[bitnami/argo-workflows] Detect non-standard images (#30864)

* [bitnami/argo-workflows] Detect non-standard images

Signed-off-by: Carlos Rodríguez Hernández <[email protected]>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <[email protected]>

* Update NOTES.txt

Signed-off-by: Carlos Rodríguez Hernández <[email protected]>

* Modify values.yaml

Signed-off-by: Carlos Rodríguez Hernández <[email protected]>

* Update README.md with readme-generator-for-helm

Signed-off-by: Bitnami Containers <[email protected]>

---------

Signed-off-by: Carlos Rodríguez Hernández <[email protected]>
Signed-off-by: Bitnami Containers <[email protected]>
Co-authored-by: Bitnami Containers <[email protected]>

Author: Carlos Rodríguez Hernández

bitnami/argo-workflows/CHANGELOG.md

@@ -1,8 +1,12 @@
 # Changelog
 
-## 11.0.3 (2024-12-03)
+## 11.1.0 (2024-12-10)
 
-* [bitnami/argo-workflows] Release 11.0.3 ([#30740](https://github.com/bitnami/charts/pull/30740))
+* [bitnami/argo-workflows] Detect non-standard images ([#30864](https://github.com/bitnami/charts/pull/30864))
+
+## <small>11.0.3 (2024-12-03)</small>
+
+* [bitnami/argo-workflows] Release 11.0.3 (#30740) ([a3c6c77](https://github.com/bitnami/charts/commit/a3c6c77e3ed1f94056b2fc4212167b326c66bff6)), closes [#30740](https://github.com/bitnami/charts/issues/30740)
 
 ## <small>11.0.2 (2024-12-02)</small>
 

bitnami/argo-workflows/Chart.lock

@@ -1,12 +1,12 @@
 dependencies:
 - name: postgresql
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 16.2.4
+  version: 16.2.5
 - name: mysql
   repository: oci://registry-1.docker.io/bitnamicharts
   version: 12.1.0
 - name: common
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 2.27.2
-digest: sha256:bb7f67a6c36c2c166621735f606b86482be6498c47f6a130167a8cc6e9e1605a
-generated: "2024-12-03T21:22:08.25248735Z"
+  version: 2.28.0
+digest: sha256:e4bffd7686f2f5e89fed88de531bd159e9075bfc84ad0bd112f538ea0b3cb05b
+generated: "2024-12-10T16:49:26.840282+01:00"

bitnami/argo-workflows/Chart.yaml

@@ -42,4 +42,4 @@ maintainers:
 name: argo-workflows
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/argo-workflows
-version: 11.0.3
+version: 11.1.0

bitnami/argo-workflows/README.md

@@ -218,12 +218,13 @@ As an alternative, use one of the preset configurations for pod affinity, pod an
 
 ### Global parameters
 
-| Name                                                  | Description                                                                                                                                                                                                                                                                                                                                                         | Value  |
-| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ |
-| `global.imageRegistry`                                | Global Docker image registry                                                                                                                                                                                                                                                                                                                                        | `""`   |
-| `global.imagePullSecrets`                             | Global Docker registry secret names as an array                                                                                                                                                                                                                                                                                                                     | `[]`   |
-| `global.defaultStorageClass`                          | Global default StorageClass for Persistent Volume(s)                                                                                                                                                                                                                                                                                                                | `""`   |
-| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` |
+| Name                                                  | Description                                                                                                                                                                                                                                                                                                                                                         | Value   |
+| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
+| `global.imageRegistry`                                | Global Docker image registry                                                                                                                                                                                                                                                                                                                                        | `""`    |
+| `global.imagePullSecrets`                             | Global Docker registry secret names as an array                                                                                                                                                                                                                                                                                                                     | `[]`    |
+| `global.defaultStorageClass`                          | Global default StorageClass for Persistent Volume(s)                                                                                                                                                                                                                                                                                                                | `""`    |
+| `global.security.allowInsecureImages`                 | Allows skipping image verification                                                                                                                                                                                                                                                                                                                                  | `false` |
+| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto`  |
 
 ### Common parameters
 
@@ -604,6 +605,10 @@ Find more information about how to deal with common errors related to Bitnami's
 
 ## Upgrading
 
+### To 11.1.0
+
+This version introduces image verification for security purposes. To disable it, set `global.security.allowInsecureImages` to `true`. More details at [GitHub issue](https://github.com/bitnami/charts/issues/30850).
+
 ### To 11.0.0
 
 This major bump updates the MySQL subchart to version 12.0.0. This subchart updates the StatefulSet objects `serviceName` to use a headless service, as the current non-headless service attached to it was not providing DNS entries. This will cause an upgrade issue because it changes "immutable fields". To workaround it, delete the StatefulSet objects as follows (replace the RELEASE_NAME placeholder):

bitnami/argo-workflows/templates/NOTES.txt

@@ -63,4 +63,5 @@ Obtain the Argo Workflows access token:
 {{- include "common.warnings.rollingTag" .Values.executor.image }}
 {{- include "argo-workflows.validateValues" . }}
 {{- include "common.warnings.resources" (dict "sections" (list "controller" "executor" "server") "context" $) }}
-{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.server.image .Values.controller.image .Values.executor.image) "context" $) }}
+{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.server.image .Values.controller.image .Values.executor.image) "context" $) }}
+{{- include "common.errors.insecureImages" (dict "images" (list .Values.server.image .Values.controller.image .Values.executor.image) "context" $) }}

bitnami/argo-workflows/values.yaml

@@ -17,6 +17,11 @@ global:
   ##
   imagePullSecrets: []
   defaultStorageClass: ""
+  ## Security parameters
+  ##
+  security:
+    ## @param global.security.allowInsecureImages Allows skipping image verification
+    allowInsecureImages: false
   ## Compatibility adaptations for Kubernetes platforms
   ##
   compatibility: