Cloned2Preserve
/
TrueChartsCatalogClone
mirror of https://github.com/truecharts/catalog.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Commit new App releases for TrueCharts 

Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
TrueCharts-Bot 2021-12-13 22:20:10 +00:00
parent efa9d2cfc1
commit 359455df3a
14 changed files with 264 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
stable/scrutiny/0.0.2/CHANGELOG.md
View File

@ -1,14 +0,0 @@
# Changelog<br>
<a name="scrutiny-0.0.2"></a>
### [scrutiny-0.0.2](https://github.com/truecharts/apps/compare/scrutiny-0.0.1...scrutiny-0.0.2) (2021-12-13)
#### Chore
* move incubator apps to stable and bump everything
<a name="scrutiny-0.0.1"></a>
### scrutiny-0.0.1 (2021-12-12)

27
stable/scrutiny/0.0.3/CHANGELOG.md Normal file
View File

@ -0,0 +1,27 @@
# Changelog<br>
<a name="scrutiny-0.0.3"></a>
### [scrutiny-0.0.3](https://github.com/truecharts/apps/compare/scrutiny-0.0.2...scrutiny-0.0.3) (2021-12-13)
#### Feat
* add the new buttons ([#1532](https://github.com/truecharts/apps/issues/1532))
#### Fix
* fix storage and envs ([#1530](https://github.com/truecharts/apps/issues/1530))
<a name="scrutiny-0.0.2"></a>
### [scrutiny-0.0.2](https://github.com/truecharts/apps/compare/scrutiny-0.0.1...scrutiny-0.0.2) (2021-12-13)
#### Chore
* move incubator apps to stable and bump everything
<a name="scrutiny-0.0.1"></a>
### scrutiny-0.0.1 (2021-12-12)

0
stable/scrutiny/0.0.2/CONFIG.md → stable/scrutiny/0.0.3/CONFIG.md
View File

2
stable/scrutiny/0.0.2/Chart.lock → stable/scrutiny/0.0.3/Chart.lock
View File

@ -3,4 +3,4 @@ dependencies:
repository: https://truecharts.org
version: 8.9.16
digest: sha256:ef00b9bcc5bd3a8688faa1a5508da1db6f35ec96c95736a989771d30e96c3a13
generated: "2021-12-13T12:30:09.987320995Z"
generated: "2021-12-13T22:17:15.416040584Z"

2
stable/scrutiny/0.0.2/Chart.yaml → stable/scrutiny/0.0.3/Chart.yaml
View File

@ -1,7 +1,7 @@
apiVersion: v2
kubeVersion: ">=1.16.0-0"
name: scrutiny
version: 0.0.2
version: 0.0.3
appVersion: "2021.11.18"
description: Scrutiny WebUI for smartd S.M.A.R.T monitoring. Scrutiny is a Hard Drive Health Dashboard & Monitoring solution.
type: application

0
stable/scrutiny/0.0.2/README.md → stable/scrutiny/0.0.3/README.md
View File

0
stable/scrutiny/0.0.2/app-readme.md → stable/scrutiny/0.0.3/app-readme.md
View File

0
stable/scrutiny/0.0.2/charts/common-8.9.16.tgz → stable/scrutiny/0.0.3/charts/common-8.9.16.tgz
View File

6
stable/scrutiny/0.0.2/helm-values.md → stable/scrutiny/0.0.3/helm-values.md
View File

@ -12,11 +12,16 @@ You will, however, be able to use all values referenced in the common chart here
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| env.PUID | int | `568` | |
| env.SCRUTINY_API_ENDPOINT | string | `"http://localhost:8080"` | |
| env.SCRUTINY_COLLECTOR | bool | `true` | |
| env.SCRUTINY_WEB | bool | `true` | |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.repository | string | `"tccr.io/truecharts/scrutiny"` | |
| image.tag | string | `"v2021.11.18"` | |
| persistence.config.enabled | bool | `true` | |
| persistence.config.mountPath | string | `"/scrutiny/config"` | |
| persistence.data.enabled | bool | `true` | |
| persistence.data.mountPath | string | `"/config"` | |
| persistence.udev.hostPath | string | `"/run/udev"` | |
| persistence.udev.mountPath | string | `"/run/udev"` | |
| persistence.udev.readOnly | bool | `true` | |
@ -26,6 +31,7 @@ You will, however, be able to use all values referenced in the common chart here
| podSecurityContext.runAsUser | int | `0` | |
| securityContext.allowPrivilegeEscalation | bool | `true` | |
| securityContext.privileged | bool | `true` | |
| securityContext.readOnlyRootFilesystem | bool | `false` | |
| securityContext.runAsNonRoot | bool | `false` | |
| service.main.ports.main.port | int | `10151` | |
| service.main.ports.main.targetPort | int | `8080` | |

7
stable/scrutiny/0.0.2/ix_values.yaml → stable/scrutiny/0.0.3/ix_values.yaml
View File

