Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-02-19 11:37:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/zookeeper] feat: 🔒 Add readOnlyRootFilesystem support (#23846)

Browse Source 
Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
2024-02-23 08:43:02 +01:00
committed by GitHub
parent de23cb0c80
commit cf84d03bb7
4 changed files with 21 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bitnami/zookeeper/Chart.yaml
View File

@@ -28,4 +28,4 @@ maintainers:
name: zookeeper
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/zookeeper
version: 12.10.1
version: 12.11.0

1
bitnami/zookeeper/README.md
View File

@@ -167,6 +167,7 @@ The command removes all the Kubernetes components associated with the chart and
| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` |
| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |

17
bitnami/zookeeper/templates/statefulset.yaml
View File

@@ -109,6 +109,9 @@ spec:
resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
- name: data
mountPath: /bitnami/zookeeper
{{- if .Values.dataLogDir }}
@@ -161,6 +164,9 @@ spec:
resources: {{- include "common.resources.preset" (dict "type" .Values.tls.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
- name: scripts
mountPath: /scripts/init-certs.sh
subPath: init-certs.sh
@@ -416,6 +422,15 @@ spec:
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
- name: empty-dir
mountPath: /opt/bitnami/zookeeper/conf
subPath: app-conf-dir
- name: empty-dir
mountPath: /opt/bitnami/zookeeper/logs
subPath: app-logs-dir
- name: scripts
mountPath: /scripts/setup.sh
subPath: setup.sh
@@ -447,6 +462,8 @@ spec:
{{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $ ) | nindent 8 }}
{{- end }}
volumes:
- name: empty-dir
emptyDir: {}
- name: scripts
configMap:
name: {{ printf "%s-scripts" (include "common.names.fullname" .) }}

2
bitnami/zookeeper/values.yaml
View File

@@ -343,6 +343,7 @@ podSecurityContext:
## @param containerSecurityContext.enabled Enabled containers' Security Context
## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param containerSecurityContext.privileged Set container's Security Context privileged
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
@@ -354,6 +355,7 @@ containerSecurityContext:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false