Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[bitnami/thanos] feat!: ♻️ 🔒 Refactor and enable NetworkPolicy by default #22687

Merged
merged 10 commits into from
Feb 14, 2024
Merged

[bitnami/thanos] feat!: ♻️ 🔒 Refactor and enable NetworkPolicy by default #22687

merged 10 commits into from
Feb 14, 2024

Conversation

javsalgar
Copy link
Contributor

Signed-off-by: Javier Salmeron Garcia jsalmeron@vmware.com

BREAKING CHANGES

Description of the change

This major version changes the NetworkPolicy objects and creates one per Thanos component. The networkPolicy common value was removed in favor of COMPONENT.networkPolicy. Also, NetworkPolicy objects are deployed by default. This can be changed by setting COMPONENT.networkPolicy.enabled=false being COMPONENT one of the Thanos components.

This version also removes deprecated service port values like receive.service.http.port in favor of recieve.service.ports.http, as well as existingServiceAccount.

Benefits

Improved security of the chart

Possible drawbacks

Applicable issues

  • fixes #

Additional information

Checklist

  • Chart version bumped in Chart.yaml according to semver. This is not necessary when the changes only affect README.md files.
  • Variables are documented in the values.yaml and added to the README.md using readme-generator-for-helm
  • Title of the pull request follows this pattern [bitnami/<name_of_the_chart>] Descriptive title
  • All commits signed off and in agreement of Developer Certificate of Origin (DCO)

@javsalgar
[bitnami/thanos] feat!: ♻️ 🔒 Refactor and enable NetworkPolicy by def…
4bd7f2b 
…ault

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
@bitnami-bot bitnami-bot added the verify Execute verification workflow for these changes label Jan 24, 2024
@github-actions github-actions bot requested a review from dgomezleon January 24, 2024 12:36
javsalgar and others added 8 commits January 25, 2024 10:45
@javsalgar
fix: 🐛 Allow ingress for members of the chart
5dad86a 
Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
@javsalgar
Merge branch 'main' into fix/thanos-networkPolicy
5020ae7 
Signed-off-by: Javier J. Salmerón-García <jsalmeron@vmware.com>
@javsalgar
fix: 🐛 Add allowExternalEgress
e27235b 
Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
@javsalgar
Merge branch 'main' into fix/thanos-networkPolicy
02f23d5 
Signed-off-by: Javier J. Salmerón-García <jsalmeron@vmware.com>
@javsalgar
test: 🔧 Update cypress endpoint
7196c6b 
Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
@javsalgar
Merge branch 'main' into fix/thanos-networkPolicy
72de828 
Signed-off-by: Javier J. Salmerón-García <jsalmeron@vmware.com>
@javsalgar
Update values.yaml
d194f18 
Signed-off-by: Javier J. Salmerón-García <jsalmeron@vmware.com>
@bitnami-bot
Update README.md with readme-generator-for-helm
69bea13 
Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
dgomezleon
dgomezleon previously approved these changes Feb 13, 2024
View reviewed changes
Copy link
Member

@dgomezleon dgomezleon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Just a minor question. Could it be possible to unify query-frontend vs queryfrontend?

@javsalgar
chore: ♻️ Unify queryfrontend and query-frontend
bd5b095 
Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
@javsalgar javsalgar merged commit 89643fd into main Feb 14, 2024
10 checks passed
@javsalgar javsalgar deleted the fix/thanos-networkPolicy branch February 14, 2024 10:52
antonblr pushed a commit to antonblr/charts that referenced this pull request Feb 15, 2024
@javsalgar @bitnami-bot @antonblr
[bitnami/thanos] feat!: ♻️ 🔒 Refactor and enable NetworkPolicy by def…
2c71925 
…ault (bitnami#22687)

* [bitnami/thanos] feat!: ♻️ 🔒 Refactor and enable NetworkPolicy by default

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* fix: 🐛 Allow ingress for members of the chart

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* fix: 🐛 Add allowExternalEgress

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* test: 🔧 Update cypress endpoint

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* Update values.yaml

Signed-off-by: Javier J. Salmerón-García <jsalmeron@vmware.com>

* Update README.md with readme-generator-for-helm

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

* chore: ♻️ Unify queryfrontend and query-frontend

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

---------

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
Signed-off-by: Javier J. Salmerón-García <jsalmeron@vmware.com>
Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
Co-authored-by: Bitnami Containers <bitnami-bot@vmware.com>
joancafom pushed a commit to dalbani/charts that referenced this pull request Feb 22, 2024
@javsalgar @bitnami-bot @joancafom
[bitnami/thanos] feat!: ♻️ 🔒 Refactor and enable NetworkPolicy by def…
0963fbe 
…ault (bitnami#22687)

* [bitnami/thanos] feat!: ♻️ 🔒 Refactor and enable NetworkPolicy by default

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* fix: 🐛 Allow ingress for members of the chart

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* fix: 🐛 Add allowExternalEgress

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* test: 🔧 Update cypress endpoint

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* Update values.yaml

Signed-off-by: Javier J. Salmerón-García <jsalmeron@vmware.com>

* Update README.md with readme-generator-for-helm

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

* chore: ♻️ Unify queryfrontend and query-frontend

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

---------

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
Signed-off-by: Javier J. Salmerón-García <jsalmeron@vmware.com>
Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
Co-authored-by: Bitnami Containers <bitnami-bot@vmware.com>
Signed-off-by: Jose Antonio Carmona <jcarmona@vmware.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dgomezleon dgomezleon dgomezleon left review comments

Assignees

@dgomezleon dgomezleon

Labels
bitnami solved thanos verify Execute verification workflow for these changes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@javsalgar @dgomezleon @bitnami-bot