mirror of
https://github.com/bitnami/charts.git
synced 2026-03-05 14:57:31 +08:00
[bitnami/opensearch] fix: 🔒 Improve podSecurityContext and containerSecurityContext with essential security fields (#22171)
* [bitnami/opensearch] fix: 🔒 Improve podSecurityContext and containerSecurityContext with essential security fields Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> * chore: 🔧 Bump chart version Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> --------- Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
committed by
GitHub
GitHub
parent
0ef2d693a2
commit
6de4db697f
@@ -30,4 +30,4 @@ maintainers:
|
||||
name: opensearch
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/opensearch
|
||||
version: 0.6.2
|
||||
version: 0.7.0
|
||||
|
||||
@@ -207,8 +207,12 @@ helm delete --purge my-release
|
||||
| `master.resources.requests` | The requested resources for opensearch containers | `{}` |
|
||||
| `master.heapSize` | OpenSearch master-eligible node heap size. | `128m` |
|
||||
| `master.podSecurityContext.enabled` | Enabled master-eligible pods' Security Context | `true` |
|
||||
| `master.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
| `master.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
|
||||
| `master.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
|
||||
| `master.podSecurityContext.fsGroup` | Set master-eligible pod's Security Context fsGroup | `1001` |
|
||||
| `master.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `master.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
|
||||
| `master.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `master.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `master.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
@@ -311,8 +315,12 @@ helm delete --purge my-release
|
||||
| `data.resources.requests` | The requested resources for the data containers | `{}` |
|
||||
| `data.heapSize` | OpenSearch data node heap size. | `1024m` |
|
||||
| `data.podSecurityContext.enabled` | Enabled data pods' Security Context | `true` |
|
||||
| `data.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
| `data.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
|
||||
| `data.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
|
||||
| `data.podSecurityContext.fsGroup` | Set data pod's Security Context fsGroup | `1001` |
|
||||
| `data.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `data.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
|
||||
| `data.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `data.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `data.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
@@ -415,8 +423,12 @@ helm delete --purge my-release
|
||||
| `coordinating.resources.requests` | The requested resources for the coordinating-only containers | `{}` |
|
||||
| `coordinating.heapSize` | OpenSearch coordinating node heap size. | `128m` |
|
||||
| `coordinating.podSecurityContext.enabled` | Enabled coordinating-only pods' Security Context | `true` |
|
||||
| `coordinating.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
| `coordinating.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
|
||||
| `coordinating.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
|
||||
| `coordinating.podSecurityContext.fsGroup` | Set coordinating-only pod's Security Context fsGroup | `1001` |
|
||||
| `coordinating.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `coordinating.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
|
||||
| `coordinating.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `coordinating.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `coordinating.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
@@ -512,8 +524,12 @@ helm delete --purge my-release
|
||||
| `ingest.resources.requests` | The requested resources for the ingest-only containers | `{}` |
|
||||
| `ingest.heapSize` | OpenSearch ingest-only node heap size. | `128m` |
|
||||
| `ingest.podSecurityContext.enabled` | Enabled ingest-only pods' Security Context | `true` |
|
||||
| `ingest.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
| `ingest.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
|
||||
| `ingest.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
|
||||
| `ingest.podSecurityContext.fsGroup` | Set ingest-only pod's Security Context fsGroup | `1001` |
|
||||
| `ingest.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `ingest.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
|
||||
| `ingest.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `ingest.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `ingest.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
@@ -689,8 +705,12 @@ helm delete --purge my-release
|
||||
| `dashboards.resources.requests` | The requested resources for the data containers | `{}` |
|
||||
| `dashboards.heapSize` | OpenSearch data node heap size. | `1024m` |
|
||||
| `dashboards.podSecurityContext.enabled` | Enabled data pods' Security Context | `true` |
|
||||
| `dashboards.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
| `dashboards.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
|
||||
| `dashboards.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
|
||||
| `dashboards.podSecurityContext.fsGroup` | Set dashboards pod's Security Context fsGroup | `1001` |
|
||||
| `dashboards.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `dashboards.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
|
||||
| `dashboards.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `dashboards.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `dashboards.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
|
||||
@@ -574,14 +574,21 @@ master:
|
||||
## Configure Pods Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||||
## @param master.podSecurityContext.enabled Enabled master-eligible pods' Security Context
|
||||
## @param master.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
|
||||
## @param master.podSecurityContext.sysctls Set kernel settings using the sysctl interface
|
||||
## @param master.podSecurityContext.supplementalGroups Set filesystem extra groups
|
||||
## @param master.podSecurityContext.fsGroup Set master-eligible pod's Security Context fsGroup
|
||||
##
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroupChangePolicy: Always
|
||||
sysctls: []
|
||||
supplementalGroups: []
|
||||
fsGroup: 1001
|
||||
## Configure Container Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||||
## @param master.containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param master.containerSecurityContext.seLinuxOptions Set SELinux options in container
|
||||
## @param master.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param master.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param master.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
@@ -592,6 +599,7 @@ master:
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
seLinuxOptions: {}
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
@@ -974,14 +982,21 @@ data:
|
||||
## Configure Pods Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||||
## @param data.podSecurityContext.enabled Enabled data pods' Security Context
|
||||
## @param data.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
|
||||
## @param data.podSecurityContext.sysctls Set kernel settings using the sysctl interface
|
||||
## @param data.podSecurityContext.supplementalGroups Set filesystem extra groups
|
||||
## @param data.podSecurityContext.fsGroup Set data pod's Security Context fsGroup
|
||||
##
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroupChangePolicy: Always
|
||||
sysctls: []
|
||||
supplementalGroups: []
|
||||
fsGroup: 1001
|
||||
## Configure Container Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||||
## @param data.containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param data.containerSecurityContext.seLinuxOptions Set SELinux options in container
|
||||
## @param data.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param data.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param data.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
@@ -992,6 +1007,7 @@ data:
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
seLinuxOptions: {}
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
@@ -1375,14 +1391,21 @@ coordinating:
|
||||
## Configure Pods Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||||
## @param coordinating.podSecurityContext.enabled Enabled coordinating-only pods' Security Context
|
||||
## @param coordinating.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
|
||||
## @param coordinating.podSecurityContext.sysctls Set kernel settings using the sysctl interface
|
||||
## @param coordinating.podSecurityContext.supplementalGroups Set filesystem extra groups
|
||||
## @param coordinating.podSecurityContext.fsGroup Set coordinating-only pod's Security Context fsGroup
|
||||
##
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroupChangePolicy: Always
|
||||
sysctls: []
|
||||
supplementalGroups: []
|
||||
fsGroup: 1001
|
||||
## Configure Container Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||||
## @param coordinating.containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param coordinating.containerSecurityContext.seLinuxOptions Set SELinux options in container
|
||||
## @param coordinating.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param coordinating.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param coordinating.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
@@ -1393,6 +1416,7 @@ coordinating:
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
seLinuxOptions: {}
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
@@ -1739,14 +1763,21 @@ ingest:
|
||||
## Configure Pods Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||||
## @param ingest.podSecurityContext.enabled Enabled ingest-only pods' Security Context
|
||||
## @param ingest.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
|
||||
## @param ingest.podSecurityContext.sysctls Set kernel settings using the sysctl interface
|
||||
## @param ingest.podSecurityContext.supplementalGroups Set filesystem extra groups
|
||||
## @param ingest.podSecurityContext.fsGroup Set ingest-only pod's Security Context fsGroup
|
||||
##
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroupChangePolicy: Always
|
||||
sysctls: []
|
||||
supplementalGroups: []
|
||||
fsGroup: 1001
|
||||
## Configure Container Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||||
## @param ingest.containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param ingest.containerSecurityContext.seLinuxOptions Set SELinux options in container
|
||||
## @param ingest.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param ingest.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param ingest.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
@@ -1757,6 +1788,7 @@ ingest:
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
seLinuxOptions: {}
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
@@ -2558,14 +2590,21 @@ dashboards:
|
||||
## Configure Pods Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||||
## @param dashboards.podSecurityContext.enabled Enabled data pods' Security Context
|
||||
## @param dashboards.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
|
||||
## @param dashboards.podSecurityContext.sysctls Set kernel settings using the sysctl interface
|
||||
## @param dashboards.podSecurityContext.supplementalGroups Set filesystem extra groups
|
||||
## @param dashboards.podSecurityContext.fsGroup Set dashboards pod's Security Context fsGroup
|
||||
##
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroupChangePolicy: Always
|
||||
sysctls: []
|
||||
supplementalGroups: []
|
||||
fsGroup: 1001
|
||||
## Configure Container Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||||
## @param dashboards.containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param dashboards.containerSecurityContext.seLinuxOptions Set SELinux options in container
|
||||
## @param dashboards.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param dashboards.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param dashboards.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
@@ -2576,6 +2615,7 @@ dashboards:
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
seLinuxOptions: {}
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
|
||||
Reference in New Issue
Block a user