From 1040c7a0a4a2b71691544719e06c4956fa1d20cc Mon Sep 17 00:00:00 2001 From: Gabe Cook Date: Sun, 26 Mar 2023 17:39:29 -0500 Subject: [PATCH] :sparkles: Set default `securityContext.fsGroup` for non-root containers --- charts/bookstack/Chart.yaml | 4 ++-- charts/bookstack/README.md | 3 ++- charts/bookstack/values.yaml | 4 ++++ charts/limo/Chart.yaml | 4 ++-- charts/limo/README.md | 3 ++- charts/limo/values.yaml | 4 ++++ charts/matrimony/Chart.yaml | 6 +++--- charts/matrimony/README.md | 3 ++- charts/matrimony/values.yaml | 4 ++++ charts/monica/Chart.yaml | 4 ++-- charts/monica/README.md | 3 ++- charts/monica/values.yaml | 4 ++++ charts/pictshare/Chart.yaml | 4 ++-- charts/pictshare/README.md | 3 ++- charts/pictshare/values.yaml | 4 ++++ charts/portfolio/Chart.yaml | 8 ++------ charts/portfolio/README.md | 3 ++- charts/portfolio/values.yaml | 4 ++++ charts/relax-sounds/Chart.yaml | 4 ++-- charts/relax-sounds/README.md | 3 ++- charts/relax-sounds/values.yaml | 4 ++++ 21 files changed, 57 insertions(+), 26 deletions(-) diff --git a/charts/bookstack/Chart.yaml b/charts/bookstack/Chart.yaml index 5ab61765c..9dcbf44aa 100644 --- a/charts/bookstack/Chart.yaml +++ b/charts/bookstack/Chart.yaml @@ -4,7 +4,7 @@ description: A simple, self-hosted, easy-to-use platform for organising and stor home: https://charts.gabe565.com/charts/bookstack icon: https://raw.githubusercontent.com/gabe565/charts/main/charts/bookstack/icon.svg type: application -version: 0.6.1 +version: 0.7.0 # renovate datasource=docker depName=ghcr.io/linuxserver/bookstack appVersion: version-v23.02.2 kubeVersion: ">=1.22.0-0" @@ -28,4 +28,4 @@ sources: annotations: artifacthub.io/changes: |- - kind: changed - description: Update ghcr.io/linuxserver/bookstack Docker tag to version-v23.02.2 + description: Set default value for `securityContext.fsGroup` diff --git a/charts/bookstack/README.md b/charts/bookstack/README.md index 641a3d9f5..58d941f8b 100644 --- a/charts/bookstack/README.md +++ b/charts/bookstack/README.md @@ -2,7 +2,7 @@ bookstack logo -![Version: 0.6.1](https://img.shields.io/badge/Version-0.6.1-informational?style=flat) +![Version: 0.7.0](https://img.shields.io/badge/Version-0.7.0-informational?style=flat) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat) ![AppVersion: version-v23.02.2](https://img.shields.io/badge/AppVersion-version--v23.02.2-informational?style=flat) @@ -92,6 +92,7 @@ N/A | ingress.main | object | See [values.yaml](./values.yaml) | Enable and configure ingress settings for the chart under this key. | | mariadb | object | See [values.yaml](./values.yaml) | Enable and configure mariadb database subchart under this key. For more options see [mariadb chart documentation](https://github.com/bitnami/charts/tree/master/bitnami/mariadb) | | persistence.config | object | See [values.yaml](./values.yaml) | Configure persistence settings for the chart under this key. | +| podSecurityContext.fsGroup | int | `911` | Volume group permissions | | service | object | See [values.yaml](./values.yaml) | Configures service settings for the chart. | | shelfPermissionsCron.command | list | See [values.yaml](./values.yaml) | Shelf permissions CronJob command | | shelfPermissionsCron.controller.cronjob.schedule | string | `"0 0 * * *"` | Shelf permissions CronJob time | diff --git a/charts/bookstack/values.yaml b/charts/bookstack/values.yaml index 26c3dd71a..a99844101 100644 --- a/charts/bookstack/values.yaml +++ b/charts/bookstack/values.yaml @@ -74,3 +74,7 @@ shelfPermissionsCron: - bookstack:copy-shelf-permissions - --no-interaction - --all + +podSecurityContext: + # -- Volume group permissions + fsGroup: 911 diff --git a/charts/limo/Chart.yaml b/charts/limo/Chart.yaml index 07e2811bc..03664306d 100644 --- a/charts/limo/Chart.yaml +++ b/charts/limo/Chart.yaml @@ -3,7 +3,7 @@ name: limo description: A file upload server. home: https://charts.gabe565.com/charts/limo type: application -version: 0.4.3 +version: 0.5.0 # renovate datasource=docker depName=ghcr.io/gabe565/limo appVersion: latest kubeVersion: ">=1.22.0-0" @@ -21,4 +21,4 @@ sources: annotations: artifacthub.io/changes: |- - kind: changed - description: Update common Helm release to v1.3.2 + description: Set default value for `securityContext.fsGroup` diff --git a/charts/limo/README.md b/charts/limo/README.md index aa55fe5bc..a3cbe4ecb 100644 --- a/charts/limo/README.md +++ b/charts/limo/README.md @@ -1,6 +1,6 @@ # limo -![Version: 0.4.3](https://img.shields.io/badge/Version-0.4.3-informational?style=flat) +![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat) @@ -88,6 +88,7 @@ N/A | image.tag | string | `"latest"` | image tag | | ingress.main | object | See [values.yaml](./values.yaml) | Enable and configure ingress settings for the chart under this key. | | persistence.data | object | See [values.yaml](./values.yaml) | Configure persistence settings for the chart under this key. | +| podSecurityContext.fsGroup | int | `1000` | Volume group permissions | | postgresql | object | See [values.yaml](./values.yaml) | Enable and configure postgresql database subchart under this key. For more options see [postgresql chart documentation](https://github.com/bitnami/charts/tree/master/bitnami/postgresql) | | service | object | See [values.yaml](./values.yaml) | Configures service settings for the chart. | diff --git a/charts/limo/values.yaml b/charts/limo/values.yaml index f53263413..ef76e46da 100644 --- a/charts/limo/values.yaml +++ b/charts/limo/values.yaml @@ -59,3 +59,7 @@ postgresql: primary: persistence: enabled: false + +podSecurityContext: + # -- Volume group permissions + fsGroup: 1000 diff --git a/charts/matrimony/Chart.yaml b/charts/matrimony/Chart.yaml index 0981daf49..100ecf996 100644 --- a/charts/matrimony/Chart.yaml +++ b/charts/matrimony/Chart.yaml @@ -4,7 +4,7 @@ description: Self-hosted wedding site configured via YAML home: https://charts.gabe565.com/charts/matrimony icon: https://raw.githubusercontent.com/gabe565/matrimony/b13163b384b27273080deb8d57d1222ba11337f9/frontend/public/img/logo.svg type: application -version: 0.3.4 +version: 0.4.0 # renovate datasource=docker depName=ghcr.io/gabe565/matrimony appVersion: latest kubeVersion: ">=1.22.0-0" @@ -17,5 +17,5 @@ sources: - https://github.com/gabe565/matrimony annotations: artifacthub.io/changes: |- - - kind: added - description: Add app icon + - kind: changed + description: Set default value for `securityContext.fsGroup` diff --git a/charts/matrimony/README.md b/charts/matrimony/README.md index c5a0a6234..a95a12db8 100644 --- a/charts/matrimony/README.md +++ b/charts/matrimony/README.md @@ -2,7 +2,7 @@ matrimony logo -![Version: 0.3.4](https://img.shields.io/badge/Version-0.3.4-informational?style=flat) +![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat) @@ -89,6 +89,7 @@ N/A | image.tag | string | `"latest"` | image tag | | ingress.main | object | See [values.yaml](./values.yaml) | Enable and configure ingress settings for the chart under this key. | | persistence.data | object | See [values.yaml](./values.yaml) | Configure persistence settings for the chart under this key. | +| podSecurityContext.fsGroup | int | `1000` | Volume group permissions | | service | object | See [values.yaml](./values.yaml) | Configures service settings for the chart. | --- diff --git a/charts/matrimony/values.yaml b/charts/matrimony/values.yaml index e85cb997e..d079f9a0b 100644 --- a/charts/matrimony/values.yaml +++ b/charts/matrimony/values.yaml @@ -40,3 +40,7 @@ persistence: # @default -- See [values.yaml](./values.yaml) data: enabled: false + +podSecurityContext: + # -- Volume group permissions + fsGroup: 1000 diff --git a/charts/monica/Chart.yaml b/charts/monica/Chart.yaml index 9f8826c13..77fd7c3f9 100644 --- a/charts/monica/Chart.yaml +++ b/charts/monica/Chart.yaml @@ -4,7 +4,7 @@ description: Personal CRM. Remember everything about your friends, family and bu home: https://charts.gabe565.com/charts/monica icon: https://raw.githubusercontent.com/monicahq/monica/main/public/img/monica.svg type: application -version: 0.4.3 +version: 0.5.0 # renovate datasource=docker depName=monica appVersion: 4.0.0-fpm-alpine kubeVersion: ">=1.22.0-0" @@ -24,4 +24,4 @@ dependencies: annotations: artifacthub.io/changes: |- - kind: changed - description: Update common Helm release to v1.3.2 + description: Set default value for `securityContext.fsGroup` diff --git a/charts/monica/README.md b/charts/monica/README.md index 1ba126f32..3733e1aab 100644 --- a/charts/monica/README.md +++ b/charts/monica/README.md @@ -2,7 +2,7 @@ monica logo -![Version: 0.4.3](https://img.shields.io/badge/Version-0.4.3-informational?style=flat) +![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat) ![AppVersion: 4.0.0-fpm-alpine](https://img.shields.io/badge/AppVersion-4.0.0--fpm--alpine-informational?style=flat) @@ -97,6 +97,7 @@ N/A | nginx.image.repository | string | `"nginx"` | Nginx image repository | | nginx.image.tag | string | `"stable-alpine"` | Nginx image tag | | persistence.storage | object | See [values.yaml](./values.yaml) | Configure persistence settings for the chart under this key. | +| podSecurityContext.fsGroup | int | `82` | Volume group permissions | | service.main | object | See [values.yaml](./values.yaml) | Configures service settings for the chart. | --- diff --git a/charts/monica/values.yaml b/charts/monica/values.yaml index e9706b61c..62f0de74f 100644 --- a/charts/monica/values.yaml +++ b/charts/monica/values.yaml @@ -77,3 +77,7 @@ nginx: tag: stable-alpine # -- Nginx image pull policy pullPolicy: Always + +podSecurityContext: + # -- Volume group permissions + fsGroup: 82 diff --git a/charts/pictshare/Chart.yaml b/charts/pictshare/Chart.yaml index 8cbc7ca1a..a654847b9 100644 --- a/charts/pictshare/Chart.yaml +++ b/charts/pictshare/Chart.yaml @@ -4,7 +4,7 @@ description: PictShare is an open source image, mp4, pastebin hosting service wi home: https://charts.gabe565.com/charts/pictshare icon: https://camo.githubusercontent.com/6efdab1c63d518fafc5e735001c5ed45e7cbd4958952cdd972e2630eee881d97/68747470733a2f2f7069637473686172652e6e65742f706868796e6a2e706e67 type: application -version: 0.3.2 +version: 0.4.0 # renovate datasource=docker depName=hascheksolutions/pictshare appVersion: 72394f17 kubeVersion: ">=1.22.0-0" @@ -23,4 +23,4 @@ sources: annotations: artifacthub.io/changes: |- - kind: changed - description: Update common Helm release to v1.3.2 + description: Set default value for `securityContext.fsGroup` diff --git a/charts/pictshare/README.md b/charts/pictshare/README.md index bdae69977..41c0b0444 100644 --- a/charts/pictshare/README.md +++ b/charts/pictshare/README.md @@ -2,7 +2,7 @@ pictshare logo -![Version: 0.3.2](https://img.shields.io/badge/Version-0.3.2-informational?style=flat) +![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat) ![AppVersion: 72394f17](https://img.shields.io/badge/AppVersion-72394f17-informational?style=flat) @@ -89,6 +89,7 @@ N/A | image.tag | string | `"72394f17"` | image tag | | ingress.main | object | See [values.yaml](./values.yaml) | Enable and configure ingress settings for the chart under this key. | | persistence.data | object | See [values.yaml](./values.yaml) | Configure persistence settings for the chart under this key. | +| podSecurityContext.fsGroup | int | `100` | Volume group permissions | | service | object | See [values.yaml](./values.yaml) | Configures service settings for the chart. | --- diff --git a/charts/pictshare/values.yaml b/charts/pictshare/values.yaml index bad8b1a4d..c8824fcb6 100644 --- a/charts/pictshare/values.yaml +++ b/charts/pictshare/values.yaml @@ -41,3 +41,7 @@ persistence: data: enabled: false mountPath: /var/www/data + +podSecurityContext: + # -- Volume group permissions + fsGroup: 100 diff --git a/charts/portfolio/Chart.yaml b/charts/portfolio/Chart.yaml index ced9d984b..0bf0588cc 100644 --- a/charts/portfolio/Chart.yaml +++ b/charts/portfolio/Chart.yaml @@ -4,7 +4,7 @@ description: My personal portfolio