-
Notifications
You must be signed in to change notification settings - Fork 8.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[bitnami/mariadb] feat!: 🔒 💥 Enable networkPolicy #23054
Conversation
Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
- ports: | ||
- port: {{ .Values.primary.containerPorts.mysql }} | ||
- port: {{ .Values.secondary.containerPorts.mysql }} | ||
- port: {{ .Values.primary.service.ports.mysql }} | ||
- port: {{ .Values.secondary.service.ports.mysql }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just to double check because, right now, I have not in the top of my mind all the connections involved.
I am not sure if for example connections to secondary.service.ports.mysql
would be made by the cluster, or if it would be only to the secondary nodes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The secondary nodes would need to connect to the primary for joining the cluster, and the primary may need to connect to the secondary for operations like synchronous commits.
Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
Signed-off-by: Javier J. Salmerón-García <jsalmeron@vmware.com>
Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
* [bitnami/mariadb-galera] feat!: 🔒 💥 Enable networkPolicy Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> * docs: 📝 Improve upgrading notes Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> * fix: 🐛 Remove unnecessary ports Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> --------- Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> Signed-off-by: Javier J. Salmerón-García <jsalmeron@vmware.com> Co-authored-by: Bitnami Containers <bitnami-bot@vmware.com> Signed-off-by: Jose Antonio Carmona <jcarmona@vmware.com>
BREAKING CHANGE
Signed-off-by: Javier Salmeron Garcia jsalmeron@vmware.com
Description of the change
This PR normalizes the use of NetworkPolicy in the chart. Adds all Bitnami standards for NetworkPolicies as well as enabling it by default, in order to comply with security checklists.
Benefits
More security in the chart
Possible drawbacks
Applicable issues
Additional information
Checklist
Chart.yaml
according to semver. This is not necessary when the changes only affect README.md files.README.md
using readme-generator-for-helm