Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-11 06:57:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/parse] fix: 🔒 Improve podSecurityContext and containerSecurityContext with essential security fields (#22173)

Browse Source 
* [bitnami/parse] fix: 🔒 Improve podSecurityContext and containerSecurityContext with essential security fields

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* chore: 🔧 Bump chart version

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

---------

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
2024-01-16 15:46:09 +01:00
committed by GitHub
parent 9ab0750fc6
commit d25c8fcdc8
3 changed files with 25 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bitnami/parse/Chart.yaml
View File

@@ -38,4 +38,4 @@ maintainers:
name: parse
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/parse
version: 21.1.7
version: 21.2.0

8
bitnami/parse/README.md
View File

@@ -92,8 +92,12 @@ The command removes all the Kubernetes components associated with the chart and
| `server.podLabels` | Extra labels for Parse pods | `{}` |
| `server.podAnnotations` | Annotations for Parse pods | `{}` |
| `server.podSecurityContext.enabled` | Enabled Parse Dashboard pods' Security Context | `true` |
| `server.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `server.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `server.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `server.podSecurityContext.fsGroup` | Set Parse Dashboard pod's Security Context fsGroup | `1001` |
| `server.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `server.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `server.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `server.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `server.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
@@ -180,8 +184,12 @@ The command removes all the Kubernetes components associated with the chart and
| `dashboard.containerPorts.http` | Parse Dashboard HTTP container port | `4040` |
| `dashboard.hostAliases` | Deployment pod host aliases | `[]` |
| `dashboard.podSecurityContext.enabled` | Enabled Parse Dashboard pods' Security Context | `true` |
| `dashboard.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `dashboard.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `dashboard.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `dashboard.podSecurityContext.fsGroup` | Set Parse Dashboard pod's Security Context fsGroup | `1001` |
| `dashboard.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `dashboard.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `dashboard.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `dashboard.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `dashboard.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |

16
bitnami/parse/values.yaml
View File

@@ -112,14 +112,21 @@ server:
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param server.podSecurityContext.enabled Enabled Parse Dashboard pods' Security Context
## @param server.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param server.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param server.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param server.podSecurityContext.fsGroup Set Parse Dashboard pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param server.containerSecurityContext.enabled Enabled containers' Security Context
## @param server.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param server.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param server.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param server.containerSecurityContext.privileged Set container's Security Context privileged
@@ -130,6 +137,7 @@ server:
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsNonRoot: true
privileged: false
@@ -456,14 +464,21 @@ dashboard:
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param dashboard.podSecurityContext.enabled Enabled Parse Dashboard pods' Security Context
## @param dashboard.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param dashboard.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param dashboard.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param dashboard.podSecurityContext.fsGroup Set Parse Dashboard pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param dashboard.containerSecurityContext.enabled Enabled containers' Security Context
## @param dashboard.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param dashboard.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param dashboard.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param dashboard.containerSecurityContext.privileged Set container's Security Context privileged
@@ -474,6 +489,7 @@ dashboard:
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsNonRoot: true
privileged: false