mirror of
https://github.com/bitnami/charts.git
synced 2026-03-07 08:07:55 +08:00
[bitnami/matomo] fix: 🔒 Improve podSecurityContext and containerSecurityContext with essential security fields (#22151)
* [bitnami/matomo] fix: 🔒 Improve podSecurityContext and containerSecurityContext with essential security fields Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> * chore: 🔧 Bump chart version Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> --------- Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
committed by
GitHub
GitHub
parent
b84eaeae7a
commit
c4492557d6
@@ -39,4 +39,4 @@ maintainers:
|
||||
name: matomo
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/matomo
|
||||
version: 4.0.1
|
||||
version: 4.1.0
|
||||
|
||||
@@ -142,8 +142,12 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
| `resources.limits` | The resources limits for Matomo containers | `{}` |
|
||||
| `resources.requests` | The requested resources for Matomo containers | `{}` |
|
||||
| `podSecurityContext.enabled` | Enable Matomo pods' Security Context | `true` |
|
||||
| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
|
||||
| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
|
||||
| `podSecurityContext.fsGroup` | Matomo pods' group ID | `1001` |
|
||||
| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
|
||||
| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
@@ -312,6 +316,7 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
| `cronjobs.taskScheduler.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `cronjobs.taskScheduler.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `cronjobs.taskScheduler.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `cronjobs.taskScheduler.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
|
||||
| `cronjobs.taskScheduler.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `cronjobs.taskScheduler.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `cronjobs.taskScheduler.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
@@ -328,6 +333,7 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
| `cronjobs.archive.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `cronjobs.archive.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `cronjobs.archive.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `cronjobs.archive.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
|
||||
| `cronjobs.archive.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `cronjobs.archive.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `cronjobs.archive.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
|
||||
@@ -332,14 +332,21 @@ resources:
|
||||
## Configure Pods Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||||
## @param podSecurityContext.enabled Enable Matomo pods' Security Context
|
||||
## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
|
||||
## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface
|
||||
## @param podSecurityContext.supplementalGroups Set filesystem extra groups
|
||||
## @param podSecurityContext.fsGroup Matomo pods' group ID
|
||||
##
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroupChangePolicy: Always
|
||||
sysctls: []
|
||||
supplementalGroups: []
|
||||
fsGroup: 1001
|
||||
## Configure Container Security Context (only main container)
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
## @param containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param containerSecurityContext.seLinuxOptions Set SELinux options in container
|
||||
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param containerSecurityContext.privileged Set container's Security Context privileged
|
||||
@@ -350,6 +357,7 @@ podSecurityContext:
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
seLinuxOptions: {}
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
@@ -957,6 +965,7 @@ cronjobs:
|
||||
## @param
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
## @param cronjobs.taskScheduler.containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param cronjobs.taskScheduler.containerSecurityContext.seLinuxOptions Set SELinux options in container
|
||||
## @param cronjobs.taskScheduler.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param cronjobs.taskScheduler.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param cronjobs.taskScheduler.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
@@ -967,6 +976,7 @@ cronjobs:
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
seLinuxOptions: {}
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
@@ -1006,6 +1016,7 @@ cronjobs:
|
||||
## @param
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
## @param cronjobs.archive.containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param cronjobs.archive.containerSecurityContext.seLinuxOptions Set SELinux options in container
|
||||
## @param cronjobs.archive.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param cronjobs.archive.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param cronjobs.archive.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
@@ -1016,6 +1027,7 @@ cronjobs:
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
seLinuxOptions: {}
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
|
||||
Reference in New Issue
Block a user