diff --git a/bitnami/nats/Chart.yaml b/bitnami/nats/Chart.yaml index 070519b596..37fd88e225 100644 --- a/bitnami/nats/Chart.yaml +++ b/bitnami/nats/Chart.yaml @@ -31,4 +31,4 @@ maintainers: name: nats sources: - https://github.com/bitnami/charts/tree/main/bitnami/nats -version: 7.10.10 +version: 7.11.0 diff --git a/bitnami/nats/README.md b/bitnami/nats/README.md index 3c3cb79068..ce15f2a0f0 100644 --- a/bitnami/nats/README.md +++ b/bitnami/nats/README.md @@ -128,8 +128,12 @@ The command removes all the Kubernetes components associated with the chart and | `containerPorts.cluster` | NATS cluster container port | `6222` | | `containerPorts.monitoring` | NATS monitoring container port | `8222` | | `podSecurityContext.enabled` | Enabled NATS pods' Security Context | `true` | +| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | | `podSecurityContext.fsGroup` | Set NATS pod's Security Context fsGroup | `1001` | | `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | | `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | | `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | diff --git a/bitnami/nats/values.yaml b/bitnami/nats/values.yaml index 050f70dbf2..f3f56bf749 100644 --- a/bitnami/nats/values.yaml +++ b/bitnami/nats/values.yaml @@ -324,14 +324,21 @@ containerPorts: ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param podSecurityContext.enabled Enabled NATS pods' Security Context +## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy +## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface +## @param podSecurityContext.supplementalGroups Set filesystem extra groups ## @param podSecurityContext.fsGroup Set NATS pod's Security Context fsGroup ## podSecurityContext: enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] fsGroup: 1001 ## Configure Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param containerSecurityContext.enabled Enabled containers' Security Context +## @param containerSecurityContext.seLinuxOptions Set SELinux options in container ## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param containerSecurityContext.privileged Set container's Security Context privileged @@ -342,6 +349,7 @@ podSecurityContext: ## containerSecurityContext: enabled: true + seLinuxOptions: {} runAsUser: 1001 runAsNonRoot: true privileged: false