change: Set security context by default to restrictive values
This commit is contained in:
parent
2bc1d19ee1
commit
d94fa69459
|
@ -1,6 +1,6 @@
|
|||
dependencies:
|
||||
- name: template
|
||||
repository: file://../template
|
||||
version: 0.2.1
|
||||
digest: sha256:674adb8dc3e80e29b3026aa77c48f3371661f8713fad03242cedb27f7c4c6958
|
||||
generated: "2023-11-04T12:38:57.160851+01:00"
|
||||
version: 0.4.0
|
||||
digest: sha256:a075a598e4f3c78ef83e00df74dcce9d59423e03c658d9b5c9e6316285f0e7b7
|
||||
generated: "2024-02-04T22:23:32.36324+01:00"
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
apiVersion: v2
|
||||
name: configserver
|
||||
version: 0.1.22
|
||||
version: 0.2.0
|
||||
type: application
|
||||
description: "Minimal Spring Boot config server"
|
||||
maintainers:
|
||||
|
@ -10,7 +10,7 @@ sources:
|
|||
- https://git.2martens.de/2martens/config-server
|
||||
dependencies:
|
||||
- name: template
|
||||
version: 0.2.1
|
||||
version: 0.4.0
|
||||
repository: file://../template
|
||||
annotations:
|
||||
artifacthub.io/images: |
|
||||
|
@ -21,7 +21,7 @@ annotations:
|
|||
- linux/arm64
|
||||
artifacthub.io/changes: |
|
||||
- kind: changed
|
||||
description: Updated template chart
|
||||
description: Use restrictive security context by default
|
||||
artifacthub.io/signKey: |
|
||||
fingerprint: F0F153B65BAD467201D7544E47393ABD1F96B7C8
|
||||
url: https://mafiasi.de/pks/key/47393ABD1F96B7C8.asc
|
||||
|
|
|
@ -33,7 +33,13 @@ podSecurityContext: {}
|
|||
# fsGroup: 2000
|
||||
|
||||
# Configure security context of the application container
|
||||
securityContext: {}
|
||||
securityContext:
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
capabilities:
|
||||
drop: ['ALL']
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
# capabilities:
|
||||
# drop:
|
||||
# - ALL
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
dependencies:
|
||||
- name: prometheus-kafka-exporter
|
||||
repository: https://prometheus-community.github.io/helm-charts
|
||||
version: 2.7.0
|
||||
version: 2.8.0
|
||||
- name: template
|
||||
repository: file://../template
|
||||
version: 0.2.1
|
||||
digest: sha256:e2d21f00281477823de1fc72ad0b9808011ff26e5ef1240d2d575c74d614741c
|
||||
generated: "2023-11-04T12:36:40.309371+01:00"
|
||||
version: 0.4.0
|
||||
digest: sha256:99270b2900ea5d87d9ae01c8e88be33ccfb0d69e222f6a062860a16a69439d57
|
||||
generated: "2024-02-04T22:21:56.940604+01:00"
|
||||
|
|
|
@ -2,21 +2,21 @@ apiVersion: v2
|
|||
name: kafka
|
||||
description: Simple Kafka chart to get started
|
||||
type: application
|
||||
version: 0.1.7
|
||||
version: 0.2.0
|
||||
maintainers:
|
||||
- name: Jim Martens
|
||||
url: https://2martens.de
|
||||
dependencies:
|
||||
- name: prometheus-kafka-exporter
|
||||
version: 2.7.0
|
||||
version: 2.8.0
|
||||
repository: https://prometheus-community.github.io/helm-charts
|
||||
- name: template
|
||||
version: 0.2.1
|
||||
version: 0.4.0
|
||||
repository: file://../template
|
||||
annotations:
|
||||
artifacthub.io/changes: |
|
||||
- kind: changed
|
||||
description: Updated template chart version
|
||||
description: Use restrictive security context by default
|
||||
artifacthub.io/signKey: |
|
||||
fingerprint: F0F153B65BAD467201D7544E47393ABD1F96B7C8
|
||||
url: https://mafiasi.de/pks/key/47393ABD1F96B7C8.asc
|
||||
|
|
|
@ -33,7 +33,13 @@ podSecurityContext: {}
|
|||
# fsGroup: 2000
|
||||
|
||||
# Configure security context of the application container
|
||||
securityContext: {}
|
||||
securityContext:
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
capabilities:
|
||||
drop: ['ALL']
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
# capabilities:
|
||||
# drop:
|
||||
# - ALL
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
dependencies:
|
||||
- name: template
|
||||
repository: file://../template
|
||||
version: 0.3.2
|
||||
digest: sha256:cfa91470789bc70f23902c7cbd7ca33512f918149e8d3f704122bc6cd85dce0c
|
||||
generated: "2024-01-09T21:57:03.505884+01:00"
|
||||
version: 0.4.0
|
||||
digest: sha256:a075a598e4f3c78ef83e00df74dcce9d59423e03c658d9b5c9e6316285f0e7b7
|
||||
generated: "2024-02-04T22:26:18.289709+01:00"
|
||||
|
|
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||
name: timetable
|
||||
description: Installs the Timetable backend into the Kubernetes cluster
|
||||
type: application
|
||||
version: 0.1.0
|
||||
version: 0.2.0
|
||||
maintainers:
|
||||
- name: Jim Martens
|
||||
url: https://2martens.de
|
||||
|
@ -10,7 +10,7 @@ sources:
|
|||
- https://github.com/2martens/tsw-timetable
|
||||
dependencies:
|
||||
- name: template
|
||||
version: 0.3.3
|
||||
version: 0.4.0
|
||||
repository: file://../template
|
||||
annotations:
|
||||
artifacthub.io/images: |
|
||||
|
@ -20,8 +20,8 @@ annotations:
|
|||
- linux/amd64
|
||||
- linux/arm64
|
||||
artifacthub.io/changes: |
|
||||
- kind: added
|
||||
description: Added timetable chart
|
||||
- kind: changed
|
||||
description: Use restrictive security context by default
|
||||
artifacthub.io/signKey: |
|
||||
fingerprint: F0F153B65BAD467201D7544E47393ABD1F96B7C8
|
||||
url: https://mafiasi.de/pks/key/47393ABD1F96B7C8.asc
|
||||
|
|
|
@ -33,7 +33,13 @@ podSecurityContext: {}
|
|||
# fsGroup: 2000
|
||||
|
||||
# Configure security context of the application container
|
||||
securityContext: {}
|
||||
securityContext:
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
capabilities:
|
||||
drop: ['ALL']
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
# capabilities:
|
||||
# drop:
|
||||
# - ALL
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
dependencies:
|
||||
- name: template
|
||||
repository: file://../template
|
||||
version: 0.2.1
|
||||
digest: sha256:674adb8dc3e80e29b3026aa77c48f3371661f8713fad03242cedb27f7c4c6958
|
||||
generated: "2023-11-04T12:34:21.07171+01:00"
|
||||
version: 0.4.0
|
||||
digest: sha256:a075a598e4f3c78ef83e00df74dcce9d59423e03c658d9b5c9e6316285f0e7b7
|
||||
generated: "2024-02-04T22:25:30.357923+01:00"
|
||||
|
|
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||
name: wahlrecht
|
||||
description: Installs the Wahlrecht API into the Kubernetes cluster
|
||||
type: application
|
||||
version: 0.2.0
|
||||
version: 0.3.0
|
||||
maintainers:
|
||||
- name: Jim Martens
|
||||
url: https://2martens.de
|
||||
|
@ -10,7 +10,7 @@ sources:
|
|||
- https://git.2martens.de/2martens/wahlrecht
|
||||
dependencies:
|
||||
- name: template
|
||||
version: 0.2.1
|
||||
version: 0.4.0
|
||||
repository: file://../template
|
||||
annotations:
|
||||
artifacthub.io/images: |
|
||||
|
@ -20,8 +20,8 @@ annotations:
|
|||
- linux/amd64
|
||||
- linux/arm64
|
||||
artifacthub.io/changes: |
|
||||
- kind: added
|
||||
description: Added support for vault secrets
|
||||
- kind: changed
|
||||
description: Use restrictive security context by default
|
||||
artifacthub.io/signKey: |
|
||||
fingerprint: F0F153B65BAD467201D7544E47393ABD1F96B7C8
|
||||
url: https://mafiasi.de/pks/key/47393ABD1F96B7C8.asc
|
||||
|
|
|
@ -33,7 +33,13 @@ podSecurityContext: {}
|
|||
# fsGroup: 2000
|
||||
|
||||
# Configure security context of the application container
|
||||
securityContext: {}
|
||||
securityContext:
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
capabilities:
|
||||
drop: ['ALL']
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
# capabilities:
|
||||
# drop:
|
||||
# - ALL
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
dependencies:
|
||||
- name: template
|
||||
repository: file://../template
|
||||
version: 0.2.1
|
||||
digest: sha256:674adb8dc3e80e29b3026aa77c48f3371661f8713fad03242cedb27f7c4c6958
|
||||
generated: "2023-11-04T12:35:44.710232+01:00"
|
||||
version: 0.4.0
|
||||
digest: sha256:a075a598e4f3c78ef83e00df74dcce9d59423e03c658d9b5c9e6316285f0e7b7
|
||||
generated: "2024-02-04T22:19:56.389512+01:00"
|
||||
|
|
|
@ -2,18 +2,18 @@ apiVersion: v2
|
|||
name: zookeeper
|
||||
description: Simple Zookeeper chart to get started
|
||||
type: application
|
||||
version: 0.1.5
|
||||
version: 0.2.0
|
||||
maintainers:
|
||||
- name: Jim Martens
|
||||
url: https://2martens.de
|
||||
dependencies:
|
||||
- name: template
|
||||
version: 0.2.1
|
||||
version: 0.4.0
|
||||
repository: file://../template
|
||||
annotations:
|
||||
artifacthub.io/changes: |
|
||||
- kind: changed
|
||||
description: Updated template chart
|
||||
description: Use restrictive security context by default
|
||||
artifacthub.io/signKey: |
|
||||
fingerprint: F0F153B65BAD467201D7544E47393ABD1F96B7C8
|
||||
url: https://mafiasi.de/pks/key/47393ABD1F96B7C8.asc
|
||||
|
|
|
@ -33,7 +33,13 @@ podSecurityContext: {}
|
|||
# fsGroup: 2000
|
||||
|
||||
# Configure security context of the application container
|
||||
securityContext: {}
|
||||
securityContext:
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
capabilities:
|
||||
drop: ['ALL']
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
# capabilities:
|
||||
# drop:
|
||||
# - ALL
|
||||
|
|
Loading…
Reference in New Issue