✨ Set default securityContext.fsGroup for non-root containers

gabe565 · Mar 26, 2023 · 1040c7a · 1040c7a
1 parent 45b9810
commit 1040c7a
Show file tree

Hide file tree

Showing 21 changed files with 57 additions and 26 deletions.
diff --git a/charts/bookstack/Chart.yaml b/charts/bookstack/Chart.yaml
@@ -4,7 +4,7 @@ description: A simple, self-hosted, easy-to-use platform for organising and stor
 home: https://charts.gabe565.com/charts/bookstack
 icon: https://raw.githubusercontent.com/gabe565/charts/main/charts/bookstack/icon.svg
 type: application
-version: 0.6.1
+version: 0.7.0
 # renovate datasource=docker depName=ghcr.io/linuxserver/bookstack
 appVersion: version-v23.02.2
 kubeVersion: ">=1.22.0-0"
@@ -28,4 +28,4 @@ sources:
 annotations:
   artifacthub.io/changes: |-
     - kind: changed
-      description: Update ghcr.io/linuxserver/bookstack Docker tag to version-v23.02.2
+      description: Set default value for `securityContext.fsGroup`
diff --git a/charts/bookstack/README.md b/charts/bookstack/README.md
@@ -2,7 +2,7 @@
 
 <img src="https://raw.githubusercontent.com/gabe565/charts/main/charts/bookstack/icon.svg" align="right" width="92" alt="bookstack logo">
 
-![Version: 0.6.1](https://img.shields.io/badge/Version-0.6.1-informational?style=flat)
+![Version: 0.7.0](https://img.shields.io/badge/Version-0.7.0-informational?style=flat)
 ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat)
 ![AppVersion: version-v23.02.2](https://img.shields.io/badge/AppVersion-version--v23.02.2-informational?style=flat)
 
@@ -92,6 +92,7 @@ N/A
 | ingress.main | object | See [values.yaml](./values.yaml) | Enable and configure ingress settings for the chart under this key. |
 | mariadb | object | See [values.yaml](./values.yaml) | Enable and configure mariadb database subchart under this key.    For more options see [mariadb chart documentation](https://github.com/bitnami/charts/tree/master/bitnami/mariadb) |
 | persistence.config | object | See [values.yaml](./values.yaml) | Configure persistence settings for the chart under this key. |
+| podSecurityContext.fsGroup | int | `911` | Volume group permissions |
 | service | object | See [values.yaml](./values.yaml) | Configures service settings for the chart. |
 | shelfPermissionsCron.command | list | See [values.yaml](./values.yaml) | Shelf permissions CronJob command |
 | shelfPermissionsCron.controller.cronjob.schedule | string | `"0 0 * * *"` | Shelf permissions CronJob time |

diff --git a/charts/bookstack/values.yaml b/charts/bookstack/values.yaml
@@ -74,3 +74,7 @@ shelfPermissionsCron:
     - bookstack:copy-shelf-permissions
     - --no-interaction
     - --all
+
+podSecurityContext:
+  # -- Volume group permissions
+  fsGroup: 911
diff --git a/charts/limo/Chart.yaml b/charts/limo/Chart.yaml
@@ -3,7 +3,7 @@ name: limo
 description: A file upload server.
 home: https://charts.gabe565.com/charts/limo
 type: application
-version: 0.4.3
+version: 0.5.0
 # renovate datasource=docker depName=ghcr.io/gabe565/limo
 appVersion: latest
 kubeVersion: ">=1.22.0-0"
@@ -21,4 +21,4 @@ sources:
 annotations:
   artifacthub.io/changes: |-
     - kind: changed
-      description: Update common Helm release to v1.3.2
+      description: Set default value for `securityContext.fsGroup`
diff --git a/charts/limo/README.md b/charts/limo/README.md
@@ -1,6 +1,6 @@
 # limo
 
-![Version: 0.4.3](https://img.shields.io/badge/Version-0.4.3-informational?style=flat)
+![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat)
 ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat)
 ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat)
 
@@ -88,6 +88,7 @@ N/A
 | image.tag | string | `"latest"` | image tag |
 | ingress.main | object | See [values.yaml](./values.yaml) | Enable and configure ingress settings for the chart under this key. |
 | persistence.data | object | See [values.yaml](./values.yaml) | Configure persistence settings for the chart under this key. |
+| podSecurityContext.fsGroup | int | `1000` | Volume group permissions |
 | postgresql | object | See [values.yaml](./values.yaml) | Enable and configure postgresql database subchart under this key.    For more options see [postgresql chart documentation](https://github.com/bitnami/charts/tree/master/bitnami/postgresql) |
 | service | object | See [values.yaml](./values.yaml) | Configures service settings for the chart. |
 

diff --git a/charts/limo/values.yaml b/charts/limo/values.yaml
@@ -59,3 +59,7 @@ postgresql:
   primary:
     persistence:
       enabled: false
+
+podSecurityContext:
+  # -- Volume group permissions
+  fsGroup: 1000
diff --git a/charts/matrimony/Chart.yaml b/charts/matrimony/Chart.yaml
@@ -4,7 +4,7 @@ description: Self-hosted wedding site configured via YAML
 home: https://charts.gabe565.com/charts/matrimony
 icon: https://raw.githubusercontent.com/gabe565/matrimony/b13163b384b27273080deb8d57d1222ba11337f9/frontend/public/img/logo.svg
 type: application
-version: 0.3.4
+version: 0.4.0
 # renovate datasource=docker depName=ghcr.io/gabe565/matrimony
 appVersion: latest
 kubeVersion: ">=1.22.0-0"
@@ -17,5 +17,5 @@ sources:
   - https://github.com/gabe565/matrimony
 annotations:
   artifacthub.io/changes: |-
-    - kind: added
-      description: Add app icon
+    - kind: changed
+      description: Set default value for `securityContext.fsGroup`
diff --git a/charts/matrimony/README.md b/charts/matrimony/README.md
@@ -2,7 +2,7 @@
 
 <img src="https://raw.githubusercontent.com/gabe565/matrimony/b13163b384b27273080deb8d57d1222ba11337f9/frontend/public/img/logo.svg" align="right" width="92" alt="matrimony logo">
 
-![Version: 0.3.4](https://img.shields.io/badge/Version-0.3.4-informational?style=flat)
+![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat)
 ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat)
 ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat)
 
@@ -89,6 +89,7 @@ N/A
 | image.tag | string | `"latest"` | image tag |
 | ingress.main | object | See [values.yaml](./values.yaml) | Enable and configure ingress settings for the chart under this key. |
 | persistence.data | object | See [values.yaml](./values.yaml) | Configure persistence settings for the chart under this key. |
+| podSecurityContext.fsGroup | int | `1000` | Volume group permissions |
 | service | object | See [values.yaml](./values.yaml) | Configures service settings for the chart. |
 
 ---

diff --git a/charts/matrimony/values.yaml b/charts/matrimony/values.yaml
@@ -40,3 +40,7 @@ persistence:
   # @default -- See [values.yaml](./values.yaml)
   data:
     enabled: false
+
+podSecurityContext:
+  # -- Volume group permissions
+  fsGroup: 1000
diff --git a/charts/monica/Chart.yaml b/charts/monica/Chart.yaml
@@ -4,7 +4,7 @@ description: Personal CRM. Remember everything about your friends, family and bu
 home: https://charts.gabe565.com/charts/monica
 icon: https://raw.githubusercontent.com/monicahq/monica/main/public/img/monica.svg
 type: application
-version: 0.4.3
+version: 0.5.0
 # renovate datasource=docker depName=monica
 appVersion: 4.0.0-fpm-alpine
 kubeVersion: ">=1.22.0-0"
@@ -24,4 +24,4 @@ dependencies:
 annotations:
   artifacthub.io/changes: |-
     - kind: changed
-      description: Update common Helm release to v1.3.2
+      description: Set default value for `securityContext.fsGroup`
diff --git a/charts/monica/README.md b/charts/monica/README.md
@@ -2,7 +2,7 @@
 
 <img src="https://raw.githubusercontent.com/monicahq/monica/main/public/img/monica.svg" align="right" width="92" alt="monica logo">
 
