diff --git a/charts/tandoor/Chart.yaml b/charts/tandoor/Chart.yaml index 34732dacc..6280c4a11 100644 --- a/charts/tandoor/Chart.yaml +++ b/charts/tandoor/Chart.yaml @@ -4,7 +4,7 @@ description: Application for managing recipes, planning meals, building shopping home: https://charts.gabe565.com/charts/tandoor icon: https://raw.githubusercontent.com/vabene1111/recipes/master/docs/logo_color.svg type: application -version: 0.4.6 +version: 0.5.0 # renovate datasource=docker depName=vabene1111/recipes appVersion: 1.4.8 kubeVersion: ">=1.22.0-0" @@ -29,4 +29,6 @@ sources: annotations: artifacthub.io/changes: |- - kind: changed - description: Update vabene1111/recipes Docker tag to v1.4.8 + description: Run as non-root container + - kind: added + description: Add django-js-reverse emptyDir volume diff --git a/charts/tandoor/README.md b/charts/tandoor/README.md index 53eb55fe3..32627e92b 100644 --- a/charts/tandoor/README.md +++ b/charts/tandoor/README.md @@ -2,7 +2,7 @@ tandoor logo -![Version: 0.4.6](https://img.shields.io/badge/Version-0.4.6-informational?style=flat) +![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat) ![AppVersion: 1.4.8](https://img.shields.io/badge/AppVersion-1.4.8-informational?style=flat) @@ -92,6 +92,9 @@ N/A | image.tag | string | `"1.4.8"` | image tag | | ingress.main | object | See [values.yaml](./values.yaml) | Enable and configure ingress settings for the chart under this key. | | persistence | object | See [values.yaml](./values.yaml) | Configure persistence settings for the chart under this key. | +| podSecurityContext.fsGroup | int | `65534` | Volume binds will be granted to `nobody` group | +| podSecurityContext.runAsGroup | int | `65534` | Run as `nobody` group | +| podSecurityContext.runAsUser | int | `65534` | Run as `nobody` user | | postgresql | object | See [values.yaml](./values.yaml) | Enable and configure postgresql database subchart under this key. [[ref]](https://github.com/bitnami/charts/tree/master/bitnami/mariadb) | | service.main | object | See [values.yaml](./values.yaml) | Configures service settings for the chart. | diff --git a/charts/tandoor/templates/common.yaml b/charts/tandoor/templates/common.yaml index d7fe74255..5b2ef11dc 100644 --- a/charts/tandoor/templates/common.yaml +++ b/charts/tandoor/templates/common.yaml @@ -49,6 +49,9 @@ sidecars: ports: - containerPort: {{ .Values.service.main.ports.static.port }} name: static + securityContext: + runAsUser: 0 + runAsGroup: 0 volumeMounts: - name: nginx-config mountPath: /etc/nginx/conf.d/default.conf diff --git a/charts/tandoor/values.yaml b/charts/tandoor/values.yaml index 152bfe658..c09054f56 100644 --- a/charts/tandoor/values.yaml +++ b/charts/tandoor/values.yaml @@ -59,6 +59,10 @@ persistence: enabled: true type: emptyDir mountPath: /opt/recipes/staticfiles + django-js-reverse: + enabled: true + type: emptyDir + mountPath: /opt/recipes/cookbook/static/django_js_reverse # -- Enable and configure postgresql database subchart under this key. [[ref]](https://github.com/bitnami/charts/tree/master/bitnami/mariadb) # @default -- See [values.yaml](./values.yaml) @@ -72,3 +76,11 @@ postgresql: enabled: false # storageClass: "" # size: 8Gi + +podSecurityContext: + # -- Run as `nobody` user + runAsUser: 65534 + # -- Run as `nobody` group + runAsGroup: 65534 + # -- Volume binds will be granted to `nobody` group + fsGroup: 65534