mirror of
https://github.com/bitnami/charts.git
synced 2026-03-09 15:38:00 +08:00
[bitnami/mariadb] fix: 🔒 Improve podSecurityContext and containerSecurityContext with essential security fields (#22148)
* [bitnami/mariadb] fix: 🔒 Improve podSecurityContext and containerSecurityContext with essential security fields Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> * chore: 🔧 Bump chart version Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> --------- Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
committed by
GitHub
GitHub
parent
4bf551acb5
commit
37639adadb
@@ -34,4 +34,4 @@ maintainers:
|
||||
name: mariadb
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/mariadb
|
||||
version: 15.0.1
|
||||
version: 15.1.0
|
||||
|
||||
@@ -135,8 +135,12 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
| `primary.priorityClassName` | Priority class for MariaDB primary pods assignment | `""` |
|
||||
| `primary.runtimeClassName` | Runtime Class for MariaDB primary pods | `""` |
|
||||
| `primary.podSecurityContext.enabled` | Enable security context for MariaDB primary pods | `true` |
|
||||
| `primary.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
| `primary.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
|
||||
| `primary.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
|
||||
| `primary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` |
|
||||
| `primary.containerSecurityContext.enabled` | MariaDB primary container securityContext | `true` |
|
||||
| `primary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
|
||||
| `primary.containerSecurityContext.runAsUser` | User ID for the MariaDB primary container | `1001` |
|
||||
| `primary.containerSecurityContext.runAsNonRoot` | Set primary container's Security Context runAsNonRoot | `true` |
|
||||
| `primary.containerSecurityContext.privileged` | Set primary container's Security Context privileged | `false` |
|
||||
@@ -231,8 +235,12 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
| `secondary.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
|
||||
| `secondary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MariaDB secondary pods | `""` |
|
||||
| `secondary.podSecurityContext.enabled` | Enable security context for MariaDB secondary pods | `true` |
|
||||
| `secondary.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
| `secondary.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
|
||||
| `secondary.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
|
||||
| `secondary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` |
|
||||
| `secondary.containerSecurityContext.enabled` | MariaDB secondary container securityContext | `true` |
|
||||
| `secondary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
|
||||
| `secondary.containerSecurityContext.runAsUser` | User ID for the MariaDB secondary container | `1001` |
|
||||
| `secondary.containerSecurityContext.runAsNonRoot` | Set secondary container's Security Context runAsNonRoot | `true` |
|
||||
| `secondary.containerSecurityContext.privileged` | Set secondary container's Security Context privileged | `false` |
|
||||
@@ -333,6 +341,7 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
| `metrics.extraArgs` | Extra args to be passed to mysqld_exporter | `{}` |
|
||||
| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB metrics container(s) | `{}` |
|
||||
| `metrics.containerSecurityContext.enabled` | Enable security context for MariaDB metrics container | `false` |
|
||||
| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
|
||||
| `metrics.containerSecurityContext.runAsUser` | User ID for the MariaDB metrics container | `1001` |
|
||||
| `metrics.containerSecurityContext.runAsNonRoot` | Set metrics container's Security Context runAsNonRoot | `true` |
|
||||
| `metrics.containerSecurityContext.privileged` | Set metrics container's Security Context privileged | `false` |
|
||||
|
||||
@@ -313,14 +313,21 @@ primary:
|
||||
## MariaDB primary Pod security context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||||
## @param primary.podSecurityContext.enabled Enable security context for MariaDB primary pods
|
||||
## @param primary.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
|
||||
## @param primary.podSecurityContext.sysctls Set kernel settings using the sysctl interface
|
||||
## @param primary.podSecurityContext.supplementalGroups Set filesystem extra groups
|
||||
## @param primary.podSecurityContext.fsGroup Group ID for the mounted volumes' filesystem
|
||||
##
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroupChangePolicy: Always
|
||||
sysctls: []
|
||||
supplementalGroups: []
|
||||
fsGroup: 1001
|
||||
## MariaDB primary container security context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
## @param primary.containerSecurityContext.enabled MariaDB primary container securityContext
|
||||
## @param primary.containerSecurityContext.seLinuxOptions Set SELinux options in container
|
||||
## @param primary.containerSecurityContext.runAsUser User ID for the MariaDB primary container
|
||||
## @param primary.containerSecurityContext.runAsNonRoot Set primary container's Security Context runAsNonRoot
|
||||
## @param primary.containerSecurityContext.privileged Set primary container's Security Context privileged
|
||||
@@ -330,6 +337,7 @@ primary:
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
seLinuxOptions: {}
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
@@ -715,14 +723,21 @@ secondary:
|
||||
## MariaDB secondary Pod security context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||||
## @param secondary.podSecurityContext.enabled Enable security context for MariaDB secondary pods
|
||||
## @param secondary.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
|
||||
## @param secondary.podSecurityContext.sysctls Set kernel settings using the sysctl interface
|
||||
## @param secondary.podSecurityContext.supplementalGroups Set filesystem extra groups
|
||||
## @param secondary.podSecurityContext.fsGroup Group ID for the mounted volumes' filesystem
|
||||
##
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroupChangePolicy: Always
|
||||
sysctls: []
|
||||
supplementalGroups: []
|
||||
fsGroup: 1001
|
||||
## MariaDB secondary container security context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
## @param secondary.containerSecurityContext.enabled MariaDB secondary container securityContext
|
||||
## @param secondary.containerSecurityContext.seLinuxOptions Set SELinux options in container
|
||||
## @param secondary.containerSecurityContext.runAsUser User ID for the MariaDB secondary container
|
||||
## @param secondary.containerSecurityContext.runAsNonRoot Set secondary container's Security Context runAsNonRoot
|
||||
## @param secondary.containerSecurityContext.privileged Set secondary container's Security Context privileged
|
||||
@@ -732,6 +747,7 @@ secondary:
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
seLinuxOptions: {}
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
@@ -1116,6 +1132,7 @@ metrics:
|
||||
## MariaDB metrics container Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
## @param metrics.containerSecurityContext.enabled Enable security context for MariaDB metrics container
|
||||
## @param metrics.containerSecurityContext.seLinuxOptions Set SELinux options in container
|
||||
## @param metrics.containerSecurityContext.runAsUser User ID for the MariaDB metrics container
|
||||
## @param metrics.containerSecurityContext.runAsNonRoot Set metrics container's Security Context runAsNonRoot
|
||||
## @param metrics.containerSecurityContext.privileged Set metrics container's Security Context privileged
|
||||
@@ -1133,6 +1150,7 @@ metrics:
|
||||
enabled: false
|
||||
privileged: false
|
||||
runAsNonRoot: true
|
||||
seLinuxOptions: {}
|
||||
runAsUser: 1001
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
||||
Reference in New Issue
Block a user