-![Version: 0.4.3](https://img.shields.io/badge/Version-0.4.3-informational?style=flat)
+![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat)
 ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat)
 ![AppVersion: 4.0.0-fpm-alpine](https://img.shields.io/badge/AppVersion-4.0.0--fpm--alpine-informational?style=flat)
 
@@ -97,6 +97,7 @@ N/A
 | nginx.image.repository | string | `"nginx"` | Nginx image repository |
 | nginx.image.tag | string | `"stable-alpine"` | Nginx image tag |
 | persistence.storage | object | See [values.yaml](./values.yaml) | Configure persistence settings for the chart under this key. |
+| podSecurityContext.fsGroup | int | `82` | Volume group permissions |
 | service.main | object | See [values.yaml](./values.yaml) | Configures service settings for the chart. |
 
 ---

diff --git a/charts/monica/values.yaml b/charts/monica/values.yaml
@@ -77,3 +77,7 @@ nginx:
     tag: stable-alpine
     # -- Nginx image pull policy
     pullPolicy: Always
+
+podSecurityContext:
+  # -- Volume group permissions
+  fsGroup: 82
diff --git a/charts/pictshare/Chart.yaml b/charts/pictshare/Chart.yaml
@@ -4,7 +4,7 @@ description: PictShare is an open source image, mp4, pastebin hosting service wi
 home: https://charts.gabe565.com/charts/pictshare
 icon: https://camo.githubusercontent.com/6efdab1c63d518fafc5e735001c5ed45e7cbd4958952cdd972e2630eee881d97/68747470733a2f2f7069637473686172652e6e65742f706868796e6a2e706e67
 type: application
-version: 0.3.2
+version: 0.4.0
 # renovate datasource=docker depName=hascheksolutions/pictshare
 appVersion: 72394f17
 kubeVersion: ">=1.22.0-0"
@@ -23,4 +23,4 @@ sources:
 annotations:
   artifacthub.io/changes: |-
     - kind: changed
-      description: Update common Helm release to v1.3.2
+      description: Set default value for `securityContext.fsGroup`
diff --git a/charts/pictshare/README.md b/charts/pictshare/README.md
@@ -2,7 +2,7 @@
 
 <img src="https://camo.githubusercontent.com/6efdab1c63d518fafc5e735001c5ed45e7cbd4958952cdd972e2630eee881d97/68747470733a2f2f7069637473686172652e6e65742f706868796e6a2e706e67" align="right" width="92" alt="pictshare logo">
 
-![Version: 0.3.2](https://img.shields.io/badge/Version-0.3.2-informational?style=flat)
+![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat)
 ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat)
 ![AppVersion: 72394f17](https://img.shields.io/badge/AppVersion-72394f17-informational?style=flat)
 
@@ -89,6 +89,7 @@ N/A
 | image.tag | string | `"72394f17"` | image tag |
 | ingress.main | object | See [values.yaml](./values.yaml) | Enable and configure ingress settings for the chart under this key. |
 | persistence.data | object | See [values.yaml](./values.yaml) | Configure persistence settings for the chart under this key. |
+| podSecurityContext.fsGroup | int | `100` | Volume group permissions |
 | service | object | See [values.yaml](./values.yaml) | Configures service settings for the chart. |
 
 ---

diff --git a/charts/pictshare/values.yaml b/charts/pictshare/values.yaml
@@ -41,3 +41,7 @@ persistence:
   data:
     enabled: false
     mountPath: /var/www/data
+
+podSecurityContext:
+  # -- Volume group permissions
+  fsGroup: 100
diff --git a/charts/portfolio/Chart.yaml b/charts/portfolio/Chart.yaml
@@ -4,7 +4,7 @@ description: My personal portfolio website
 home: https://charts.gabe565.com/charts/portfolio
 icon: https://raw.githubusercontent.com/gabe565/portfolio/0f0e80ce2f29e9382a64e7fc6fe2ed1a9993971b/public/android-chrome-512x512.png
 type: application
-version: 0.6.0
+version: 0.7.0
 # renovate datasource=docker depName=ghcr.io/gabe565/portfolio
 appVersion: latest
 kubeVersion: ">=1.22.0-0"
@@ -17,9 +17,5 @@ sources:
   - https://github.com/gabe565/portfolio
 annotations:
   artifacthub.io/changes: |-
-    - kind: added
-      description: Added default persistence config
     - kind: changed
-      description: Change default port to 80
-    - kind: removed
-      description: Remove postgresql Helm dependency
+      description: Set default value for `securityContext.fsGroup`
diff --git a/charts/portfolio/README.md b/charts/portfolio/README.md
@@ -2,7 +2,7 @@
 
 <img src="https://raw.githubusercontent.com/gabe565/portfolio/0f0e80ce2f29e9382a64e7fc6fe2ed1a9993971b/public/android-chrome-512x512.png" align="right" width="92" alt="portfolio logo">
 
-![Version: 0.6.0](https://img.shields.io/badge/Version-0.6.0-informational?style=flat)
+![Version: 0.7.0](https://img.shields.io/badge/Version-0.7.0-informational?style=flat)
 ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat)
 ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat)
 
@@ -89,6 +89,7 @@ N/A
 | image.tag | string | `"latest"` | image tag |
 | ingress.main | object | See [values.yaml](./values.yaml) | Enable and configure ingress settings for the chart under this key. |
 | persistence.data | object | See [values.yaml](./values.yaml) | Configure persistence settings for the chart under this key. |
+| podSecurityContext.fsGroup | int | `1000` | Volume group permissions |
 | service | object | See [values.yaml](./values.yaml) | Configures service settings for the chart. |
 
 ---

diff --git a/charts/portfolio/values.yaml b/charts/portfolio/values.yaml
@@ -40,3 +40,7 @@ persistence:
   # @default -- See [values.yaml](./values.yaml)
   data:
     enabled: false
+
+podSecurityContext:
+  # -- Volume group permissions
+  fsGroup: 1000
diff --git a/charts/relax-sounds/Chart.yaml b/charts/relax-sounds/Chart.yaml
@@ -4,7 +4,7 @@ description: Relax Sounds is a website that lets you stream relaxing sounds to y
 home: https://charts.gabe565.com/charts/relax-sounds
 icon: https://github.com/gabe565/relax-sounds/raw/3e55b07a957f2e20aceeeba1d36226791f2f1569/frontend/src/assets/icon-purple.svg
 type: application
-version: 0.3.4
+version: 0.4.0
 # renovate datasource=docker depName=ghcr.io/gabe565/relax-sounds
 appVersion: latest
 kubeVersion: ">=1.22.0-0"
@@ -18,4 +18,4 @@ sources:
 annotations:
   artifacthub.io/changes: |-
     - kind: changed
-      description: Update app icon
+      description: Set default value for `securityContext.fsGroup`
diff --git a/charts/relax-sounds/README.md b/charts/relax-sounds/README.md
@@ -2,7 +2,7 @@
 
 <img src="https://github.com/gabe565/relax-sounds/raw/3e55b07a957f2e20aceeeba1d36226791f2f1569/frontend/src/assets/icon-purple.svg" align="right" width="92" alt="relax-sounds logo">
 
-![Version: 0.3.4](https://img.shields.io/badge/Version-0.3.4-informational?style=flat)
+![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat)
 ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat)
 ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat)
 
@@ -89,6 +89,7 @@ N/A
 | image.tag | string | `"latest"` | image tag |
 | ingress.main | object | See [values.yaml](./values.yaml) | Enable and configure ingress settings for the chart under this key. |
 | persistence.data | object | See [values.yaml](./values.yaml) | Configure persistence settings for the chart under this key. |
+| podSecurityContext.fsGroup | int | `1000` | Volume group permissions |
 | service | object | See [values.yaml](./values.yaml) | Configures service settings for the chart. |
 
 ---

diff --git a/charts/relax-sounds/values.yaml b/charts/relax-sounds/values.yaml
@@ -41,3 +41,7 @@ persistence:
   data:
     enabled: false
     mountPath: /data
+
+podSecurityContext:
+  # -- Volume group permissions
+  fsGroup: 1000