Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-04-07 09:47:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/spring-cloud-dataflow] fix: 🔒 Improve podSecurityContext and containerSecurityContext with essential security fields (#22192)

Browse Source 
* [bitnami/spring-cloud-dataflow] fix: 🔒 Improve podSecurityContext and containerSecurityContext with essential security fields

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* chore: 🔧 Bump chart version

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* fix: 🐛 Remove extra seLinuxOptions field

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

---------

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
Signed-off-by: Javier J. Salmerón-García <jsalmeron@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
2024-01-17 10:04:17 +01:00
committed by GitHub
parent 7348c92557
commit 8f398d38e8
3 changed files with 40 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bitnami/spring-cloud-dataflow/Chart.yaml
View File

@@ -53,4 +53,4 @@ maintainers:
name: spring-cloud-dataflow
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/spring-cloud-dataflow
version: 26.2.3
version: 26.3.0

13
bitnami/spring-cloud-dataflow/README.md
View File

@@ -116,8 +116,12 @@ helm uninstall my-release
| `server.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `server.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
| `server.podSecurityContext.enabled` | Enabled Dataflow Server pods' Security Context | `true` |
| `server.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `server.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `server.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `server.podSecurityContext.fsGroup` | Group ID for the volumes of the pod | `1001` |
| `server.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `server.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `server.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `server.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `server.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
@@ -227,8 +231,12 @@ helm uninstall my-release
| `skipper.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `skipper.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
| `skipper.podSecurityContext.enabled` | Enabled Skipper pods' Security Context | `true` |
| `skipper.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `skipper.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `skipper.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `skipper.podSecurityContext.fsGroup` | Group ID for the volumes of the pod | `1001` |
| `skipper.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `skipper.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `skipper.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `skipper.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `skipper.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
@@ -342,8 +350,12 @@ helm uninstall my-release
| `metrics.podAnnotations` | Annotations for Prometheus Rsocket Proxy pods | `{}` |
| `metrics.podLabels` | Extra labels for Prometheus Proxy pods | `{}` |
| `metrics.podSecurityContext.enabled` | Enabled Prometheus Proxy pods' Security Context | `true` |
| `metrics.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `metrics.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `metrics.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `metrics.podSecurityContext.fsGroup` | Set Prometheus Proxy pod's Security Context fsGroup | `1001` |
| `metrics.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `metrics.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `metrics.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `metrics.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
@@ -431,6 +443,7 @@ helm uninstall my-release
| `waitForBackends.image.pullPolicy` | Init container wait-for-backend image pull policy | `IfNotPresent` |
| `waitForBackends.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `waitForBackends.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `waitForBackends.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `waitForBackends.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `waitForBackends.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `waitForBackends.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |

26
bitnami/spring-cloud-dataflow/values.yaml
View File

@@ -245,14 +245,21 @@ server:
## Dataflow Server pods' Security Context.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param server.podSecurityContext.enabled Enabled Dataflow Server pods' Security Context
## @param server.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param server.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param server.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param server.podSecurityContext.fsGroup Group ID for the volumes of the pod
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Dataflow Server containers' Security Context (only main container).
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param server.containerSecurityContext.enabled Enabled containers' Security Context
## @param server.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param server.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param server.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param server.containerSecurityContext.privileged Set container's Security Context privileged
@@ -263,6 +270,7 @@ server:
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsNonRoot: true
privileged: false
@@ -741,14 +749,21 @@ skipper:
## Skipper pods' Security Context.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param skipper.podSecurityContext.enabled Enabled Skipper pods' Security Context
## @param skipper.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param skipper.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param skipper.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param skipper.podSecurityContext.fsGroup Group ID for the volumes of the pod
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Skipper containers' Security Context (only main container).
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param skipper.containerSecurityContext.enabled Enabled containers' Security Context
## @param skipper.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param skipper.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param skipper.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param skipper.containerSecurityContext.privileged Set container's Security Context privileged
@@ -759,6 +774,7 @@ skipper:
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsNonRoot: true
privileged: false
@@ -1187,14 +1203,21 @@ metrics:
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param metrics.podSecurityContext.enabled Enabled Prometheus Proxy pods' Security Context
## @param metrics.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param metrics.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param metrics.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param metrics.podSecurityContext.fsGroup Set Prometheus Proxy pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param metrics.containerSecurityContext.enabled Enabled containers' Security Context
## @param metrics.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param metrics.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param metrics.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param metrics.containerSecurityContext.privileged Set container's Security Context privileged
@@ -1205,6 +1228,7 @@ metrics:
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsNonRoot: true
privileged: false
@@ -1514,6 +1538,7 @@ waitForBackends:
## waitForBackends containers' Security Context (init container).
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param waitForBackends.containerSecurityContext.enabled Enabled containers' Security Context
## @param waitForBackends.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param waitForBackends.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param waitForBackends.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param waitForBackends.containerSecurityContext.privileged Set container's Security Context privileged
@@ -1524,6 +1549,7 @@ waitForBackends:
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsNonRoot: true
privileged: false