🔒 (vaultwarden): Run as non-root container

charts/vaultwarden/Chart.yaml

@@ -4,7 +4,7 @@ description: Unofficial Bitwarden compatible server written in Rust.
 home: https://charts.gabe565.com/charts/vaultwarden
 icon: https://raw.githubusercontent.com/dani-garcia/vaultwarden/d57b69952db6eb12987a9668fea6b72df79cfa41/resources/vaultwarden-icon.svg
 type: application
-version: 0.5.0
+version: 0.6.0
 # renovate datasource=docker depName=ghcr.io/dani-garcia/vaultwarden
 appVersion: 1.28.0-alpine
 kubeVersion: ">=1.22.0-0"
@@ -30,6 +30,4 @@ dependencies:
 annotations:
   artifacthub.io/changes: |-
     - kind: changed
-      description: Update vaultwarden/server Docker tag to v1.28.0
-    - kind: changed
-      description: Change image from vaultwarden/server to ghcr.io/dani-garcia/vaultwarden
+      description: Run as non-root container

charts/vaultwarden/README.md

@@ -2,7 +2,7 @@
 
 <img src="https://raw.githubusercontent.com/dani-garcia/vaultwarden/d57b69952db6eb12987a9668fea6b72df79cfa41/resources/vaultwarden-icon.svg" align="right" width="92" alt="vaultwarden logo">
 
-![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat)
+![Version: 0.6.0](https://img.shields.io/badge/Version-0.6.0-informational?style=flat)
 ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat)
 ![AppVersion: 1.28.0-alpine](https://img.shields.io/badge/AppVersion-1.28.0--alpine-informational?style=flat)
 
@@ -102,6 +102,9 @@ persistence:
 | ingress.main | object | See [values.yaml](./values.yaml) | Enable and configure ingress settings for the chart under this key. |
 | mariadb | object | See [values.yaml](./values.yaml) | Enable and configure mariadb database subchart under this key.    For more options see [mariadb chart documentation](https://github.com/bitnami/charts/tree/master/bitnami/mariadb) |
 | persistence.data | object | See [values.yaml](./values.yaml) | Configure persistence settings for the chart under this key. |
+| podSecurityContext.fsGroup | int | `65534` | Volume binds will be granted to `nobody` group |
+| podSecurityContext.runAsGroup | int | `65534` | Run as `nobody` group |
+| podSecurityContext.runAsUser | int | `65534` | Run as `nobody` user |
 | postgresql | object | See [values.yaml](./values.yaml) | Enable and configure postgresql database subchart under this key.    For more options see [postgresql chart documentation](https://github.com/bitnami/charts/tree/master/bitnami/mariadb) |
 | service.main | object | See [values.yaml](./values.yaml) | Configures service settings for the chart. Normally this does not need to be modified. |
 

charts/vaultwarden/values.yaml

@@ -91,3 +91,11 @@ mariadb:
       enabled: false
       # storageClass: ""
       # size: 8Gi
+
+podSecurityContext:
+  # -- Run as `nobody` user
+  runAsUser: 65534
+  # -- Run as `nobody` group
+  runAsGroup: 65534
+  # -- Volume binds will be granted to `nobody` group
+  fsGroup: 65534