change: Set security context by default to restrictive values

helm/configserver/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: template
   repository: file://../template
-  version: 0.2.1
-digest: sha256:674adb8dc3e80e29b3026aa77c48f3371661f8713fad03242cedb27f7c4c6958
-generated: "2023-11-04T12:38:57.160851+01:00"
+  version: 0.4.0
+digest: sha256:a075a598e4f3c78ef83e00df74dcce9d59423e03c658d9b5c9e6316285f0e7b7
+generated: "2024-02-04T22:23:32.36324+01:00"

helm/configserver/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: configserver
-version: 0.1.22
+version: 0.2.0
 type: application
 description: "Minimal Spring Boot config server"
 maintainers:
@@ -10,7 +10,7 @@ sources:
   - https://git.2martens.de/2martens/config-server
 dependencies:
   - name: template
-    version: 0.2.1
+    version: 0.4.0
     repository: file://../template
 annotations:
   artifacthub.io/images: |
@@ -21,7 +21,7 @@ annotations:
         - linux/arm64
   artifacthub.io/changes: |
     - kind: changed
-      description: Updated template chart
+      description: Use restrictive security context by default
   artifacthub.io/signKey: |
     fingerprint: F0F153B65BAD467201D7544E47393ABD1F96B7C8
     url: https://mafiasi.de/pks/key/47393ABD1F96B7C8.asc

helm/configserver/values.yaml

@@ -33,7 +33,13 @@ podSecurityContext: {}
 # fsGroup: 2000
 
 # Configure security context of the application container
-securityContext: {}
+securityContext:
+  seccompProfile:
+    type: RuntimeDefault
+  capabilities:
+    drop: ['ALL']
+  allowPrivilegeEscalation: false
+  readOnlyRootFilesystem: true
 #   capabilities:
 #     drop:
 #     - ALL

helm/kafka/Chart.lock

@@ -1,9 +1,9 @@
 dependencies:
 - name: prometheus-kafka-exporter
   repository: https://prometheus-community.github.io/helm-charts
-  version: 2.7.0
+  version: 2.8.0
 - name: template
   repository: file://../template
-  version: 0.2.1
-digest: sha256:e2d21f00281477823de1fc72ad0b9808011ff26e5ef1240d2d575c74d614741c
-generated: "2023-11-04T12:36:40.309371+01:00"
+  version: 0.4.0
+digest: sha256:99270b2900ea5d87d9ae01c8e88be33ccfb0d69e222f6a062860a16a69439d57
+generated: "2024-02-04T22:21:56.940604+01:00"

helm/kafka/Chart.yaml

@@ -2,21 +2,21 @@ apiVersion: v2
 name: kafka
 description: Simple Kafka chart to get started
 type: application
-version: 0.1.7
+version: 0.2.0
 maintainers:
   - name: Jim Martens
     url: https://2martens.de
 dependencies:
   - name: prometheus-kafka-exporter
-    version: 2.7.0
+    version: 2.8.0
     repository: https://prometheus-community.github.io/helm-charts
   - name: template
-    version: 0.2.1
+    version: 0.4.0
     repository: file://../template
 annotations:
   artifacthub.io/changes: |
     - kind: changed
-      description: Updated template chart version
+      description: Use restrictive security context by default
   artifacthub.io/signKey: |
     fingerprint: F0F153B65BAD467201D7544E47393ABD1F96B7C8
     url: https://mafiasi.de/pks/key/47393ABD1F96B7C8.asc

helm/kafka/values.yaml

@@ -33,7 +33,13 @@ podSecurityContext: {}
 # fsGroup: 2000
 
 # Configure security context of the application container
-securityContext: {}
+securityContext:
+  seccompProfile:
+    type: RuntimeDefault
+  capabilities:
+    drop: ['ALL']
+  allowPrivilegeEscalation: false
+  readOnlyRootFilesystem: true
 #   capabilities:
 #     drop:
 #     - ALL

helm/timetable/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: template
   repository: file://../template
-  version: 0.3.2
-digest: sha256:cfa91470789bc70f23902c7cbd7ca33512f918149e8d3f704122bc6cd85dce0c
-generated: "2024-01-09T21:57:03.505884+01:00"
+  version: 0.4.0
+digest: sha256:a075a598e4f3c78ef83e00df74dcce9d59423e03c658d9b5c9e6316285f0e7b7
+generated: "2024-02-04T22:26:18.289709+01:00"

