Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-16 06:47:30 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/logstash] feat: 🔒 Add readOnlyRootFilesystem support (#24352)

Browse Source 
* [bitnami/logstash] feat:  🔒 Add readOnlyRootFilesystem support

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* chore: 🔧 Set non-breaking values

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* chore: ⬆️ Bump chart deps

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* Update README.md with readme-generator-for-helm

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

* test:  Update permissions to new system

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

---------

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
Co-authored-by: Bitnami Containers <bitnami-bot@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
2024-03-12 16:38:23 +01:00
committed by GitHub
parent 435ab2bfe6
commit 8ad3f43f0f
5 changed files with 20 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bitnami/logstash/Chart.yaml
View File

@@ -30,4 +30,4 @@ maintainers:
name: logstash
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/logstash
version: 5.12.0
version: 5.13.0

1
bitnami/logstash/README.md
View File

@@ -135,6 +135,7 @@ The command removes all the Kubernetes components associated with the chart and
| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` |
| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |

17
bitnami/logstash/templates/sts.yaml
View File

@@ -174,10 +174,17 @@ spec:
resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.persistence.enabled }}
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
- name: empty-dir
mountPath: /opt/bitnami/logstash/config
subPath: app-conf-dir
- name: empty-dir
mountPath: /opt/bitnami/logstash/pipeline
subPath: app-pipeline-dir
- name: data
mountPath: {{ .Values.persistence.mountPath }}
{{- end }}
{{- if or .Values.input .Values.filter .Values.output .Values.existingConfiguration }}
- name: configurations
mountPath: /bitnami/logstash/config
@@ -189,15 +196,19 @@ spec:
{{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: empty-dir
emptyDir: {}
{{- if or .Values.input .Values.filter .Values.output .Values.existingConfiguration }}
- name: configurations
configMap:
name: {{ include "logstash.configmapName" . }}
{{- end }}
{{- if and .Values.persistence.enabled }}
- name: data
{{- if and .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default (include "common.names.fullname" .) }}
{{- else }}
emptyDir: {}
{{- end }}
{{- if .Values.extraVolumes }}
{{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumes "context" $ ) | nindent 8 }}

4
bitnami/logstash/values.yaml
View File

@@ -79,7 +79,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/logstash
tag: 8.12.2-debian-12-r0
tag: 8.12.2-debian-12-r1
digest: ""
## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
@@ -346,6 +346,7 @@ podSecurityContext:
## @param containerSecurityContext.enabled Enabled containers' Security Context
## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param containerSecurityContext.privileged Set container's Security Context privileged
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
@@ -357,6 +358,7 @@ containerSecurityContext:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false