Commit new App releases for TrueCharts

Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
TrueCharts-Bot
2022-01-23 22:24:52 +00:00
parent ea6c0baa8d
commit 5375c87227
13 changed files with 16 additions and 12 deletions

View File

@@ -1,6 +1,15 @@
# Changelog<br>
<a name="smokeping-1.0.37"></a>
### [smokeping-1.0.37](https://github.com/truecharts/apps/compare/smokeping-1.0.36...smokeping-1.0.37) (2022-01-23)
#### Fix
* Allow priviledge escalation ([#1769](https://github.com/truecharts/apps/issues/1769))
<a name="smokeping-1.0.36"></a>
### [smokeping-1.0.36](https://github.com/truecharts/apps/compare/smokeping-1.0.35...smokeping-1.0.36) (2022-01-22)
@@ -88,12 +97,3 @@
* update helm general non-major helm releases ([#1596](https://github.com/truecharts/apps/issues/1596))
<a name="smokeping-1.0.27"></a>
### [smokeping-1.0.27](https://github.com/truecharts/apps/compare/smokeping-1.0.26...smokeping-1.0.27) (2021-12-19)
#### Chore
* Last patch bump before RC2 branch-off
* remove `editable: true` as this is the default ([#1576](https://github.com/truecharts/apps/issues/1576))

View File

@@ -3,4 +3,4 @@ dependencies:
repository: https://truecharts.org
version: 8.13.5
digest: sha256:089b20485a4e5d995aabc8ef1ecc92e55acb922e4f3f263f2b8c7bfcc26bfd8b
generated: "2022-01-22T14:15:19.425509957Z"
generated: "2022-01-23T22:22:08.833212546Z"

View File

@@ -21,7 +21,7 @@ sources:
- https://oss.oetiker.ch/smokeping/
- https://hub.docker.com/r/linuxserver/smokeping
type: application
version: 1.0.36
version: 1.0.37
annotations:
truecharts.org/catagories: |
- media

View File

@@ -21,6 +21,7 @@ You will, however, be able to use all values referenced in the common chart here
| persistence.data.mountPath | string | `"/data"` | |
| podSecurityContext.runAsGroup | int | `0` | |
| podSecurityContext.runAsUser | int | `0` | |
| securityContext.allowPrivilegeEscalation | bool | `true` | |
| securityContext.readOnlyRootFilesystem | bool | `false` | |
| securityContext.runAsNonRoot | bool | `false` | |
| service.main.ports.main.port | int | `10030` | |

View File

@@ -19,10 +19,12 @@ service:
securityContext:
readOnlyRootFilesystem: false
runAsNonRoot: false
allowPrivilegeEscalation: true
podSecurityContext:
runAsUser: 0
runAsGroup: 0
persistence:
config:
enabled: true

View File

@@ -1603,7 +1603,7 @@ questions:
label: "Allow Privilege Escalation"
schema:
type: boolean
default: false
default: true
- variable: runAsNonRoot
label: "runAsNonRoot"
schema:

View File

@@ -17,6 +17,7 @@ hide:
| Type | Misconfiguration ID | Check | Severity | Explaination | Links |
|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | <details><summary>Expand...</summary> A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node. <br> <hr> <br> Container &#39;RELEASE-NAME-smokeping&#39; of Deployment &#39;RELEASE-NAME-smokeping&#39; should set &#39;securityContext.allowPrivilegeEscalation&#39; to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv001">https://avd.aquasec.com/appshield/ksv001</a><br></details> |
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container &#39;RELEASE-NAME-smokeping&#39; of Deployment &#39;RELEASE-NAME-smokeping&#39; should add &#39;ALL&#39; to &#39;securityContext.capabilities.drop&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;RELEASE-NAME-smokeping&#39; of Deployment &#39;RELEASE-NAME-smokeping&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-smokeping&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |