mirror of
https://github.com/bitnami/charts.git
synced 2026-02-27 15:37:06 +08:00
[bitnami/logstash] fix: 🔒 Improve podSecurityContext and containerSecurityContext with essential security fields (#22146)
* [bitnami/logstash] fix: 🔒 Improve podSecurityContext and containerSecurityContext with essential security fields Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> * chore: 🔧 Bump chart version Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> --------- Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
committed by
GitHub
GitHub
parent
5e14ed008e
commit
fe27d9fe3f
@@ -30,4 +30,4 @@ maintainers:
|
||||
name: logstash
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/logstash
|
||||
version: 5.6.11
|
||||
version: 5.7.0
|
||||
|
||||
@@ -125,8 +125,12 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
| `terminationGracePeriodSeconds` | In seconds, time the given to the Logstash pod needs to terminate gracefully | `""` |
|
||||
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
|
||||
| `podSecurityContext.enabled` | Enabled Logstash pods' Security Context | `true` |
|
||||
| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
|
||||
| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
|
||||
| `podSecurityContext.fsGroup` | Set Logstash pod's Security Context fsGroup | `1001` |
|
||||
| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
|
||||
| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
@@ -179,6 +183,7 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
| `persistence.mountPath` | Mount path of the Logstash data volume | `/bitnami/logstash/data` |
|
||||
| `persistence.selector` | Selector to match an existing Persistent Volume for WordPress data PVC | `{}` |
|
||||
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` |
|
||||
| `volumePermissions.securityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
|
||||
| `volumePermissions.securityContext.runAsUser` | User ID for the volumePermissions init container | `0` |
|
||||
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
|
||||
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
|
||||
|
||||
@@ -314,14 +314,21 @@ topologySpreadConstraints: []
|
||||
## Configure Pods Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||||
## @param podSecurityContext.enabled Enabled Logstash pods' Security Context
|
||||
## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
|
||||
## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface
|
||||
## @param podSecurityContext.supplementalGroups Set filesystem extra groups
|
||||
## @param podSecurityContext.fsGroup Set Logstash pod's Security Context fsGroup
|
||||
##
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroupChangePolicy: Always
|
||||
sysctls: []
|
||||
supplementalGroups: []
|
||||
fsGroup: 1001
|
||||
## Configure Container Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||||
## @param containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param containerSecurityContext.seLinuxOptions Set SELinux options in container
|
||||
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param containerSecurityContext.privileged Set container's Security Context privileged
|
||||
@@ -332,6 +339,7 @@ podSecurityContext:
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
seLinuxOptions: {}
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
@@ -533,9 +541,11 @@ volumePermissions:
|
||||
##
|
||||
enabled: false
|
||||
## The security context for the volumePermissions init container
|
||||
## @param volumePermissions.securityContext.seLinuxOptions Set SELinux options in container
|
||||
## @param volumePermissions.securityContext.runAsUser User ID for the volumePermissions init container
|
||||
##
|
||||
securityContext:
|
||||
seLinuxOptions: {}
|
||||
runAsUser: 0
|
||||
## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry
|
||||
## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image repository
|
||||
|
||||
Reference in New Issue
Block a user