website home: https://charts.gabe565.com/charts/portfolio icon: https://raw.githubusercontent.com/gabe565/portfolio/0f0e80ce2f29e9382a64e7fc6fe2ed1a9993971b/public/android-chrome-512x512.png type: application -version: 0.6.0 +version: 0.7.0 # renovate datasource=docker depName=ghcr.io/gabe565/portfolio appVersion: latest kubeVersion: ">=1.22.0-0" @@ -17,9 +17,5 @@ sources: - https://github.com/gabe565/portfolio annotations: artifacthub.io/changes: |- - - kind: added - description: Added default persistence config - kind: changed - description: Change default port to 80 - - kind: removed - description: Remove postgresql Helm dependency + description: Set default value for `securityContext.fsGroup` diff --git a/charts/portfolio/README.md b/charts/portfolio/README.md index f634ef921..596ad4d72 100644 --- a/charts/portfolio/README.md +++ b/charts/portfolio/README.md @@ -2,7 +2,7 @@ portfolio logo -![Version: 0.6.0](https://img.shields.io/badge/Version-0.6.0-informational?style=flat) +![Version: 0.7.0](https://img.shields.io/badge/Version-0.7.0-informational?style=flat) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat) @@ -89,6 +89,7 @@ N/A | image.tag | string | `"latest"` | image tag | | ingress.main | object | See [values.yaml](./values.yaml) | Enable and configure ingress settings for the chart under this key. | | persistence.data | object | See [values.yaml](./values.yaml) | Configure persistence settings for the chart under this key. | +| podSecurityContext.fsGroup | int | `1000` | Volume group permissions | | service | object | See [values.yaml](./values.yaml) | Configures service settings for the chart. | --- diff --git a/charts/portfolio/values.yaml b/charts/portfolio/values.yaml index 6bf1c7b42..789c8c9ff 100644 --- a/charts/portfolio/values.yaml +++ b/charts/portfolio/values.yaml @@ -40,3 +40,7 @@ persistence: # @default -- See [values.yaml](./values.yaml) data: enabled: false + +podSecurityContext: + # -- Volume group permissions + fsGroup: 1000 diff --git a/charts/relax-sounds/Chart.yaml b/charts/relax-sounds/Chart.yaml index 4e2617a4b..2002aaa0e 100644 --- a/charts/relax-sounds/Chart.yaml +++ b/charts/relax-sounds/Chart.yaml @@ -4,7 +4,7 @@ description: Relax Sounds is a website that lets you stream relaxing sounds to y home: https://charts.gabe565.com/charts/relax-sounds icon: https://github.com/gabe565/relax-sounds/raw/3e55b07a957f2e20aceeeba1d36226791f2f1569/frontend/src/assets/icon-purple.svg type: application -version: 0.3.4 +version: 0.4.0 # renovate datasource=docker depName=ghcr.io/gabe565/relax-sounds appVersion: latest kubeVersion: ">=1.22.0-0" @@ -18,4 +18,4 @@ sources: annotations: artifacthub.io/changes: |- - kind: changed - description: Update app icon + description: Set default value for `securityContext.fsGroup` diff --git a/charts/relax-sounds/README.md b/charts/relax-sounds/README.md index f1451c839..16789c351 100644 --- a/charts/relax-sounds/README.md +++ b/charts/relax-sounds/README.md @@ -2,7 +2,7 @@ relax-sounds logo -![Version: 0.3.4](https://img.shields.io/badge/Version-0.3.4-informational?style=flat) +![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat) @@ -89,6 +89,7 @@ N/A | image.tag | string | `"latest"` | image tag | | ingress.main | object | See [values.yaml](./values.yaml) | Enable and configure ingress settings for the chart under this key. | | persistence.data | object | See [values.yaml](./values.yaml) | Configure persistence settings for the chart under this key. | +| podSecurityContext.fsGroup | int | `1000` | Volume group permissions | | service | object | See [values.yaml](./values.yaml) | Configures service settings for the chart. | --- diff --git a/charts/relax-sounds/values.yaml b/charts/relax-sounds/values.yaml index da80dac8c..ff5f50c40 100644 --- a/charts/relax-sounds/values.yaml +++ b/charts/relax-sounds/values.yaml @@ -41,3 +41,7 @@ persistence: data: enabled: false mountPath: /data + +podSecurityContext: + # -- Volume group permissions + fsGroup: 1000