From 844d107d342f7a4d00f513a0ee721d13b33ddcdd Mon Sep 17 00:00:00 2001 From: Christian Kotzbauer Date: Sat, 20 Apr 2024 10:23:52 +0200 Subject: [PATCH] feat: add podAnnotations and add dsAnnotation configurable close #193 Signed-off-by: Christian Kotzbauer --- charts/access-manager/Chart.yaml | 2 +- charts/access-manager/README.md | 1 + charts/access-manager/templates/deployment.yaml | 4 ++++ charts/access-manager/values.yaml | 2 ++ charts/cadvisor/Chart.yaml | 2 +- charts/cadvisor/README.md | 1 + charts/cadvisor/templates/daemonset.yaml | 4 +++- charts/cadvisor/values.yaml | 3 +++ charts/sbom-operator/Chart.yaml | 2 +- charts/sbom-operator/README.md | 1 + charts/sbom-operator/templates/deployment.yaml | 4 ++++ charts/sbom-operator/values.yaml | 2 ++ charts/vulnerability-operator/Chart.yaml | 2 +- charts/vulnerability-operator/README.md | 1 + charts/vulnerability-operator/templates/deployment.yaml | 4 ++++ charts/vulnerability-operator/values.yaml | 2 ++ 16 files changed, 32 insertions(+), 5 deletions(-) diff --git a/charts/access-manager/Chart.yaml b/charts/access-manager/Chart.yaml index 83b252d..84e014a 100644 --- a/charts/access-manager/Chart.yaml +++ b/charts/access-manager/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Kubernetes-Operator to simplify RBAC configurations name: access-manager -version: 0.14.0 +version: 0.14.1 appVersion: 0.13.0 home: https://github.com/ckotzbauer/access-manager sources: diff --git a/charts/access-manager/README.md b/charts/access-manager/README.md index 3f72e27..7828100 100644 --- a/charts/access-manager/README.md +++ b/charts/access-manager/README.md @@ -50,6 +50,7 @@ The following table lists the configurable parameters of the Access-Manager char | `podAnnotations` | annotations to add to each pod | `{}` | | `priorityClassName` | priority class name for the pod | `""` | | `resources` | pod resource requests & limits | See [values.yaml](values.yaml) | +| `podSecurityContext` | pod securityContext | See [values.yaml](values.yaml) | | `securityContext` | container securityContext | See [values.yaml](values.yaml) | | `serviceAccount.create` | Should we create a ServiceAccount | `true` | | `serviceAccount.name` | Name of the ServiceAccount to use | null | diff --git a/charts/access-manager/templates/deployment.yaml b/charts/access-manager/templates/deployment.yaml index 39ca287..1ed204a 100644 --- a/charts/access-manager/templates/deployment.yaml +++ b/charts/access-manager/templates/deployment.yaml @@ -49,5 +49,9 @@ spec: {{- end }} {{- with .Values.tolerations }} tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.podSecurityContext }} + securityContext: {{ toYaml . | indent 8 }} {{- end }} diff --git a/charts/access-manager/values.yaml b/charts/access-manager/values.yaml index 50639c2..5bb240a 100644 --- a/charts/access-manager/values.yaml +++ b/charts/access-manager/values.yaml @@ -21,6 +21,8 @@ resources: cpu: 50m memory: 128Mi +podSecurityContext: {} + securityContext: privileged: false runAsUser: 1001 diff --git a/charts/cadvisor/Chart.yaml b/charts/cadvisor/Chart.yaml index 8ae4dd0..a55c264 100644 --- a/charts/cadvisor/Chart.yaml +++ b/charts/cadvisor/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: A chart for a Cadvisor deployment name: cadvisor -version: 2.3.2 +version: 2.3.3 appVersion: 0.49.1 home: https://github.com/google/cadvisor sources: diff --git a/charts/cadvisor/README.md b/charts/cadvisor/README.md index 8e49852..f9c72f1 100644 --- a/charts/cadvisor/README.md +++ b/charts/cadvisor/README.md @@ -60,6 +60,7 @@ The following table lists the configurable parameters of the cAdvisor chart and | `resources` | pod resource requests & limits | `{}` | | `serviceAccount.create` | create a own serviceAccount for the pod | `true` | | `serviceAccount.name` | name of the serviceAccount to create | `""` | +| `daemonsetAnnotations` | annotations for the daemonset | `{}` | | `podAnnotations` | annotations for the daemonset pods | `{}` | | `podLabels` | labels for the daemonset pods | `{}` | | `priorityClassName` | priority classes name for the pod | `{}` | diff --git a/charts/cadvisor/templates/daemonset.yaml b/charts/cadvisor/templates/daemonset.yaml index 4627506..d9b6030 100644 --- a/charts/cadvisor/templates/daemonset.yaml +++ b/charts/cadvisor/templates/daemonset.yaml @@ -3,8 +3,10 @@ kind: DaemonSet metadata: name: {{ template "cadvisor.name" . }} namespace: {{ .Release.Namespace }} + {{- with .Values.daemonsetAnnotations }} annotations: - seccomp.security.alpha.kubernetes.io/pod: 'docker/default' +{{ toYaml . | indent 4 }} + {{- end }} labels: app: {{ template "cadvisor.name" . }} chart: {{ template "cadvisor.chart" . }} diff --git a/charts/cadvisor/values.yaml b/charts/cadvisor/values.yaml index 35f2807..57fe601 100644 --- a/charts/cadvisor/values.yaml +++ b/charts/cadvisor/values.yaml @@ -50,6 +50,9 @@ resources: {} podAnnotations: {} podLabels: {} +daemonsetAnnotations: + seccomp.security.alpha.kubernetes.io/pod: 'docker/default' + # priorityClassName: system-cluster-critical priorityClassName: {} diff --git a/charts/sbom-operator/Chart.yaml b/charts/sbom-operator/Chart.yaml index 392d8e3..ab5605d 100644 --- a/charts/sbom-operator/Chart.yaml +++ b/charts/sbom-operator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: Catalogue all images of a Kubernetes cluster to multiple targets with Syft name: sbom-operator -version: 0.33.0 +version: 0.33.1 appVersion: 0.32.0 home: https://github.com/ckotzbauer/sbom-operator sources: diff --git a/charts/sbom-operator/README.md b/charts/sbom-operator/README.md index 2bd362b..f1c7d08 100644 --- a/charts/sbom-operator/README.md +++ b/charts/sbom-operator/README.md @@ -42,6 +42,7 @@ The following table lists the configurable parameters of the sbom-operator chart | `podAnnotations` | annotations to add to each pod | `{}` | | `priorityClassName` | priority class name for the pod | `""` | | `resources` | pod resource requests & limits | See [values.yaml](values.yaml) | +| `podSecurityContext` | pod securityContext | See [values.yaml](values.yaml) | | `securityContext` | container securityContext | See [values.yaml](values.yaml) | | `serviceAccount.create` | Should we create a ServiceAccount | `true` | | `serviceAccount.name` | Name of the ServiceAccount to use | null | diff --git a/charts/sbom-operator/templates/deployment.yaml b/charts/sbom-operator/templates/deployment.yaml index 588d2aa..680d348 100644 --- a/charts/sbom-operator/templates/deployment.yaml +++ b/charts/sbom-operator/templates/deployment.yaml @@ -99,5 +99,9 @@ spec: {{- end }} {{- with .Values.tolerations }} tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.podSecurityContext }} + securityContext: {{ toYaml . | indent 8 }} {{- end }} diff --git a/charts/sbom-operator/values.yaml b/charts/sbom-operator/values.yaml index 32e8b35..5c4e275 100644 --- a/charts/sbom-operator/values.yaml +++ b/charts/sbom-operator/values.yaml @@ -26,6 +26,8 @@ resources: {} # cpu: 100m # memory: 100Mi +podSecurityContext: {} + securityContext: privileged: false runAsUser: 1001 diff --git a/charts/vulnerability-operator/Chart.yaml b/charts/vulnerability-operator/Chart.yaml index 3b3a228..eeba811 100644 --- a/charts/vulnerability-operator/Chart.yaml +++ b/charts/vulnerability-operator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: Scans SBOMs for vulnerabilities name: vulnerability-operator -version: 0.25.0 +version: 0.25.1 appVersion: 0.23.0 home: https://github.com/ckotzbauer/vulnerability-operator sources: diff --git a/charts/vulnerability-operator/README.md b/charts/vulnerability-operator/README.md index f60010e..a18f36e 100644 --- a/charts/vulnerability-operator/README.md +++ b/charts/vulnerability-operator/README.md @@ -46,6 +46,7 @@ The following table lists the configurable parameters of the vulnerability-opera | `resources` | pod resource requests & limits | See [values.yaml](values.yaml) | | `extraVolumes` | Extra volumes (needed for GithubApp PK). | `[]` | | `extraVolumeMounts` | Extra volume mounts | `[]` | +| `podSecurityContext` | pod securityContext | See [values.yaml](values.yaml) | | `securityContext` | container securityContext | See [values.yaml](values.yaml) | | `serviceAccount.create` | Should we create a ServiceAccount | `true` | | `serviceAccount.name` | Name of the ServiceAccount to use | null | diff --git a/charts/vulnerability-operator/templates/deployment.yaml b/charts/vulnerability-operator/templates/deployment.yaml index d8f725d..f1e618c 100644 --- a/charts/vulnerability-operator/templates/deployment.yaml +++ b/charts/vulnerability-operator/templates/deployment.yaml @@ -108,5 +108,9 @@ spec: {{- end }} {{- with .Values.tolerations }} tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.podSecurityContext }} + securityContext: {{ toYaml . | indent 8 }} {{- end }} diff --git a/charts/vulnerability-operator/values.yaml b/charts/vulnerability-operator/values.yaml index bed998c..0059fe7 100644 --- a/charts/vulnerability-operator/values.yaml +++ b/charts/vulnerability-operator/values.yaml @@ -60,6 +60,8 @@ resources: {} # cpu: 100m # memory: 100Mi +podSecurityContext: {} + securityContext: capabilities: drop: