From a5ffab46e60b62ecce3ab84f4ef405600335f738 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Mar 2024 23:40:07 +0000 Subject: [PATCH 1/3] Bump google.golang.org/protobuf in /radix-cluster-cleanup Bumps google.golang.org/protobuf from 1.32.0 to 1.33.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: indirect ... Signed-off-by: dependabot[bot] --- radix-cluster-cleanup/go.mod | 2 +- radix-cluster-cleanup/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/radix-cluster-cleanup/go.mod b/radix-cluster-cleanup/go.mod index 732f4c9..fd498a7 100644 --- a/radix-cluster-cleanup/go.mod +++ b/radix-cluster-cleanup/go.mod @@ -59,7 +59,7 @@ require ( golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect google.golang.org/appengine v1.6.8 // indirect - google.golang.org/protobuf v1.32.0 // indirect + google.golang.org/protobuf v1.33.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/radix-cluster-cleanup/go.sum b/radix-cluster-cleanup/go.sum index c63a770..275105c 100644 --- a/radix-cluster-cleanup/go.sum +++ b/radix-cluster-cleanup/go.sum @@ -197,8 +197,8 @@ google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAs google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I= -google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= +google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= From 1fb480e69a9ccb9c75e5aef40551f6c1ddb82358 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nils=20Gustav=20Str=C3=A5b=C3=B8?= Date: Wed, 17 Apr 2024 12:44:53 +0200 Subject: [PATCH 2/3] extend chart values --- .../templates/deployment.yaml | 39 +++++++++++-------- .../templates/serviceaccount.yaml | 6 ++- charts/radix-cluster-cleanup/values.yaml | 21 ++++++++++ 3 files changed, 48 insertions(+), 18 deletions(-) diff --git a/charts/radix-cluster-cleanup/templates/deployment.yaml b/charts/radix-cluster-cleanup/templates/deployment.yaml index 44cbd5f..c802ccd 100644 --- a/charts/radix-cluster-cleanup/templates/deployment.yaml +++ b/charts/radix-cluster-cleanup/templates/deployment.yaml @@ -14,29 +14,26 @@ spec: {{- include "radix-cluster-cleanup.selectorLabels" . | nindent 6 }} template: metadata: - {{- if (.Values.metrics.enabled) }} + {{- if (.Values.metrics.enabled) }} annotations: prometheus.io/port: "8080" prometheus.io/scrape: "true" {{- if (.Values.metrics.annotations) }} {{- toYaml .Values.metrics.annotations | nindent 8 }} {{- end }} - {{- end }} + {{- end }} labels: {{- include "radix-cluster-cleanup.selectorLabels" . | nindent 8 }} spec: serviceAccountName: {{ include "radix-cluster-cleanup.serviceAccountName" . }} - {{- with .Values.imagePullSecrets }} + {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} + {{- with .Values.podSecurityContext }} securityContext: - runAsNonRoot: true - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - supplementalGroups: - - 1000 + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: {{ .Chart.Name }} env: @@ -60,19 +57,27 @@ spec: protocol: TCP resources: {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.securityContext }} securityContext: - privileged: false - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} + {{- end }} + {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/radix-cluster-cleanup/templates/serviceaccount.yaml b/charts/radix-cluster-cleanup/templates/serviceaccount.yaml index 4d9f8a9..c934ce5 100644 --- a/charts/radix-cluster-cleanup/templates/serviceaccount.yaml +++ b/charts/radix-cluster-cleanup/templates/serviceaccount.yaml @@ -4,4 +4,8 @@ metadata: name: {{ include "radix-cluster-cleanup.serviceAccountName" . }} namespace: {{ .Release.Namespace }} labels: - {{- include "radix-cluster-cleanup.labels" . | nindent 4 }} \ No newline at end of file + {{- include "radix-cluster-cleanup.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} \ No newline at end of file diff --git a/charts/radix-cluster-cleanup/values.yaml b/charts/radix-cluster-cleanup/values.yaml index 9e77080..b8a6677 100644 --- a/charts/radix-cluster-cleanup/values.yaml +++ b/charts/radix-cluster-cleanup/values.yaml @@ -14,6 +14,8 @@ serviceAccount: # The name of the service account to use. # If not set, a name is generated using the fullname template name: "" + # Annotations to add to the service account + annotations: {} image: repository: xx @@ -37,3 +39,22 @@ nodeSelector: {} tolerations: [] affinity: {} + +podSecurityContext: + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + supplementalGroups: + - 1000 + +securityContext: + privileged: false + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + +# Additional volumes to add to the radix-cluster-cleanup pod. +volumes: [] + +# Additional volume mounts to add to the radix-cluster-cleanup container. +volumeMounts: [] From c1fca10f3aaa4ab17f6fc35366d12449bf41c91c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nils=20Gustav=20Str=C3=A5b=C3=B8?= <65334626+nilsgstrabo@users.noreply.github.com> Date: Thu, 18 Apr 2024 08:22:05 +0200 Subject: [PATCH 3/3] bump chart version (#43) --- charts/radix-cluster-cleanup/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/radix-cluster-cleanup/Chart.yaml b/charts/radix-cluster-cleanup/Chart.yaml index cd82e20..88de078 100644 --- a/charts/radix-cluster-cleanup/Chart.yaml +++ b/charts/radix-cluster-cleanup/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: 1.0.11 description: A Helm chart for Kubernetes name: radix-cluster-cleanup -version: 1.0.11 +version: 1.0.12