Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-16 06:47:30 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/argo-workflows] feat: 🔒 Add readOnlyRootFilesystem support (#23876)

Browse Source 
Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
2024-02-27 11:59:25 +01:00
committed by GitHub
parent 09c0f95888
commit 71201e8b40
4 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bitnami/argo-workflows/Chart.yaml
View File

@@ -42,4 +42,4 @@ maintainers:
name: argo-workflows
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/argo-workflows
version: 6.6.3
version: 6.7.0

3
bitnami/argo-workflows/README.md
View File

@@ -120,6 +120,7 @@ The command removes all the Kubernetes components associated with the chart and
| `server.containerSecurityContext.enabled` | Enabled server containers' Security Context | `true` |
| `server.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `server.containerSecurityContext.runAsUser` | Set server containers' Security Context runAsUser | `1001` |
| `server.containerSecurityContext.runAsGroup` | Set server containers' Security Context runAsGroup | `1001` |
| `server.containerSecurityContext.runAsNonRoot` | Set server containers' Security Context runAsNonRoot | `true` |
| `server.containerSecurityContext.readOnlyRootFilesystem` | Set read only root file system pod's Security Conte | `true` |
| `server.containerSecurityContext.privileged` | Set server container's Security Context privileged | `false` |
@@ -238,6 +239,7 @@ The command removes all the Kubernetes components associated with the chart and
| `controller.containerSecurityContext.enabled` | Enabled controller containers' Security Context | `true` |
| `controller.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `controller.containerSecurityContext.runAsUser` | Set controller containers' Security Context runAsUser | `1001` |
| `controller.containerSecurityContext.runAsGroup` | Set controller containers' Security Context runAsGroup | `1001` |
| `controller.containerSecurityContext.runAsNonRoot` | Set controller containers' Security Context runAsNonRoot | `true` |
| `controller.containerSecurityContext.readOnlyRootFilesystem` | Set read only root file system pod's Security Conte | `true` |
| `controller.containerSecurityContext.privileged` | Set controller container's Security Context privileged | `false` |
@@ -333,6 +335,7 @@ The command removes all the Kubernetes components associated with the chart and
| `executor.containerSecurityContext.enabled` | Enabled executor containers' Security Context | `true` |
| `executor.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `executor.containerSecurityContext.runAsUser` | Set executor containers' Security Context runAsUser | `1001` |
| `executor.containerSecurityContext.runAsGroup` | Set executor containers' Security Context runAsGroup | `1001` |
| `executor.containerSecurityContext.runAsNonRoot` | Set executor containers' Security Context runAsNonRoot | `true` |
| `executor.containerSecurityContext.readOnlyRootFilesystem` | Set read only root file system pod's Security Conte | `true` |
| `executor.containerSecurityContext.privileged` | Set executor container's Security Context privileged | `false` |

5
bitnami/argo-workflows/templates/server/deployment.yaml
View File

@@ -184,8 +184,9 @@ spec:
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.server.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
volumeMounts:
- name: tmp
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
{{- if .Values.server.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.server.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
@@ -193,7 +194,7 @@ spec:
{{- include "common.tplvalues.render" ( dict "value" .Values.server.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: tmp
- name: empty-dir
emptyDir: {}
{{- if .Values.server.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.server.extraVolumes "context" $) | nindent 8 }}

6
bitnami/argo-workflows/values.yaml
View File

@@ -178,6 +178,7 @@ server:
## @param server.containerSecurityContext.enabled Enabled server containers' Security Context
## @param server.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param server.containerSecurityContext.runAsUser Set server containers' Security Context runAsUser
## @param server.containerSecurityContext.runAsGroup Set server containers' Security Context runAsGroup
## @param server.containerSecurityContext.runAsNonRoot Set server containers' Security Context runAsNonRoot
## @param server.containerSecurityContext.readOnlyRootFilesystem Set read only root file system pod's Security Conte
## @param server.containerSecurityContext.privileged Set server container's Security Context privileged
@@ -189,6 +190,7 @@ server:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
@@ -661,6 +663,7 @@ controller:
## @param controller.containerSecurityContext.enabled Enabled controller containers' Security Context
## @param controller.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param controller.containerSecurityContext.runAsUser Set controller containers' Security Context runAsUser
## @param controller.containerSecurityContext.runAsGroup Set controller containers' Security Context runAsGroup
## @param controller.containerSecurityContext.runAsNonRoot Set controller containers' Security Context runAsNonRoot
## @param controller.containerSecurityContext.readOnlyRootFilesystem Set read only root file system pod's Security Conte
## @param controller.containerSecurityContext.privileged Set controller container's Security Context privileged
@@ -672,6 +675,7 @@ controller:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
@@ -1148,6 +1152,7 @@ executor:
## @param executor.containerSecurityContext.enabled Enabled executor containers' Security Context
## @param executor.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param executor.containerSecurityContext.runAsUser Set executor containers' Security Context runAsUser
## @param executor.containerSecurityContext.runAsGroup Set executor containers' Security Context runAsGroup
## @param executor.containerSecurityContext.runAsNonRoot Set executor containers' Security Context runAsNonRoot
## @param executor.containerSecurityContext.readOnlyRootFilesystem Set read only root file system pod's Security Conte
## @param executor.containerSecurityContext.privileged Set executor container's Security Context privileged
@@ -1159,6 +1164,7 @@ executor:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false