diff --git a/bitnami/kubeapps/Chart.yaml b/bitnami/kubeapps/Chart.yaml index 8a691c3841..0a5ec6bc0c 100644 --- a/bitnami/kubeapps/Chart.yaml +++ b/bitnami/kubeapps/Chart.yaml @@ -52,4 +52,4 @@ maintainers: name: kubeapps sources: - https://github.com/bitnami/charts/tree/main/bitnami/kubeapps -version: 14.1.3 +version: 14.2.0 diff --git a/bitnami/kubeapps/README.md b/bitnami/kubeapps/README.md index 532af17b82..492458ae0d 100644 --- a/bitnami/kubeapps/README.md +++ b/bitnami/kubeapps/README.md @@ -133,8 +133,12 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith | `frontend.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the NGINX container | `""` | | `frontend.containerPorts.http` | NGINX HTTP container port | `8080` | | `frontend.podSecurityContext.enabled` | Enabled frontend pods' Security Context | `true` | +| `frontend.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `frontend.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `frontend.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | | `frontend.podSecurityContext.fsGroup` | Set frontend pod's Security Context fsGroup | `1001` | | `frontend.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `frontend.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | | `frontend.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | | `frontend.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `frontend.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | @@ -226,8 +230,12 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith | `dashboard.resources.requests.cpu` | The requested CPU for the Dashboard container | `25m` | | `dashboard.resources.requests.memory` | The requested memory for the Dashboard container | `32Mi` | | `dashboard.podSecurityContext.enabled` | Enabled Dashboard pods' Security Context | `true` | +| `dashboard.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `dashboard.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `dashboard.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | | `dashboard.podSecurityContext.fsGroup` | Set Dashboard pod's Security Context fsGroup | `1001` | | `dashboard.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `dashboard.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | | `dashboard.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | | `dashboard.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `dashboard.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | @@ -312,8 +320,12 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith | `apprepository.resources.requests.cpu` | The requested CPU for the AppRepository Controller container | `25m` | | `apprepository.resources.requests.memory` | The requested memory for the AppRepository Controller container | `32Mi` | | `apprepository.podSecurityContext.enabled` | Enabled AppRepository Controller pods' Security Context | `true` | +| `apprepository.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `apprepository.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `apprepository.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | | `apprepository.podSecurityContext.fsGroup` | Set AppRepository Controller pod's Security Context fsGroup | `1001` | | `apprepository.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `apprepository.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | | `apprepository.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | | `apprepository.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `apprepository.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | @@ -382,6 +394,7 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith | `authProxy.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Auth Proxy container(s) | `[]` | | `authProxy.containerPorts.proxy` | Auth Proxy HTTP container port | `3000` | | `authProxy.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `authProxy.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | | `authProxy.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | | `authProxy.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `authProxy.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | @@ -419,6 +432,7 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith | `pinnipedProxy.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Pinniped Proxy container(s) | `[]` | | `pinnipedProxy.containerPorts.pinnipedProxy` | Pinniped Proxy container port | `3333` | | `pinnipedProxy.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `pinnipedProxy.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | | `pinnipedProxy.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | | `pinnipedProxy.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `pinnipedProxy.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | @@ -503,8 +517,12 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith | `kubeappsapis.resources.requests.cpu` | The requested CPU for the KubeappsAPIs container | `25m` | | `kubeappsapis.resources.requests.memory` | The requested memory for the KubeappsAPIs container | `32Mi` | | `kubeappsapis.podSecurityContext.enabled` | Enabled KubeappsAPIs pods' Security Context | `true` | +| `kubeappsapis.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `kubeappsapis.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `kubeappsapis.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | | `kubeappsapis.podSecurityContext.fsGroup` | Set KubeappsAPIs pod's Security Context fsGroup | `1001` | | `kubeappsapis.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `kubeappsapis.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | | `kubeappsapis.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | | `kubeappsapis.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `kubeappsapis.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | @@ -582,6 +600,7 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith | `ociCatalog.resources.requests.cpu` | The requested CPU for the OCI Catalog container | `25m` | | `ociCatalog.resources.requests.memory` | The requested memory for the OCI Catalog container | `32Mi` | | `ociCatalog.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `ociCatalog.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | | `ociCatalog.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | | `ociCatalog.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `ociCatalog.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | diff --git a/bitnami/kubeapps/values.yaml b/bitnami/kubeapps/values.yaml index 10958d8f30..4db74d6226 100644 --- a/bitnami/kubeapps/values.yaml +++ b/bitnami/kubeapps/values.yaml @@ -287,14 +287,21 @@ frontend: ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param frontend.podSecurityContext.enabled Enabled frontend pods' Security Context + ## @param frontend.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param frontend.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param frontend.podSecurityContext.supplementalGroups Set filesystem extra groups ## @param frontend.podSecurityContext.fsGroup Set frontend pod's Security Context fsGroup ## podSecurityContext: enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] fsGroup: 1001 ## Configure Container Security Context for NGINX ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param frontend.containerSecurityContext.enabled Enabled containers' Security Context + ## @param frontend.containerSecurityContext.seLinuxOptions Set SELinux options in container ## @param frontend.containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param frontend.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param frontend.containerSecurityContext.privileged Set container's Security Context privileged @@ -305,6 +312,7 @@ frontend: ## containerSecurityContext: enabled: true + seLinuxOptions: {} runAsUser: 1001 runAsNonRoot: true privileged: false @@ -650,14 +658,21 @@ dashboard: ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param dashboard.podSecurityContext.enabled Enabled Dashboard pods' Security Context + ## @param dashboard.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param dashboard.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param dashboard.podSecurityContext.supplementalGroups Set filesystem extra groups ## @param dashboard.podSecurityContext.fsGroup Set Dashboard pod's Security Context fsGroup ## podSecurityContext: enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] fsGroup: 1001 ## Configure Container Security Context for Dashboard ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param dashboard.containerSecurityContext.enabled Enabled containers' Security Context + ## @param dashboard.containerSecurityContext.seLinuxOptions Set SELinux options in container ## @param dashboard.containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param dashboard.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param dashboard.containerSecurityContext.privileged Set container's Security Context privileged @@ -668,6 +683,7 @@ dashboard: ## containerSecurityContext: enabled: true + seLinuxOptions: {} runAsUser: 1001 runAsNonRoot: true privileged: false @@ -1009,14 +1025,21 @@ apprepository: ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param apprepository.podSecurityContext.enabled Enabled AppRepository Controller pods' Security Context + ## @param apprepository.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param apprepository.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param apprepository.podSecurityContext.supplementalGroups Set filesystem extra groups ## @param apprepository.podSecurityContext.fsGroup Set AppRepository Controller pod's Security Context fsGroup ## podSecurityContext: enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] fsGroup: 1001 ## Configure Container Security Context for App Repository jobs ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param apprepository.containerSecurityContext.enabled Enabled containers' Security Context + ## @param apprepository.containerSecurityContext.seLinuxOptions Set SELinux options in container ## @param apprepository.containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param apprepository.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param apprepository.containerSecurityContext.privileged Set container's Security Context privileged @@ -1027,6 +1050,7 @@ apprepository: ## containerSecurityContext: enabled: true + seLinuxOptions: {} runAsUser: 1001 runAsNonRoot: true privileged: false @@ -1277,6 +1301,7 @@ authProxy: ## Configure Container Security Context for Auth Proxy ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param authProxy.containerSecurityContext.enabled Enabled containers' Security Context + ## @param authProxy.containerSecurityContext.seLinuxOptions Set SELinux options in container ## @param authProxy.containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param authProxy.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param authProxy.containerSecurityContext.privileged Set container's Security Context privileged @@ -1287,6 +1312,7 @@ authProxy: ## containerSecurityContext: enabled: true + seLinuxOptions: {} runAsUser: 1001 runAsNonRoot: true privileged: false @@ -1401,6 +1427,7 @@ pinnipedProxy: ## Configure Container Security Context for Pinniped Proxy ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param pinnipedProxy.containerSecurityContext.enabled Enabled containers' Security Context + ## @param pinnipedProxy.containerSecurityContext.seLinuxOptions Set SELinux options in container ## @param pinnipedProxy.containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param pinnipedProxy.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param pinnipedProxy.containerSecurityContext.privileged Set container's Security Context privileged @@ -1411,6 +1438,7 @@ pinnipedProxy: ## containerSecurityContext: enabled: true + seLinuxOptions: {} runAsUser: 1001 runAsNonRoot: true privileged: false @@ -1712,14 +1740,21 @@ kubeappsapis: ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param kubeappsapis.podSecurityContext.enabled Enabled KubeappsAPIs pods' Security Context + ## @param kubeappsapis.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param kubeappsapis.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param kubeappsapis.podSecurityContext.supplementalGroups Set filesystem extra groups ## @param kubeappsapis.podSecurityContext.fsGroup Set KubeappsAPIs pod's Security Context fsGroup ## podSecurityContext: enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] fsGroup: 1001 ## Configure Container Security Context for Kubeapps APIs ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param kubeappsapis.containerSecurityContext.enabled Enabled containers' Security Context + ## @param kubeappsapis.containerSecurityContext.seLinuxOptions Set SELinux options in container ## @param kubeappsapis.containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param kubeappsapis.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param kubeappsapis.containerSecurityContext.privileged Set container's Security Context privileged @@ -1730,6 +1765,7 @@ kubeappsapis: ## containerSecurityContext: enabled: true + seLinuxOptions: {} runAsUser: 1001 runAsNonRoot: true privileged: false @@ -1988,6 +2024,7 @@ ociCatalog: ## Configure Container Security Context (only main container) ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param ociCatalog.containerSecurityContext.enabled Enabled containers' Security Context + ## @param ociCatalog.containerSecurityContext.seLinuxOptions Set SELinux options in container ## @param ociCatalog.containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param ociCatalog.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param ociCatalog.containerSecurityContext.privileged Set container's Security Context privileged @@ -1998,6 +2035,7 @@ ociCatalog: ## containerSecurityContext: enabled: true + seLinuxOptions: {} runAsUser: 1001 runAsNonRoot: true privileged: false