[bitnami/appsmith] feat: ✨ Add support for PSA restricted policy (#20380)

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
2026-03-16 06:47:30 +08:00 · 2023-10-25 13:01:33 +02:00
parent 3542124125
commit 0d188c5c15
3 changed files with 229 additions and 187 deletions
--- a/bitnami/appsmith/values.yaml
+++ b/bitnami/appsmith/values.yaml
@@ -181,12 +181,22 @@ client:
  ## @param client.containerSecurityContext.runAsUser Set Appsmith client containers' Security Context runAsUser
  ## @param client.containerSecurityContext.runAsNonRoot Set Appsmith client containers' Security Context runAsNonRoot
  ## @param client.containerSecurityContext.readOnlyRootFilesystem Set Appsmith client containers' Security Context runAsNonRoot
+  ## @param client.containerSecurityContext.privileged Set client container's Security Context privileged
+  ## @param client.containerSecurityContext.allowPrivilegeEscalation Set client container's Security Context allowPrivilegeEscalation
+  ## @param client.containerSecurityContext.capabilities.drop List of capabilities to be dropped
+  ## @param client.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
  ##
  containerSecurityContext:
    enabled: true
    runAsUser: 1001
    runAsNonRoot: true
    readOnlyRootFilesystem: false
+    privileged: false
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop: ["ALL"]
+    seccompProfile:
+      type: "RuntimeDefault"

  ## @param client.command Override default container command (useful when using custom images)
  ##
@@ -586,12 +596,22 @@ backend:
  ## @param backend.containerSecurityContext.runAsUser Set Appsmith backend containers' Security Context runAsUser
  ## @param backend.containerSecurityContext.runAsNonRoot Set Appsmith backend containers' Security Context runAsNonRoot
  ## @param backend.containerSecurityContext.readOnlyRootFilesystem Set Appsmith backend containers' Security Context runAsNonRoot
+  ## @param backend.containerSecurityContext.privileged Set backend container's Security Context privileged
+  ## @param backend.containerSecurityContext.allowPrivilegeEscalation Set backend container's Security Context allowPrivilegeEscalation
+  ## @param backend.containerSecurityContext.capabilities.drop List of capabilities to be dropped
+  ## @param backend.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
  ##
  containerSecurityContext:
    enabled: true
    runAsUser: 1001
    runAsNonRoot: true
    readOnlyRootFilesystem: false
+    privileged: false
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop: ["ALL"]
+    seccompProfile:
+      type: "RuntimeDefault"

  ## @param backend.command Override default container command (useful when using custom images)
  ##
@@ -910,12 +930,22 @@ rts:
  ## @param rts.containerSecurityContext.runAsUser Set Appsmith rts containers' Security Context runAsUser
  ## @param rts.containerSecurityContext.runAsNonRoot Set Appsmith rts containers' Security Context runAsNonRoot
  ## @param rts.containerSecurityContext.readOnlyRootFilesystem Set Appsmith rts containers' Security Context runAsNonRoot
+  ## @param rts.containerSecurityContext.privileged Set rts container's Security Context privileged
+  ## @param rts.containerSecurityContext.allowPrivilegeEscalation Set rts container's Security Context allowPrivilegeEscalation
+  ## @param rts.containerSecurityContext.capabilities.drop List of capabilities to be dropped
+  ## @param rts.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
  ##
  containerSecurityContext:
    enabled: true
    runAsUser: 1001
    runAsNonRoot: true
    readOnlyRootFilesystem: false
+    privileged: false
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop: ["ALL"]
+    seccompProfile:
+      type: "RuntimeDefault"

  ## @param rts.command Override default container command (useful when using custom images)
  ##