[bitnami/schema-registry] fix: 🔒 Improve podSecurityContext and containerSecurityContext with essential security fields (#22187)

* [bitnami/schema-registry] fix: 🔒 Improve podSecurityContext and containerSecurityContext with essential security fields Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> * chore: 🔧 Bump chart version Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> * fix: 🐛 Remove extra parameter Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> --------- Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
2026-03-02 16:17:47 +08:00 · 2024-01-17 09:23:24 +01:00
parent 5a49422c05
commit f82e52ff76
3 changed files with 10 additions and 1 deletions
--- a/bitnami/schema-registry/Chart.yaml
+++ b/bitnami/schema-registry/Chart.yaml
@@ -34,4 +34,4 @@ maintainers:
 name: schema-registry
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/schema-registry
-version: 16.2.7
+version: 16.3.0
--- a/bitnami/schema-registry/README.md
+++ b/bitnami/schema-registry/README.md
@@ -132,9 +132,12 @@ The command removes all the Kubernetes components associated with the chart and
 | `terminationGracePeriodSeconds`                     | Seconds Redmine pod needs to terminate gracefully                                                                        | `""`             |
 | `lifecycleHooks`                                    | for the Schema Registry container(s) to automate configuration before or after startup                                   | `{}`             |
 | `podSecurityContext.enabled`                        | Enabled Controller pods' Security Context                                                                                | `true`           |
+| `podSecurityContext.fsGroupChangePolicy`            | Set filesystem group change policy                                                                                       | `Always`         |
+| `podSecurityContext.supplementalGroups`             | Set filesystem extra groups                                                                                              | `[]`             |
 | `podSecurityContext.fsGroup`                        | Set Controller pod's Security Context fsGroup                                                                            | `1001`           |
 | `podSecurityContext.sysctls`                        | sysctl settings of the Schema Registry pods                                                                              | `[]`             |
 | `containerSecurityContext.enabled`                  | Enabled containers' Security Context                                                                                     | `true`           |
+| `containerSecurityContext.seLinuxOptions`           | Set SELinux options in container                                                                                         | `{}`             |
 | `containerSecurityContext.runAsUser`                | Set containers' Security Context runAsUser                                                                               | `1001`           |
 | `containerSecurityContext.runAsNonRoot`             | Set container's Security Context runAsNonRoot                                                                            | `true`           |
 | `containerSecurityContext.privileged`               | Set container's Security Context privileged                                                                              | `false`          |
--- a/bitnami/schema-registry/values.yaml
+++ b/bitnami/schema-registry/values.yaml
@@ -284,11 +284,15 @@ lifecycleHooks: {}
 ## Schema Registry pods' Security Context.
 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
 ## @param podSecurityContext.enabled Enabled Controller pods' Security Context
+## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
+## @param podSecurityContext.supplementalGroups Set filesystem extra groups
 ## @param podSecurityContext.fsGroup Set Controller pod's Security Context fsGroup
 ## @param podSecurityContext.sysctls sysctl settings of the Schema Registry pods
 ##
 podSecurityContext:
  enabled: true
+  fsGroupChangePolicy: Always
+  supplementalGroups: []
  fsGroup: 1001
  ## sysctl settings
  ## Example:
@@ -300,6 +304,7 @@ podSecurityContext:
 ## Schema Registry containers' Security Context (only main container).
 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
 ## @param containerSecurityContext.enabled Enabled containers' Security Context
+## @param containerSecurityContext.seLinuxOptions Set SELinux options in container
 ## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
 ## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
 ## @param containerSecurityContext.privileged Set container's Security Context privileged
@@ -310,6 +315,7 @@ podSecurityContext:
 ##
 containerSecurityContext:
  enabled: true
+  seLinuxOptions: {}
  runAsUser: 1001
  runAsNonRoot: true
  privileged: false