@ -7,6 +7,7 @@ securityContext:
runAsNonRoot: false
privileged: true
allowPrivilegeEscalation: true
readOnlyRootFilesystem: false
podSecurityContext:
runAsUser: 0
@ -14,6 +15,9 @@ podSecurityContext:
env:
PUID: 568
SCRUTINY_WEB: true
SCRUTINY_COLLECTOR: true
SCRUTINY_API_ENDPOINT: "http://localhost:8080"
service:
main:
@ -28,6 +32,9 @@ persistence:
config:
enabled: true
mountPath: "/scrutiny/config"
data:
enabled: true
mountPath: "/config"
udev:
type: hostPath
hostPath: /run/udev

200
stable/scrutiny/0.0.2/questions.yaml → stable/scrutiny/0.0.3/questions.yaml
View File

@ -195,7 +195,29 @@ questions:
schema:
type: string
default: "002"
- variable: GIN_MODE
label: "GIN_MODE"
schema:
type: string
default: "release"
required: true
enum:
- value: "release"
description: "release"
- value: "debug"
description: "debug"
- variable: SCRUTINY_WEB
label: "SCRUTINY_WEB"
description: "SCRUTINY_WEB"
schema:
type: boolean
default: true
- variable: SCRUTINY_COLLECTOR
label: "SCRUTINY_COLLECTOR"
description: "SCRUTINY_COLLECTOR"
schema:
type: boolean
default: true
- variable: envList
label: "Image environment"
group: "Container Configuration"
@ -758,6 +780,180 @@ questions:
label: "Value"
schema:
type: string
- variable: data
label: "App data Storage"
description: "Stores the Application data."
schema:
type: dict
attrs:
- variable: enabled
label: "Enable the storage"
schema:
type: boolean
default: true
hidden: true
- variable: type
label: "Type of Storage"
description: "Sets the persistence type, Anything other than PVC could break rollback!"
schema:
type: string
default: "simplePVC"
enum:
- value: "simplePVC"
description: "PVC (simple)"
- value: "simpleHP"
description: "HostPath (simple)"
- value: "emptyDir"
description: "emptyDir"
- value: "pvc"
description: "pvc"
- value: "hostPath"
description: "hostPath"
- variable: setPermissionsSimple
label: "Automatic Permissions"
description: "Automatically set permissions on install"
schema:
show_if: [["type", "=", "simpleHP"]]
type: boolean
default: true
- variable: setPermissions
label: "Automatic Permissions"
description: "Automatically set permissions on install"
schema:
show_if: [["type", "=", "hostPath"]]
type: boolean
default: true
- variable: readOnly
label: "readOnly"
schema:
type: boolean
default: false
- variable: hostPathSimple
label: "hostPath"
description: "Path inside the container the storage is mounted"
schema:
show_if: [["type", "=", "simpleHP"]]
type: hostpath
- variable: hostPath
label: "hostPath"
description: "Path inside the container the storage is mounted"
schema:
show_if: [["type", "=", "hostPath"]]
type: hostpath
- variable: mountPath
label: "mountPath"
description: "Path inside the container the storage is mounted"
schema:
type: string
default: "/config"
hidden: true
valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$'
- variable: medium
label: "EmptyDir Medium"
schema:
show_if: [["type", "=", "emptyDir"]]
type: string
default: ""
enum:
- value: ""
description: "Default"
- value: "Memory"
description: "Memory"
- variable: size
label: "Size quotum of storage"
schema:
show_if: [["type", "=", "pvc"]]
type: string
default: "999Gi"
- variable: hostPathType
label: "(Advanced) hostPath Type"
schema:
show_if: [["type", "=", "hostPath"]]
type: string
default: ""
enum:
- value: ""
description: "Default"
- value: "DirectoryOrCreate"
description: "DirectoryOrCreate"
- value: "Directory"
description: "Directory"
- value: "FileOrCreate"
description: "FileOrCreate"
- value: "File"
description: "File"
- value: "Socket"
description: "Socket"
- value: "CharDevice"
description: "CharDevice"
- value: "BlockDevice"
description: "BlockDevice"
- variable: storageClass
label: "(Advanced) storageClass"
description: "Warning: Anything other than SCALE-ZFS or empty will break rollback!"
schema:
show_if: [["type", "=", "pvc"]]
type: string
default: "SCALE-ZFS"
- variable: accessMode
label: "(Advanced) Access Mode"
description: "Allow or disallow multiple PVC's writhing to the same PV"
schema:
show_if: [["type", "=", "pvc"]]
type: string
default: "ReadWriteOnce"
enum:
- value: "ReadWriteOnce"
description: "ReadWriteOnce"
- value: "ReadOnlyMany"
description: "ReadOnlyMany"
- value: "ReadWriteMany"
description: "ReadWriteMany"
- variable: advanced
label: "Show Advanced Options"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: labelsList
label: "Labels"
schema:
type: list
default: []
items:
- variable: labelItem
label: "Label"
schema:
type: dict
attrs:
- variable: name
label: "Name"
schema:
type: string
- variable: value
label: "Value"
schema:
type: string
- variable: annotationsList
label: "Annotations"
schema:
type: list
default: []
items:
- variable: annotationItem
label: "Label"
schema:
type: dict
attrs:
- variable: name
label: "Name"
schema:
type: string
- variable: value
label: "Value"
schema:
type: string
- variable: persistenceList
label: "Additional app storage"
@ -1304,7 +1500,7 @@ questions:
label: "ReadOnly Root Filesystem"
schema:
type: boolean
default: true
default: false
- variable: allowPrivilegeEscalation
label: "Allow Privilege Escalation"
schema:

24
stable/scrutiny/0.0.2/security.md → stable/scrutiny/0.0.3/security.md
View File

@ -22,6 +22,7 @@ hide:
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;RELEASE-NAME-scrutiny&#39; of Deployment &#39;RELEASE-NAME-scrutiny&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-scrutiny&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV013 | Image tag &#39;:latest&#39; used | LOW | <details><summary>Expand...</summary> It is best to avoid using the &#39;:latest&#39; image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-scrutiny&#39; should specify an image tag </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/configuration/overview/#container-images">https://kubernetes.io/docs/concepts/configuration/overview/#container-images</a><br><a href="https://avd.aquasec.com/appshield/ksv013">https://avd.aquasec.com/appshield/ksv013</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;RELEASE-NAME-scrutiny&#39; of Deployment &#39;RELEASE-NAME-scrutiny&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-scrutiny&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV017 | Privileged container | HIGH | <details><summary>Expand...</summary> Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges. <br> <hr> <br> Container &#39;RELEASE-NAME-scrutiny&#39; of Deployment &#39;RELEASE-NAME-scrutiny&#39; should set &#39;securityContext.privileged&#39; to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline">https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline</a><br><a href="https://avd.aquasec.com/appshield/ksv017">https://avd.aquasec.com/appshield/ksv017</a><br></details> |
| Kubernetes Security Check | KSV019 | Seccomp policies disabled | MEDIUM | <details><summary>Expand...</summary> A program inside the container can bypass Seccomp protection policies. <br> <hr> <br> Container &#39;RELEASE-NAME-scrutiny&#39; of Deployment &#39;RELEASE-NAME-scrutiny&#39; should specify a seccomp profile </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/metadata-annotations-container-seccomp-security-alpha-kubernetes-io-pod/">https://kubesec.io/basics/metadata-annotations-container-seccomp-security-alpha-kubernetes-io-pod/</a><br><a href="https://avd.aquasec.com/appshield/ksv019">https://avd.aquasec.com/appshield/ksv019</a><br></details> |
@ -74,4 +75,27 @@ hide:
| ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
#### Container: usr/local/bin/scrutiny
**gobinary**
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| golang.org/x/crypto | CVE-2020-29652 | HIGH | v0.0.0-20200622213623-75b288015ac9 | v0.0.0-20201216223049-8b5274cf687f | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652</a><br><a href="https://go-review.googlesource.com/c/crypto/+/278852">https://go-review.googlesource.com/c/crypto/+/278852</a><br><a href="https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1">https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1</a><br><a href="https://linux.oracle.com/cve/CVE-2020-29652.html">https://linux.oracle.com/cve/CVE-2020-29652.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-1796.html">https://linux.oracle.com/errata/ELSA-2021-1796.html</a><br><a href="https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E">https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-29652">https://nvd.nist.gov/vuln/detail/CVE-2020-29652</a><br></details> |
**gobinary**
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| golang.org/x/crypto | CVE-2020-29652 | HIGH | v0.0.0-20200622213623-75b288015ac9 | v0.0.0-20201216223049-8b5274cf687f | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652</a><br><a href="https://go-review.googlesource.com/c/crypto/+/278852">https://go-review.googlesource.com/c/crypto/+/278852</a><br><a href="https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1">https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1</a><br><a href="https://linux.oracle.com/cve/CVE-2020-29652.html">https://linux.oracle.com/cve/CVE-2020-29652.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-1796.html">https://linux.oracle.com/errata/ELSA-2021-1796.html</a><br><a href="https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E">https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-29652">https://nvd.nist.gov/vuln/detail/CVE-2020-29652</a><br></details> |
**gobinary**
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| golang.org/x/crypto | CVE-2020-29652 | HIGH | v0.0.0-20200622213623-75b288015ac9 | v0.0.0-20201216223049-8b5274cf687f | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652</a><br><a href="https://go-review.googlesource.com/c/crypto/+/278852">https://go-review.googlesource.com/c/crypto/+/278852</a><br><a href="https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1">https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1</a><br><a href="https://linux.oracle.com/cve/CVE-2020-29652.html">https://linux.oracle.com/cve/CVE-2020-29652.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-1796.html">https://linux.oracle.com/errata/ELSA-2021-1796.html</a><br><a href="https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E">https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-29652">https://nvd.nist.gov/vuln/detail/CVE-2020-29652</a><br></details> |

0
stable/scrutiny/0.0.2/templates/common.yaml → stable/scrutiny/0.0.3/templates/common.yaml
View File

0
stable/scrutiny/0.0.2/values.yaml → stable/scrutiny/0.0.3/values.yaml
View File