Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-08 08:47:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/cert-manager] feat: 🔒 Add runAsGroup (#23877)

Browse Source 
Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
2024-02-23 17:26:19 +01:00
committed by GitHub
parent 5ce0e4282b
commit b60af0d57f
3 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bitnami/cert-manager/Chart.yaml
View File

@@ -35,4 +35,4 @@ maintainers:
name: cert-manager
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/cert-manager
version: 0.21.2
version: 0.22.0

3
bitnami/cert-manager/README.md
View File

@@ -104,6 +104,7 @@ The command removes all the Kubernetes components associated with the chart and
| `controller.containerSecurityContext.enabled` | Enabled controller containers' Security Context | `true` |
| `controller.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `controller.containerSecurityContext.runAsUser` | Set controller containers' Security Context runAsUser | `1001` |
| `controller.containerSecurityContext.runAsGroup` | Set controller containers' Security Context runAsGroup | `0` |
| `controller.containerSecurityContext.runAsNonRoot` | Set controller containers' Security Context runAsNonRoot | `true` |
| `controller.containerSecurityContext.readOnlyRootFilesystem` | Set read only root file system pod's Security Conte | `false` |
| `controller.containerSecurityContext.privileged` | Set controller container's Security Context privileged | `false` |
@@ -197,6 +198,7 @@ The command removes all the Kubernetes components associated with the chart and
| `webhook.containerSecurityContext.enabled` | Enabled webhook containers' Security Context | `true` |
| `webhook.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `webhook.containerSecurityContext.runAsUser` | Set webhook containers' Security Context runAsUser | `1001` |
| `webhook.containerSecurityContext.runAsGroup` | Set webhook containers' Security Context runAsGroup | `0` |
| `webhook.containerSecurityContext.runAsNonRoot` | Set webhook containers' Security Context runAsNonRoot | `true` |
| `webhook.containerSecurityContext.readOnlyRootFilesystem` | Set read only root file system pod's Security Conte | `false` |
| `webhook.containerSecurityContext.privileged` | Set webhook container's Security Context privileged | `false` |
@@ -286,6 +288,7 @@ The command removes all the Kubernetes components associated with the chart and
| `cainjector.containerSecurityContext.enabled` | Enabled cainjector containers' Security Context | `true` |
| `cainjector.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `cainjector.containerSecurityContext.runAsUser` | Set cainjector containers' Security Context runAsUser | `1001` |
| `cainjector.containerSecurityContext.runAsGroup` | Set cainjector containers' Security Context runAsGroup | `0` |
| `cainjector.containerSecurityContext.runAsNonRoot` | Set cainjector containers' Security Context runAsNonRoot | `true` |
| `cainjector.containerSecurityContext.readOnlyRootFilesystem` | Set read only root file system pod's Security Conte | `false` |
| `cainjector.containerSecurityContext.privileged` | Set cainjector container's Security Context privileged | `false` |

6
bitnami/cert-manager/values.yaml
View File

@@ -155,6 +155,7 @@ controller:
## @param controller.containerSecurityContext.enabled Enabled controller containers' Security Context
## @param controller.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param controller.containerSecurityContext.runAsUser Set controller containers' Security Context runAsUser
## @param controller.containerSecurityContext.runAsGroup Set controller containers' Security Context runAsGroup
## @param controller.containerSecurityContext.runAsNonRoot Set controller containers' Security Context runAsNonRoot
## @param controller.containerSecurityContext.readOnlyRootFilesystem Set read only root file system pod's Security Conte
## @param controller.containerSecurityContext.privileged Set controller container's Security Context privileged
@@ -166,6 +167,7 @@ controller:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
@@ -524,6 +526,7 @@ webhook:
## @param webhook.containerSecurityContext.enabled Enabled webhook containers' Security Context
## @param webhook.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param webhook.containerSecurityContext.runAsUser Set webhook containers' Security Context runAsUser
## @param webhook.containerSecurityContext.runAsGroup Set webhook containers' Security Context runAsGroup
## @param webhook.containerSecurityContext.runAsNonRoot Set webhook containers' Security Context runAsNonRoot
## @param webhook.containerSecurityContext.readOnlyRootFilesystem Set read only root file system pod's Security Conte
## @param webhook.containerSecurityContext.privileged Set webhook container's Security Context privileged
@@ -535,6 +538,7 @@ webhook:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
@@ -878,6 +882,7 @@ cainjector:
## @param cainjector.containerSecurityContext.enabled Enabled cainjector containers' Security Context
## @param cainjector.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param cainjector.containerSecurityContext.runAsUser Set cainjector containers' Security Context runAsUser
## @param cainjector.containerSecurityContext.runAsGroup Set cainjector containers' Security Context runAsGroup
## @param cainjector.containerSecurityContext.runAsNonRoot Set cainjector containers' Security Context runAsNonRoot
## @param cainjector.containerSecurityContext.readOnlyRootFilesystem Set read only root file system pod's Security Conte
## @param cainjector.containerSecurityContext.privileged Set cainjector container's Security Context privileged
@@ -889,6 +894,7 @@ cainjector:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false