Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[bitnami/metallb] fix: 🔒 Improve podSecurityContext and containerSecurityContext with essential security fields #22154

Merged
merged 2 commits into from
Jan 16, 2024
Merged

[bitnami/metallb] fix: 🔒 Improve podSecurityContext and containerSecurityContext with essential security fields #22154

merged 2 commits into from
Jan 16, 2024
+25 −1

Conversation

javsalgar
Copy link
Contributor

Signed-off-by: Javier Salmeron Garcia jsalmeron@vmware.com

Description of the change

This PR updates the podSecurityContext and containerSecurityContext fields by setting default values for essential security fields: seLinuxOptions, fsGroupChangePolicy, sysctls and supplementalGroups. These are required by security checklists.

Benefits

Charts become more security-compliant

Possible drawbacks

n/a

Checklist

  • Chart version bumped in Chart.yaml according to semver. This is not necessary when the changes only affect README.md files.
  • Variables are documented in the values.yaml and added to the README.md using readme-generator-for-helm
  • Title of the pull request follows this pattern [bitnami/<name_of_the_chart>] Descriptive title
  • All commits signed off and in agreement of Developer Certificate of Origin (DCO)

Sorry, something went wrong.

@javsalgar
[bitnami/metallb] fix: 🔒 Improve podSecurityContext and containerSecu…
59c756a 
…rityContext with essential security fields

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
@bitnami-bot bitnami-bot added the verify Execute verification workflow for these changes label Jan 15, 2024
@github-actions github-actions bot requested a review from jotamartos January 15, 2024 14:02
@javsalgar
chore: 🔧 Bump chart version
6ced6b3 
Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
@github-actions github-actions bot removed the request for review from jotamartos January 15, 2024 15:55
@github-actions github-actions bot requested a review from FraPazGal January 15, 2024 15:55
@javsalgar javsalgar merged commit 1c42540 into main Jan 16, 2024
@javsalgar javsalgar deleted the fix/metallb-extra-security branch January 16, 2024 09:35
jani888 pushed a commit to jani888/charts that referenced this pull request Jan 19, 2024
@javsalgar
[bitnami/metallb] fix: 🔒 Improve podSecurityContext and containerSecu…
5eff744 
…rityContext with essential security fields (bitnami#22154)

* [bitnami/metallb] fix: 🔒 Improve podSecurityContext and containerSecurityContext with essential security fields

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* chore: 🔧 Bump chart version

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

---------

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
Signed-off-by: János Hidvégi <jani.hidvegi@gmial.com>
anthosz pushed a commit to anthosz/charts that referenced this pull request Jan 23, 2024
@javsalgar @anthosz
[bitnami/metallb] fix: 🔒 Improve podSecurityContext and containerSecu…
8e42b32 
…rityContext with essential security fields (bitnami#22154)

* [bitnami/metallb] fix: 🔒 Improve podSecurityContext and containerSecurityContext with essential security fields

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* chore: 🔧 Bump chart version

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

---------

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
wsn-dev pushed a commit to wsn-dev/bitnami-charts that referenced this pull request Jan 24, 2024
@javsalgar @wsn-dev
[bitnami/metallb] fix: 🔒 Improve podSecurityContext and containerSecu…
7e0cb74 
…rityContext with essential security fields (bitnami#22154)

* [bitnami/metallb] fix: 🔒 Improve podSecurityContext and containerSecurityContext with essential security fields

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* chore: 🔧 Bump chart version

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

---------

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
grouvie pushed a commit to grouvie/charts that referenced this pull request Jan 25, 2024
@javsalgar @cedo-l
[bitnami/metallb] fix: 🔒 Improve podSecurityContext and containerSecu…
baa9f61 
…rityContext with essential security fields (bitnami#22154)

* [bitnami/metallb] fix: 🔒 Improve podSecurityContext and containerSecurityContext with essential security fields

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* chore: 🔧 Bump chart version

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

---------

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
joancafom pushed a commit to dalbani/charts that referenced this pull request Feb 22, 2024
@javsalgar @joancafom
[bitnami/metallb] fix: 🔒 Improve podSecurityContext and containerSecu…
b746678 
…rityContext with essential security fields (bitnami#22154)

* [bitnami/metallb] fix: 🔒 Improve podSecurityContext and containerSecurityContext with essential security fields

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* chore: 🔧 Bump chart version

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

---------

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
Signed-off-by: Jose Antonio Carmona <jcarmona@vmware.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FraPazGal FraPazGal

Assignees

@FraPazGal FraPazGal

Labels
bitnami metallb solved verify Execute verification workflow for these changes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@javsalgar @FraPazGal @jotamartos @bitnami-bot