robot: project vpa chart upgrades from 4.5.0 to 4.7.1

Signed-off-by: robot <[email protected]>
DaoCloud · Nov 13, 2024 · 2134283 · 2134283
1 parent 88c224b
commit 2134283
Show file tree

Hide file tree

Showing 10 changed files with 77 additions and 22 deletions.
diff --git a/charts/vpa/config b/charts/vpa/config
@@ -4,7 +4,7 @@ export USE_OPENSOURCE_CHART=false
 export REPO_URL=https://charts.fairwinds.com/stable
 export REPO_NAME=fairwinds-stable
 export CHART_NAME=vpa
-export VERSION=4.5.0
+export VERSION=4.7.1
 
 # pr, issue, none
 export UPGRADE_METHOD=pr

diff --git a/charts/vpa/vpa/Chart.yaml b/charts/vpa/vpa/Chart.yaml
@@ -10,10 +10,10 @@ sources:
   - https://github.com/FairwindsOps/charts/tree/master/stable/vpa
   - https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler
 type: application
-version: 4.5.0
+version: 4.7.1
 dependencies:
   - name: vpa
-    version: "4.5.0"
+    version: "4.7.1"
     repository: "https://charts.fairwinds.com/stable"
 annotations:
   addon.kpanda.io/namespace: kube-system

diff --git a/charts/vpa/vpa/README.md b/charts/vpa/vpa/README.md
@@ -202,8 +202,8 @@ recommender:
 | admissionController.certGen.image.pullPolicy | string | `"Always"` | The pull policy for the certgen image. Recommend not changing this |
 | admissionController.certGen.env | object | `{}` | Additional environment variables to be added to the certgen container. Format is KEY: Value format |
 | admissionController.certGen.resources | object | `{}` | The resources block for the certgen pod |
-| admissionController.certGen.securityContext | object | `{}` | The securityContext block for the certgen container(s) |
-| admissionController.certGen.podSecurityContext | object | `{}` | The securityContext block for the certgen pod(s) |
+| admissionController.certGen.podSecurityContext | object | `{"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}}` | The securityContext block for the certgen pod(s) |
+| admissionController.certGen.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true}` | The securityContext block for the certgen container(s) |
 | admissionController.certGen.nodeSelector | object | `{}` |  |
 | admissionController.certGen.tolerations | list | `[]` |  |
 | admissionController.certGen.affinity | object | `{}` |  |

diff --git a/charts/vpa/vpa/charts/vpa/Chart.yaml b/charts/vpa/vpa/charts/vpa/Chart.yaml
@@ -16,4 +16,4 @@ sources:
 - https://github.com/FairwindsOps/charts/tree/master/stable/vpa
 - https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler
 type: application
-version: 4.5.0
+version: 4.7.1
diff --git a/charts/vpa/vpa/charts/vpa/README.md b/charts/vpa/vpa/charts/vpa/README.md
@@ -202,8 +202,8 @@ recommender:
 | admissionController.certGen.image.pullPolicy | string | `"Always"` | The pull policy for the certgen image. Recommend not changing this |
 | admissionController.certGen.env | object | `{}` | Additional environment variables to be added to the certgen container. Format is KEY: Value format |
 | admissionController.certGen.resources | object | `{}` | The resources block for the certgen pod |
-| admissionController.certGen.securityContext | object | `{}` | The securityContext block for the certgen container(s) |
-| admissionController.certGen.podSecurityContext | object | `{}` | The securityContext block for the certgen pod(s) |
+| admissionController.certGen.podSecurityContext | object | `{"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}}` | The securityContext block for the certgen pod(s) |
+| admissionController.certGen.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true}` | The securityContext block for the certgen container(s) |
 | admissionController.certGen.nodeSelector | object | `{}` |  |
 | admissionController.certGen.tolerations | list | `[]` |  |
 | admissionController.certGen.affinity | object | `{}` |  |

diff --git a/charts/vpa/vpa/charts/vpa/crds/vpa-v1-crd.yaml b/charts/vpa/vpa/charts/vpa/crds/vpa-v1-crd.yaml
@@ -283,9 +283,11 @@ spec:
               resourcePolicy:
                 description: Controls how the autoscaler computes recommended resources.
                   The resource policy may be used to set constraints on the recommendations
-                  for individual containers. If not specified, the autoscaler computes
-                  recommended resources for all containers in the pod, without additional
-                  constraints.
+                  for individual containers. If any individual containers need to
+                  be excluded from getting the VPA recommendations, then it must be
+                  disabled explicitly by setting mode to "Off" under containerPolicies.
+                  If not specified, the autoscaler computes recommended resources
+                  for all containers in the pod, without additional constraints.
                 properties:
                   containerPolicies:
                     description: Per-container resource policies.
@@ -397,7 +399,7 @@ spec:
                           - TargetHigherThanRequests
                           - TargetLowerThanRequests
                           type: string
-                        resource:
+                        resources:
                           description: Resources is a list of one or more resources
                             that the condition applies to. If more than one resource
                             is given, the EvictionRequirement is fulfilled if at least
@@ -409,7 +411,7 @@ spec:
                           type: array
                       required:
                       - changeRequirement
-                      - resource
+                      - resources
                       type: object
                     type: array
                   minReplicas:

diff --git a/charts/vpa/vpa/charts/vpa/templates/recommender-deployment.yaml b/charts/vpa/vpa/charts/vpa/templates/recommender-deployment.yaml
@@ -68,7 +68,7 @@ spec:
           {{- $insightsRecommenderArgs := index $extraArgs "use-insights-recommender" | default dict }}
           {{- if or .Values.recommender.envFromSecret $insightsRecommenderArgs }}
           envFrom:
-          {{- if $insightsRecommenderArgs }}
+          {{- if and (not .Values.recommender.envFromSecret) $insightsRecommenderArgs }}
           - secretRef:
               name: {{ .Release.Name }}-token
           {{- end }}

diff --git a/charts/vpa/vpa/charts/vpa/values.yaml b/charts/vpa/vpa/charts/vpa/values.yaml
@@ -221,10 +221,19 @@ admissionController:
     env: {}
     # admissionController.certGen.resources -- The resources block for the certgen pod
     resources: {}
-    # admissionController.certGen.securityContext -- The securityContext block for the certgen container(s)
-    securityContext: {}
     # admissionController.certGen.podSecurityContext -- The securityContext block for the certgen pod(s)
-    podSecurityContext: {}
+    podSecurityContext:
+      runAsNonRoot: true
+      runAsUser: 65534
+      seccompProfile:
+        type: RuntimeDefault
+    # admissionController.certGen.securityContext -- The securityContext block for the certgen container(s)
+    securityContext:
+      readOnlyRootFilesystem: true
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+          - ALL
     nodeSelector: {}
     tolerations: []
     affinity: {}

diff --git a/charts/vpa/vpa/values.schema.json b/charts/vpa/vpa/values.schema.json
@@ -41,13 +41,48 @@
                                     "type": "object"
                                 },
                                 "podSecurityContext": {
-                                    "type": "object"
+                                    "type": "object",
+                                    "properties": {
+                                        "runAsNonRoot": {
+                                            "type": "boolean"
+                                        },
+                                        "runAsUser": {
+                                            "type": "integer"
+                                        },
+                                        "seccompProfile": {
+                                            "type": "object",
+                                            "properties": {
+                                                "type": {
+                                                    "type": "string"
+                                                }
+                                            }
+                                        }
+                                    }
                                 },
                                 "resources": {
                                     "type": "object"
                                 },
                                 "securityContext": {
-                                    "type": "object"
+                                    "type": "object",
+                                    "properties": {
+                                        "allowPrivilegeEscalation": {
+                                            "type": "boolean"
+                                        },
+                                        "capabilities": {
+                                            "type": "object",
+                                            "properties": {
+                                                "drop": {
+                                                    "type": "array",
+                                                    "items": {
+                                                        "type": "string"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "readOnlyRootFilesystem": {
+                                            "type": "boolean"
+                                        }
+                                    }
                                 },
                                 "tolerations": {
                                     "type": "array"

diff --git a/charts/vpa/vpa/values.yaml b/charts/vpa/vpa/values.yaml
@@ -224,10 +224,19 @@ vpa:
       env: {}
       # admissionController.certGen.resources -- The resources block for the certgen pod
       resources: {}
-      # admissionController.certGen.securityContext -- The securityContext block for the certgen container(s)
-      securityContext: {}
       # admissionController.certGen.podSecurityContext -- The securityContext block for the certgen pod(s)
-      podSecurityContext: {}
+      podSecurityContext:
+        runAsNonRoot: true
+        runAsUser: 65534
+        seccompProfile:
+          type: RuntimeDefault
+      # admissionController.certGen.securityContext -- The securityContext block for the certgen container(s)
+      securityContext:
+        readOnlyRootFilesystem: true
+        allowPrivilegeEscalation: false
+        capabilities:
+          drop:
+            - ALL
       nodeSelector: {}
       tolerations: []
       affinity: {}