitContainer: + + # -- Whether to run JMX exporter init container as root to copy JMX exporter binary to shared home volume. + # Set to false if running containers as root is not allowed in the cluster. + # + runAsRoot: true + + # -- Custom SecurityContext for the jmx exporter init container + # + customSecurityContext: {} + # -- Annotations added to the jmx service # jmxServiceAnnotations: {} diff --git a/src/test/java/test/JmxMetricsTest.java b/src/test/java/test/JmxMetricsTest.java index 29b5192f7..0d9bd9f56 100644 --- a/src/test/java/test/JmxMetricsTest.java +++ b/src/test/java/test/JmxMetricsTest.java @@ -66,6 +66,41 @@ void expose_jmx_metrics_enabled_init_container(Product product) throws Exception } } + @ParameterizedTest + @EnumSource(value = Product.class, names = {"bamboo_agent"}, mode = EnumSource.Mode.EXCLUDE) + void expose_jmx_metrics_enabled_init_container_run_as_root(Product product) throws Exception { + final var resources = helm.captureKubeResourcesFromHelmChart(product, Map.of( + "monitoring.exposeJmxMetrics", "true" + )); + StatefulSet statefulSet = resources.getStatefulSet(product.getHelmReleaseName()); + assertThat(statefulSet.getInitContainer("fetch-jmx-exporter").get().path("securityContext").path("runAsUser")).hasValueEqualTo(0); + } + + @ParameterizedTest + @EnumSource(value = Product.class, names = {"bamboo_agent"}, mode = EnumSource.Mode.EXCLUDE) + void expose_jmx_metrics_enabled_init_container_no_root(Product product) throws Exception { + final var resources = helm.captureKubeResourcesFromHelmChart(product, Map.of( + "monitoring.exposeJmxMetrics", "true", + "monitoring.jmxExporterInitContainer.runAsRoot", "false" + )); + StatefulSet statefulSet = resources.getStatefulSet(product.getHelmReleaseName()); + assertThat(statefulSet.getInitContainer("fetch-jmx-exporter").get().path("securityContext")).isEmpty(); + } + + @ParameterizedTest + @EnumSource(value = Product.class, names = {"bamboo_agent"}, mode = EnumSource.Mode.EXCLUDE) + void expose_jmx_metrics_enabled_init_container_custom_security_context(Product product) throws Exception { + final var resources = helm.captureKubeResourcesFromHelmChart(product, Map.of( + "monitoring.exposeJmxMetrics", "true", + "monitoring.jmxExporterInitContainer.runAsRoot", "false", + "monitoring.jmxExporterInitContainer.customSecurityContext.fsGroup", "1009", + "monitoring.jmxExporterInitContainer.customSecurityContext.runAsUser", "true" + )); + StatefulSet statefulSet = resources.getStatefulSet(product.getHelmReleaseName()); + assertThat(statefulSet.getInitContainer("fetch-jmx-exporter").get().path("securityContext").path("fsGroup")).hasValueEqualTo(1009); + assertThat(statefulSet.getInitContainer("fetch-jmx-exporter").get().path("securityContext").path("runAsUser")).hasToString("true"); + } + @ParameterizedTest @EnumSource(value = Product.class, names = {"bamboo_agent"}, mode = EnumSource.Mode.EXCLUDE) void expose_jmx_metrics_enabled_custom_vol_paths(Product product) throws Exception {