diff --git a/charts/stable/esphome/Chart.yaml b/charts/stable/esphome/Chart.yaml index bb8ee273383..99791761cc9 100644 --- a/charts/stable/esphome/Chart.yaml +++ b/charts/stable/esphome/Chart.yaml @@ -21,7 +21,7 @@ sources: - https://github.com/esphome/esphome - https://hub.docker.com/u/esphome type: application -version: 9.0.35 +version: 9.0.36 annotations: truecharts.org/catagories: | - tools diff --git a/charts/stable/esphome/questions.yaml b/charts/stable/esphome/questions.yaml index d886926d554..00340948664 100644 --- a/charts/stable/esphome/questions.yaml +++ b/charts/stable/esphome/questions.yaml @@ -295,22 +295,22 @@ questions: label: "Privileged mode" schema: type: boolean - default: false + default: true - variable: readOnlyRootFilesystem label: "ReadOnly Root Filesystem" schema: type: boolean - default: true + default: false - variable: allowPrivilegeEscalation label: "Allow Privilege Escalation" schema: type: boolean - default: false + default: true - variable: runAsNonRoot label: "runAsNonRoot" schema: type: boolean - default: true + default: false - variable: podSecurityContext group: "Security and Permissions" @@ -323,13 +323,13 @@ questions: description: "The UserID of the user running the application" schema: type: int - default: 568 + default: 0 - variable: runAsGroup label: "runAsGroup" description: The groupID this App of the user running the application" schema: type: int - default: 568 + default: 0 - variable: fsGroup label: "fsGroup" description: "The group that should own ALL storage." diff --git a/charts/stable/esphome/values.yaml b/charts/stable/esphome/values.yaml index fdcdf8d0109..8d63a3e5867 100644 --- a/charts/stable/esphome/values.yaml +++ b/charts/stable/esphome/values.yaml @@ -3,6 +3,17 @@ image: pullPolicy: IfNotPresent tag: v2021.12.3@sha256:5627e9a2b7134603a2dbc950ce9ab501ed026b106b1eee95a00f5c531e26d1ad +# App needs to run as root because of this: https://github.com/esphome/issues/issues/2752 +securityContext: + runAsNonRoot: false + readOnlyRootFilesystem: false + privileged: true + allowPrivilegeEscalation: true + +podSecurityContext: + runAsUser: 0 + runAsGroup: 0 + service: main: ports: