Commit new App releases for TrueCharts
Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
@@ -1,6 +1,15 @@
|
||||
# Changelog<br>
|
||||
|
||||
|
||||
<a name="smokeping-1.0.37"></a>
|
||||
### [smokeping-1.0.37](https://github.com/truecharts/apps/compare/smokeping-1.0.36...smokeping-1.0.37) (2022-01-23)
|
||||
|
||||
#### Fix
|
||||
|
||||
* Allow priviledge escalation ([#1769](https://github.com/truecharts/apps/issues/1769))
|
||||
|
||||
|
||||
|
||||
<a name="smokeping-1.0.36"></a>
|
||||
### [smokeping-1.0.36](https://github.com/truecharts/apps/compare/smokeping-1.0.35...smokeping-1.0.36) (2022-01-22)
|
||||
|
||||
@@ -88,12 +97,3 @@
|
||||
|
||||
* update helm general non-major helm releases ([#1596](https://github.com/truecharts/apps/issues/1596))
|
||||
|
||||
|
||||
|
||||
<a name="smokeping-1.0.27"></a>
|
||||
### [smokeping-1.0.27](https://github.com/truecharts/apps/compare/smokeping-1.0.26...smokeping-1.0.27) (2021-12-19)
|
||||
|
||||
#### Chore
|
||||
|
||||
* Last patch bump before RC2 branch-off
|
||||
* remove `editable: true` as this is the default ([#1576](https://github.com/truecharts/apps/issues/1576))
|
||||
@@ -3,4 +3,4 @@ dependencies:
|
||||
repository: https://truecharts.org
|
||||
version: 8.13.5
|
||||
digest: sha256:089b20485a4e5d995aabc8ef1ecc92e55acb922e4f3f263f2b8c7bfcc26bfd8b
|
||||
generated: "2022-01-22T14:15:19.425509957Z"
|
||||
generated: "2022-01-23T22:22:08.833212546Z"
|
||||
@@ -21,7 +21,7 @@ sources:
|
||||
- https://oss.oetiker.ch/smokeping/
|
||||
- https://hub.docker.com/r/linuxserver/smokeping
|
||||
type: application
|
||||
version: 1.0.36
|
||||
version: 1.0.37
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- media
|
||||
@@ -21,6 +21,7 @@ You will, however, be able to use all values referenced in the common chart here
|
||||
| persistence.data.mountPath | string | `"/data"` | |
|
||||
| podSecurityContext.runAsGroup | int | `0` | |
|
||||
| podSecurityContext.runAsUser | int | `0` | |
|
||||
| securityContext.allowPrivilegeEscalation | bool | `true` | |
|
||||
| securityContext.readOnlyRootFilesystem | bool | `false` | |
|
||||
| securityContext.runAsNonRoot | bool | `false` | |
|
||||
| service.main.ports.main.port | int | `10030` | |
|
||||
@@ -19,10 +19,12 @@ service:
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: false
|
||||
allowPrivilegeEscalation: true
|
||||
|
||||
podSecurityContext:
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
@@ -1603,7 +1603,7 @@ questions:
|
||||
label: "Allow Privilege Escalation"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
default: true
|
||||
- variable: runAsNonRoot
|
||||
label: "runAsNonRoot"
|
||||
schema:
|
||||
@@ -17,6 +17,7 @@ hide:
|
||||
|
||||
| Type | Misconfiguration ID | Check | Severity | Explaination | Links |
|
||||
|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
|
||||
| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | <details><summary>Expand...</summary> A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node. <br> <hr> <br> Container 'RELEASE-NAME-smokeping' of Deployment 'RELEASE-NAME-smokeping' should set 'securityContext.allowPrivilegeEscalation' to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv001">https://avd.aquasec.com/appshield/ksv001</a><br></details> |
|
||||
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container 'RELEASE-NAME-smokeping' of Deployment 'RELEASE-NAME-smokeping' should add 'ALL' to 'securityContext.capabilities.drop' </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
|
||||
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container 'RELEASE-NAME-smokeping' of Deployment 'RELEASE-NAME-smokeping' should set 'securityContext.runAsNonRoot' to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
|
||||
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container 'autopermissions' of Deployment 'RELEASE-NAME-smokeping' should set 'securityContext.runAsNonRoot' to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
|
||||
Reference in New Issue
Block a user