DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Chart: Explicitly set runAsGroup. (#11679)

Browse source 
* Chart: Explicitly set `runAsGroup`.

Set a default value for the runAsGroup in container securityContexts of
the controller and default backend.

Also set the runAsGroup for opentelemetry and webhook Job container
securityContexts.

Signed-off-by: Gerald Pape <gerald@giantswarm.io>

* Apply suggestions from code review

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

---------

Signed-off-by: Gerald Pape <gerald@giantswarm.io>
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
This commit is contained in:
Gerald Pape 2024-07-29 15:27:15 +02:00 committed by GitHub
parent 04899b27a9
commit 36df47fcc4
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 44 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

11
charts/ingress-nginx/values.yaml
View file

@ -31,8 +31,12 @@ controller:
digestChroot: sha256:7cabe4bd7558bfdf5b707976d7be56fd15ffece735d7c90fc238b6eda290fd8d
pullPolicy: IfNotPresent
runAsNonRoot: true
# www-data -> uid 101
# -- This value must not be changed using the official image.
# uid=101(www-data) gid=82(www-data) groups=82(www-data)
runAsUser: 101
# -- This value must not be changed using the official image.
# uid=101(www-data) gid=82(www-data) groups=82(www-data)
runAsGroup: 82
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
@ -688,6 +692,7 @@ controller:
# containerSecurityContext:
# runAsNonRoot: true
# runAsUser: <user-id>
# runAsGroup: <group-id>
# allowPrivilegeEscalation: false
# seccompProfile:
# type: RuntimeDefault
@ -717,6 +722,7 @@ controller:
runAsNonRoot: true
# -- The image's default user, inherited from its base image `cgr.dev/chainguard/static`.
runAsUser: 65532
runAsGroup: 65532
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
@ -768,6 +774,7 @@ controller:
securityContext:
runAsNonRoot: true
runAsUser: 65532
runAsGroup: 65532
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
@ -788,6 +795,7 @@ controller:
securityContext:
runAsNonRoot: true
runAsUser: 65532
runAsGroup: 65532
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
@ -963,6 +971,7 @@ defaultBackend:
runAsNonRoot: true
# nobody user -> uid 65534
runAsUser: 65534
runAsGroup: 65534
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault