From f82e52ff76eedd4aa841bc33aa7236b9eb492cda Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?=
 <jsalmeron@vmware.com>
Date: Wed, 17 Jan 2024 09:23:24 +0100
Subject: [PATCH] [bitnami/schema-registry] fix: :lock: Improve
 podSecurityContext and containerSecurityContext with essential security
 fields (#22187)

* [bitnami/schema-registry] fix: :lock: Improve podSecurityContext and containerSecurityContext with essential security fields

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* chore: :wrench: Bump chart version

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* fix: :bug: Remove extra parameter

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

---------

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
---
 bitnami/schema-registry/Chart.yaml  | 2 +-
 bitnami/schema-registry/README.md   | 3 +++
 bitnami/schema-registry/values.yaml | 6 ++++++
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/bitnami/schema-registry/Chart.yaml b/bitnami/schema-registry/Chart.yaml
index 37f0da3e05..9efaf1ef2f 100644
--- a/bitnami/schema-registry/Chart.yaml
+++ b/bitnami/schema-registry/Chart.yaml
@@ -34,4 +34,4 @@ maintainers:
 name: schema-registry
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/schema-registry
-version: 16.2.7
+version: 16.3.0
diff --git a/bitnami/schema-registry/README.md b/bitnami/schema-registry/README.md
index 815fc3bbb0..a78cf06843 100644
--- a/bitnami/schema-registry/README.md
+++ b/bitnami/schema-registry/README.md
@@ -132,9 +132,12 @@ The command removes all the Kubernetes components associated with the chart and
 | `terminationGracePeriodSeconds`                     | Seconds Redmine pod needs to terminate gracefully                                                                        | `""`             |
 | `lifecycleHooks`                                    | for the Schema Registry container(s) to automate configuration before or after startup                                   | `{}`             |
 | `podSecurityContext.enabled`                        | Enabled Controller pods' Security Context                                                                                | `true`           |
+| `podSecurityContext.fsGroupChangePolicy`            | Set filesystem group change policy                                                                                       | `Always`         |
+| `podSecurityContext.supplementalGroups`             | Set filesystem extra groups                                                                                              | `[]`             |
 | `podSecurityContext.fsGroup`                        | Set Controller pod's Security Context fsGroup                                                                            | `1001`           |
 | `podSecurityContext.sysctls`                        | sysctl settings of the Schema Registry pods                                                                              | `[]`             |
 | `containerSecurityContext.enabled`                  | Enabled containers' Security Context                                                                                     | `true`           |
+| `containerSecurityContext.seLinuxOptions`           | Set SELinux options in container                                                                                         | `{}`             |
 | `containerSecurityContext.runAsUser`                | Set containers' Security Context runAsUser                                                                               | `1001`           |
 | `containerSecurityContext.runAsNonRoot`             | Set container's Security Context runAsNonRoot                                                                            | `true`           |
 | `containerSecurityContext.privileged`               | Set container's Security Context privileged                                                                              | `false`          |
diff --git a/bitnami/schema-registry/values.yaml b/bitnami/schema-registry/values.yaml
index b5dcafa0a0..265a0e48ca 100644
--- a/bitnami/schema-registry/values.yaml
+++ b/bitnami/schema-registry/values.yaml
@@ -284,11 +284,15 @@ lifecycleHooks: {}
 ## Schema Registry pods' Security Context.
 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
 ## @param podSecurityContext.enabled Enabled Controller pods' Security Context
+## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
+## @param podSecurityContext.supplementalGroups Set filesystem extra groups
 ## @param podSecurityContext.fsGroup Set Controller pod's Security Context fsGroup
 ## @param podSecurityContext.sysctls sysctl settings of the Schema Registry pods
 ##
 podSecurityContext:
   enabled: true
+  fsGroupChangePolicy: Always
+  supplementalGroups: []
   fsGroup: 1001
   ## sysctl settings
   ## Example:
@@ -300,6 +304,7 @@ podSecurityContext:
 ## Schema Registry containers' Security Context (only main container).
 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
 ## @param containerSecurityContext.enabled Enabled containers' Security Context
+## @param containerSecurityContext.seLinuxOptions Set SELinux options in container
 ## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
 ## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
 ## @param containerSecurityContext.privileged Set container's Security Context privileged
@@ -310,6 +315,7 @@ podSecurityContext:
 ##
 containerSecurityContext:
   enabled: true
+  seLinuxOptions: {}
   runAsUser: 1001
   runAsNonRoot: true
   privileged: false