From 949fc201ef42aec0050b3ece02c393b2531af171 Mon Sep 17 00:00:00 2001 From: Daniel Jacobs Date: Wed, 9 Aug 2023 08:29:40 +0200 Subject: [PATCH] [stable/kube-bench] Update kube-bench image to 0.6.17 * bump kube-bench chart version to 0.1.13 * enable configuration of the cronjob security context Signed-off-by: Daniel Jacobs --- stable/kube-bench/Chart.yaml | 4 ++-- stable/kube-bench/README.md | 5 +++-- stable/kube-bench/templates/cron.yaml | 3 +++ stable/kube-bench/values.yaml | 10 +++++++++- 4 files changed, 17 insertions(+), 5 deletions(-) diff --git a/stable/kube-bench/Chart.yaml b/stable/kube-bench/Chart.yaml index c37c1260..6880abc4 100644 --- a/stable/kube-bench/Chart.yaml +++ b/stable/kube-bench/Chart.yaml @@ -1,9 +1,9 @@ --- apiVersion: v2 -appVersion: 0.6.16 +appVersion: 0.6.17 description: "Helm chart to deploy run kube-bench as a cronjob on aks, gke or eks." name: kube-bench -version: 0.1.12 +version: 0.1.13 home: https://github.com/aquasecurity/kube-bench icon: https://raw.githubusercontent.com/aquasecurity/kube-bench/0d1bd2bbd95608957be024c12d03a0510325e5e2/docs/images/kube-bench.png sources: diff --git a/stable/kube-bench/README.md b/stable/kube-bench/README.md index 85261b56..86f7cb94 100644 --- a/stable/kube-bench/README.md +++ b/stable/kube-bench/README.md @@ -1,6 +1,6 @@ # kube-bench -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![AppVersion: 0.6.16](https://img.shields.io/badge/AppVersion-0.6.16-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![AppVersion: 0.6.17](https://img.shields.io/badge/AppVersion-0.6.17-informational?style=flat-square) Helm chart to deploy run kube-bench as a cronjob on aks, gke or eks. @@ -54,12 +54,13 @@ helm install my-release deliveryhero/kube-bench -f values.yaml | fullnameOverride | string | `""` | | | image.pullPolicy | string | `"IfNotPresent"` | | | image.repository | string | `"aquasec/kube-bench"` | | -| image.tag | string | `"v0.6.16"` | | +| image.tag | string | `"v0.6.17"` | | | nameOverride | string | `""` | | | nodeSelector | object | `{}` | | | podLabels | object | `{}` | | | provider | string | `"eks"` | | | resources | object | `{}` | | +| securityContext | object | `{}` | | | serviceAccount.annotations | object | `{}` | | | serviceAccount.create | bool | `false` | | | tolerations | list | `[]` | | diff --git a/stable/kube-bench/templates/cron.yaml b/stable/kube-bench/templates/cron.yaml index 9b7700b7..f6f79e1d 100644 --- a/stable/kube-bench/templates/cron.yaml +++ b/stable/kube-bench/templates/cron.yaml @@ -31,6 +31,9 @@ spec: {{- with .Values.volumeMounts }} volumeMounts: {{ toYaml . | nindent 16 }} {{- end }} + {{- with .Values.securityContext }} + securityContext: {{ toYaml . | nindent 16 }} + {{- end }} {{- with .Values.volumes }} volumes: {{ toYaml . | nindent 12 }} {{- end }} diff --git a/stable/kube-bench/values.yaml b/stable/kube-bench/values.yaml index b5c5e028..f0ced4bb 100644 --- a/stable/kube-bench/values.yaml +++ b/stable/kube-bench/values.yaml @@ -10,7 +10,7 @@ cronjob: image: repository: aquasec/kube-bench - tag: v0.6.16 + tag: v0.6.17 pullPolicy: IfNotPresent serviceAccount: @@ -19,6 +19,14 @@ serviceAccount: # Annotations to add to the service account annotations: {} +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true +# runAsUser: 1000 + extraLabels: {} podLabels: {} resources: {}