Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-02-27 15:37:06 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/flux] feat: 🔒 Add runAsGroup (#24170)

Browse Source 
Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
2024-03-06 10:04:59 +01:00
committed by GitHub
parent 88ac7cbba7
commit ac57e9dbfb
3 changed files with 31 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bitnami/flux/Chart.yaml
View File

@@ -43,4 +43,4 @@ maintainers:
name: flux
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/flux
version: 1.9.0
version: 1.10.0

18
bitnami/flux/README.md
View File

@@ -132,7 +132,8 @@ The command removes all the Kubernetes components associated with the chart and
| `kustomizeController.podSecurityContext.fsGroup` | Set Kustomize Controller pod's Security Context fsGroup | `1001` |
| `kustomizeController.containerSecurityContext.enabled` | Enabled Kustomize Controller containers' Security Context | `true` |
| `kustomizeController.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `kustomizeController.containerSecurityContext.runAsUser` | Set Kustomize Controller containers' Security Context runAsUser | `1001` |
| `kustomizeController.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `kustomizeController.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
| `kustomizeController.containerSecurityContext.runAsNonRoot` | Set Kustomize Controller containers' Security Context runAsNonRoot | `true` |
| `kustomizeController.containerSecurityContext.privileged` | Set Kustomize Controller containers' Security Context privileged | `false` |
| `kustomizeController.containerSecurityContext.readOnlyRootFilesystem` | Set Kustomize Controller containers' Security Context runAsNonRoot | `true` |
@@ -268,7 +269,8 @@ The command removes all the Kubernetes components associated with the chart and
| `helmController.podSecurityContext.fsGroup` | Set Helm Controller pod's Security Context fsGroup | `1001` |
| `helmController.containerSecurityContext.enabled` | Enabled Helm Controller containers' Security Context | `true` |
| `helmController.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `helmController.containerSecurityContext.runAsUser` | Set Helm Controller containers' Security Context runAsUser | `1001` |
| `helmController.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `helmController.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
| `helmController.containerSecurityContext.runAsNonRoot` | Set Helm Controller containers' Security Context runAsNonRoot | `true` |
| `helmController.containerSecurityContext.privileged` | Set Helm Controller containers' Security Context privileged | `false` |
| `helmController.containerSecurityContext.readOnlyRootFilesystem` | Set Helm Controller containers' Security Context runAsNonRoot | `true` |
@@ -405,7 +407,8 @@ The command removes all the Kubernetes components associated with the chart and
| `sourceController.podSecurityContext.fsGroup` | Set Source Controller pod's Security Context fsGroup | `1001` |
| `sourceController.containerSecurityContext.enabled` | Enabled Source Controller containers' Security Context | `true` |
| `sourceController.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `sourceController.containerSecurityContext.runAsUser` | Set Source Controller containers' Security Context runAsUser | `1001` |
| `sourceController.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `sourceController.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
| `sourceController.containerSecurityContext.runAsNonRoot` | Set Source Controller containers' Security Context runAsNonRoot | `true` |
| `sourceController.containerSecurityContext.privileged` | Set Source Controller containers' Security Context privileged | `false` |
| `sourceController.containerSecurityContext.readOnlyRootFilesystem` | Set Source Controller containers' Security Context runAsNonRoot | `true` |
@@ -572,7 +575,8 @@ The command removes all the Kubernetes components associated with the chart and
| `notificationController.podSecurityContext.fsGroup` | Set Notification Controller pod's Security Context fsGroup | `1001` |
| `notificationController.containerSecurityContext.enabled` | Enabled Notification Controller containers' Security Context | `true` |
| `notificationController.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `notificationController.containerSecurityContext.runAsUser` | Set Notification Controller containers' Security Context runAsUser | `1001` |
| `notificationController.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `notificationController.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
| `notificationController.containerSecurityContext.runAsNonRoot` | Set Notification Controller containers' Security Context runAsNonRoot | `true` |
| `notificationController.containerSecurityContext.readOnlyRootFilesystem` | Set Notification Controller containers' Security Context runAsNonRoot | `true` |
| `notificationController.containerSecurityContext.privileged` | Set Notification Controller containers' Security Context privileged | `false` |
@@ -708,7 +712,8 @@ The command removes all the Kubernetes components associated with the chart and
| `imageAutomationController.podSecurityContext.fsGroup` | Set Image Automation Controller pod's Security Context fsGroup | `1001` |
| `imageAutomationController.containerSecurityContext.enabled` | Enabled Image Automation Controller containers' Security Context | `true` |
| `imageAutomationController.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `imageAutomationController.containerSecurityContext.runAsUser` | Set Image Automation Controller containers' Security Context runAsUser | `1001` |
| `imageAutomationController.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `imageAutomationController.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
| `imageAutomationController.containerSecurityContext.runAsNonRoot` | Set Image Automation Controller containers' Security Context runAsNonRoot | `true` |
| `imageAutomationController.containerSecurityContext.readOnlyRootFilesystem` | Set Image Automation Controller containers' Security Context runAsNonRoot | `true` |
| `imageAutomationController.containerSecurityContext.privileged` | Set Image Automation Controller containers' Security Context privileged | `false` |
@@ -844,7 +849,8 @@ The command removes all the Kubernetes components associated with the chart and
| `imageReflectorController.podSecurityContext.fsGroup` | Set Image Reflector Controller pod's Security Context fsGroup | `1001` |
| `imageReflectorController.containerSecurityContext.enabled` | Enabled Image Reflector Controller containers' Security Context | `true` |
| `imageReflectorController.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `imageReflectorController.containerSecurityContext.runAsUser` | Set Image Reflector Controller containers' Security Context runAsUser | `1001` |
| `imageReflectorController.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `imageReflectorController.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
| `imageReflectorController.containerSecurityContext.runAsNonRoot` | Set Image Reflector Controller containers' Security Context runAsNonRoot | `true` |
| `imageReflectorController.containerSecurityContext.privileged` | Set Image Reflector Controller containers' Security Context privileged | `false` |
| `imageReflectorController.containerSecurityContext.readOnlyRootFilesystem` | Set Image Reflector Controller containers' Security Context runAsNonRoot | `true` |

24
bitnami/flux/values.yaml
View File

@@ -267,7 +267,8 @@ kustomizeController:
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param kustomizeController.containerSecurityContext.enabled Enabled Kustomize Controller containers' Security Context
## @param kustomizeController.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param kustomizeController.containerSecurityContext.runAsUser Set Kustomize Controller containers' Security Context runAsUser
## @param kustomizeController.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param kustomizeController.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param kustomizeController.containerSecurityContext.runAsNonRoot Set Kustomize Controller containers' Security Context runAsNonRoot
## @param kustomizeController.containerSecurityContext.privileged Set Kustomize Controller containers' Security Context privileged
## @param kustomizeController.containerSecurityContext.readOnlyRootFilesystem Set Kustomize Controller containers' Security Context runAsNonRoot
@@ -279,6 +280,7 @@ kustomizeController:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: true
@@ -780,7 +782,8 @@ helmController:
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param helmController.containerSecurityContext.enabled Enabled Helm Controller containers' Security Context
## @param helmController.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param helmController.containerSecurityContext.runAsUser Set Helm Controller containers' Security Context runAsUser
## @param helmController.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param helmController.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param helmController.containerSecurityContext.runAsNonRoot Set Helm Controller containers' Security Context runAsNonRoot
## @param helmController.containerSecurityContext.privileged Set Helm Controller containers' Security Context privileged
## @param helmController.containerSecurityContext.readOnlyRootFilesystem Set Helm Controller containers' Security Context runAsNonRoot
@@ -792,6 +795,7 @@ helmController:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: true
@@ -1295,7 +1299,8 @@ sourceController:
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param sourceController.containerSecurityContext.enabled Enabled Source Controller containers' Security Context
## @param sourceController.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param sourceController.containerSecurityContext.runAsUser Set Source Controller containers' Security Context runAsUser
## @param sourceController.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param sourceController.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param sourceController.containerSecurityContext.runAsNonRoot Set Source Controller containers' Security Context runAsNonRoot
## @param sourceController.containerSecurityContext.privileged Set Source Controller containers' Security Context privileged
## @param sourceController.containerSecurityContext.readOnlyRootFilesystem Set Source Controller containers' Security Context runAsNonRoot
@@ -1307,6 +1312,7 @@ sourceController:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
readOnlyRootFilesystem: true
privileged: false
@@ -1905,7 +1911,8 @@ notificationController:
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param notificationController.containerSecurityContext.enabled Enabled Notification Controller containers' Security Context
## @param notificationController.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param notificationController.containerSecurityContext.runAsUser Set Notification Controller containers' Security Context runAsUser
## @param notificationController.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param notificationController.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param notificationController.containerSecurityContext.runAsNonRoot Set Notification Controller containers' Security Context runAsNonRoot
## @param notificationController.containerSecurityContext.readOnlyRootFilesystem Set Notification Controller containers' Security Context runAsNonRoot
## @param notificationController.containerSecurityContext.privileged Set Notification Controller containers' Security Context privileged
@@ -1917,6 +1924,7 @@ notificationController:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: true
@@ -2418,7 +2426,8 @@ imageAutomationController:
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param imageAutomationController.containerSecurityContext.enabled Enabled Image Automation Controller containers' Security Context
## @param imageAutomationController.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param imageAutomationController.containerSecurityContext.runAsUser Set Image Automation Controller containers' Security Context runAsUser
## @param imageAutomationController.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param imageAutomationController.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param imageAutomationController.containerSecurityContext.runAsNonRoot Set Image Automation Controller containers' Security Context runAsNonRoot
## @param imageAutomationController.containerSecurityContext.readOnlyRootFilesystem Set Image Automation Controller containers' Security Context runAsNonRoot
## @param imageAutomationController.containerSecurityContext.privileged Set Image Automation Controller containers' Security Context privileged
@@ -2430,6 +2439,7 @@ imageAutomationController:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
readOnlyRootFilesystem: true
privileged: false
@@ -2931,7 +2941,8 @@ imageReflectorController:
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param imageReflectorController.containerSecurityContext.enabled Enabled Image Reflector Controller containers' Security Context
## @param imageReflectorController.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param imageReflectorController.containerSecurityContext.runAsUser Set Image Reflector Controller containers' Security Context runAsUser
## @param imageReflectorController.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param imageReflectorController.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param imageReflectorController.containerSecurityContext.runAsNonRoot Set Image Reflector Controller containers' Security Context runAsNonRoot
## @param imageReflectorController.containerSecurityContext.privileged Set Image Reflector Controller containers' Security Context privileged
## @param imageReflectorController.containerSecurityContext.readOnlyRootFilesystem Set Image Reflector Controller containers' Security Context runAsNonRoot
@@ -2943,6 +2954,7 @@ imageReflectorController:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: true