helm/timetable/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: timetable
 description: Installs the Timetable backend into the Kubernetes cluster
 type: application
-version: 0.1.0
+version: 0.2.0
 maintainers:
   - name: Jim Martens
     url: https://2martens.de
@@ -10,7 +10,7 @@ sources:
   - https://github.com/2martens/tsw-timetable
 dependencies:
   - name: template
-    version: 0.3.3
+    version: 0.4.0
     repository: file://../template
 annotations:
   artifacthub.io/images: |
@@ -20,8 +20,8 @@ annotations:
         - linux/amd64
         - linux/arm64
   artifacthub.io/changes: |
-    - kind: added
-      description: Added timetable chart
+    - kind: changed
+      description: Use restrictive security context by default
   artifacthub.io/signKey: |
     fingerprint: F0F153B65BAD467201D7544E47393ABD1F96B7C8
     url: https://mafiasi.de/pks/key/47393ABD1F96B7C8.asc

helm/timetable/values.yaml

@@ -33,7 +33,13 @@ podSecurityContext: {}
 # fsGroup: 2000
 
 # Configure security context of the application container
-securityContext: {}
+securityContext:
+  seccompProfile:
+    type: RuntimeDefault
+  capabilities:
+    drop: ['ALL']
+  allowPrivilegeEscalation: false
+  readOnlyRootFilesystem: true
 #   capabilities:
 #     drop:
 #     - ALL

helm/wahlrecht/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: template
   repository: file://../template
-  version: 0.2.1
-digest: sha256:674adb8dc3e80e29b3026aa77c48f3371661f8713fad03242cedb27f7c4c6958
-generated: "2023-11-04T12:34:21.07171+01:00"
+  version: 0.4.0
+digest: sha256:a075a598e4f3c78ef83e00df74dcce9d59423e03c658d9b5c9e6316285f0e7b7
+generated: "2024-02-04T22:25:30.357923+01:00"

helm/wahlrecht/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: wahlrecht
 description: Installs the Wahlrecht API into the Kubernetes cluster
 type: application
-version: 0.2.0
+version: 0.3.0
 maintainers:
   - name: Jim Martens
     url: https://2martens.de
@@ -10,7 +10,7 @@ sources:
   - https://git.2martens.de/2martens/wahlrecht
 dependencies:
   - name: template
-    version: 0.2.1
+    version: 0.4.0
     repository: file://../template
 annotations:
   artifacthub.io/images: |
@@ -20,8 +20,8 @@ annotations:
         - linux/amd64
         - linux/arm64
   artifacthub.io/changes: |
-    - kind: added
-      description: Added support for vault secrets
+    - kind: changed
+      description: Use restrictive security context by default
   artifacthub.io/signKey: |
     fingerprint: F0F153B65BAD467201D7544E47393ABD1F96B7C8
     url: https://mafiasi.de/pks/key/47393ABD1F96B7C8.asc

helm/wahlrecht/values.yaml

@@ -33,7 +33,13 @@ podSecurityContext: {}
 # fsGroup: 2000
 
 # Configure security context of the application container
-securityContext: {}
+securityContext:
+  seccompProfile:
+    type: RuntimeDefault
+  capabilities:
+    drop: ['ALL']
+  allowPrivilegeEscalation: false
+  readOnlyRootFilesystem: true
 #   capabilities:
 #     drop:
 #     - ALL

helm/zookeeper/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: template
   repository: file://../template
-  version: 0.2.1
-digest: sha256:674adb8dc3e80e29b3026aa77c48f3371661f8713fad03242cedb27f7c4c6958
-generated: "2023-11-04T12:35:44.710232+01:00"
+  version: 0.4.0
+digest: sha256:a075a598e4f3c78ef83e00df74dcce9d59423e03c658d9b5c9e6316285f0e7b7
+generated: "2024-02-04T22:19:56.389512+01:00"

helm/zookeeper/Chart.yaml

@@ -2,18 +2,18 @@ apiVersion: v2
 name: zookeeper
 description: Simple Zookeeper chart to get started
 type: application
-version: 0.1.5
+version: 0.2.0
 maintainers:
   - name: Jim Martens
     url: https://2martens.de
 dependencies:
   - name: template
-    version: 0.2.1
+    version: 0.4.0
     repository: file://../template
 annotations:
   artifacthub.io/changes: |
     - kind: changed
-      description: Updated template chart
+      description: Use restrictive security context by default
   artifacthub.io/signKey: |
     fingerprint: F0F153B65BAD467201D7544E47393ABD1F96B7C8
     url: https://mafiasi.de/pks/key/47393ABD1F96B7C8.asc

helm/zookeeper/values.yaml

@@ -33,7 +33,13 @@ podSecurityContext: {}
 # fsGroup: 2000
 
 # Configure security context of the application container
-securityContext: {}
+securityContext:
+  seccompProfile:
+    type: RuntimeDefault
+  capabilities:
+    drop: ['ALL']
+  allowPrivilegeEscalation: false
+  readOnlyRootFilesystem: true
 #   capabilities:
 #     drop:
 #     - ALL