diff --git a/stable/scrutiny/0.0.2/CHANGELOG.md b/stable/scrutiny/0.0.2/CHANGELOG.md
deleted file mode 100644
index 300ea111e3a..00000000000
--- a/stable/scrutiny/0.0.2/CHANGELOG.md
+++ /dev/null
@@ -1,14 +0,0 @@
-# Changelog
-
-
-
-### [scrutiny-0.0.2](https://github.com/truecharts/apps/compare/scrutiny-0.0.1...scrutiny-0.0.2) (2021-12-13)
-
-#### Chore
-
-* move incubator apps to stable and bump everything
-
-
-
-
-### scrutiny-0.0.1 (2021-12-12)
diff --git a/stable/scrutiny/0.0.3/CHANGELOG.md b/stable/scrutiny/0.0.3/CHANGELOG.md
new file mode 100644
index 00000000000..5115df323aa
--- /dev/null
+++ b/stable/scrutiny/0.0.3/CHANGELOG.md
@@ -0,0 +1,27 @@
+# Changelog
+
+
+
+### [scrutiny-0.0.3](https://github.com/truecharts/apps/compare/scrutiny-0.0.2...scrutiny-0.0.3) (2021-12-13)
+
+#### Feat
+
+* add the new buttons ([#1532](https://github.com/truecharts/apps/issues/1532))
+
+#### Fix
+
+* fix storage and envs ([#1530](https://github.com/truecharts/apps/issues/1530))
+
+
+
+
+### [scrutiny-0.0.2](https://github.com/truecharts/apps/compare/scrutiny-0.0.1...scrutiny-0.0.2) (2021-12-13)
+
+#### Chore
+
+* move incubator apps to stable and bump everything
+
+
+
+
+### scrutiny-0.0.1 (2021-12-12)
diff --git a/stable/scrutiny/0.0.2/CONFIG.md b/stable/scrutiny/0.0.3/CONFIG.md
similarity index 100%
rename from stable/scrutiny/0.0.2/CONFIG.md
rename to stable/scrutiny/0.0.3/CONFIG.md
diff --git a/stable/scrutiny/0.0.2/Chart.lock b/stable/scrutiny/0.0.3/Chart.lock
similarity index 78%
rename from stable/scrutiny/0.0.2/Chart.lock
rename to stable/scrutiny/0.0.3/Chart.lock
index 2d8f7e26294..6cf894bf9e8 100644
--- a/stable/scrutiny/0.0.2/Chart.lock
+++ b/stable/scrutiny/0.0.3/Chart.lock
@@ -3,4 +3,4 @@ dependencies:
repository: https://truecharts.org
version: 8.9.16
digest: sha256:ef00b9bcc5bd3a8688faa1a5508da1db6f35ec96c95736a989771d30e96c3a13
-generated: "2021-12-13T12:30:09.987320995Z"
+generated: "2021-12-13T22:17:15.416040584Z"
diff --git a/stable/scrutiny/0.0.2/Chart.yaml b/stable/scrutiny/0.0.3/Chart.yaml
similarity index 98%
rename from stable/scrutiny/0.0.2/Chart.yaml
rename to stable/scrutiny/0.0.3/Chart.yaml
index f3927c319ad..ee0d3e3feb5 100644
--- a/stable/scrutiny/0.0.2/Chart.yaml
+++ b/stable/scrutiny/0.0.3/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v2
kubeVersion: ">=1.16.0-0"
name: scrutiny
-version: 0.0.2
+version: 0.0.3
appVersion: "2021.11.18"
description: Scrutiny WebUI for smartd S.M.A.R.T monitoring. Scrutiny is a Hard Drive Health Dashboard & Monitoring solution.
type: application
diff --git a/stable/scrutiny/0.0.2/README.md b/stable/scrutiny/0.0.3/README.md
similarity index 100%
rename from stable/scrutiny/0.0.2/README.md
rename to stable/scrutiny/0.0.3/README.md
diff --git a/stable/scrutiny/0.0.2/app-readme.md b/stable/scrutiny/0.0.3/app-readme.md
similarity index 100%
rename from stable/scrutiny/0.0.2/app-readme.md
rename to stable/scrutiny/0.0.3/app-readme.md
diff --git a/stable/scrutiny/0.0.2/charts/common-8.9.16.tgz b/stable/scrutiny/0.0.3/charts/common-8.9.16.tgz
similarity index 100%
rename from stable/scrutiny/0.0.2/charts/common-8.9.16.tgz
rename to stable/scrutiny/0.0.3/charts/common-8.9.16.tgz
diff --git a/stable/scrutiny/0.0.2/helm-values.md b/stable/scrutiny/0.0.3/helm-values.md
similarity index 83%
rename from stable/scrutiny/0.0.2/helm-values.md
rename to stable/scrutiny/0.0.3/helm-values.md
index e2624618af4..d8cdc73efaa 100644
--- a/stable/scrutiny/0.0.2/helm-values.md
+++ b/stable/scrutiny/0.0.3/helm-values.md
@@ -12,11 +12,16 @@ You will, however, be able to use all values referenced in the common chart here
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| env.PUID | int | `568` | |
+| env.SCRUTINY_API_ENDPOINT | string | `"http://localhost:8080"` | |
+| env.SCRUTINY_COLLECTOR | bool | `true` | |
+| env.SCRUTINY_WEB | bool | `true` | |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.repository | string | `"tccr.io/truecharts/scrutiny"` | |
| image.tag | string | `"v2021.11.18"` | |
| persistence.config.enabled | bool | `true` | |
| persistence.config.mountPath | string | `"/scrutiny/config"` | |
+| persistence.data.enabled | bool | `true` | |
+| persistence.data.mountPath | string | `"/config"` | |
| persistence.udev.hostPath | string | `"/run/udev"` | |
| persistence.udev.mountPath | string | `"/run/udev"` | |
| persistence.udev.readOnly | bool | `true` | |
@@ -26,6 +31,7 @@ You will, however, be able to use all values referenced in the common chart here
| podSecurityContext.runAsUser | int | `0` | |
| securityContext.allowPrivilegeEscalation | bool | `true` | |
| securityContext.privileged | bool | `true` | |
+| securityContext.readOnlyRootFilesystem | bool | `false` | |
| securityContext.runAsNonRoot | bool | `false` | |
| service.main.ports.main.port | int | `10151` | |
| service.main.ports.main.targetPort | int | `8080` | |
diff --git a/stable/scrutiny/0.0.2/ix_values.yaml b/stable/scrutiny/0.0.3/ix_values.yaml
similarity index 75%
rename from stable/scrutiny/0.0.2/ix_values.yaml
rename to stable/scrutiny/0.0.3/ix_values.yaml
index 12cdfdc3d31..81d7d32587f 100644
--- a/stable/scrutiny/0.0.2/ix_values.yaml
+++ b/stable/scrutiny/0.0.3/ix_values.yaml
@@ -7,6 +7,7 @@ securityContext:
runAsNonRoot: false
privileged: true
allowPrivilegeEscalation: true
+ readOnlyRootFilesystem: false
podSecurityContext:
runAsUser: 0
@@ -14,6 +15,9 @@ podSecurityContext:
env:
PUID: 568
+ SCRUTINY_WEB: true
+ SCRUTINY_COLLECTOR: true
+ SCRUTINY_API_ENDPOINT: "http://localhost:8080"
service:
main:
@@ -28,6 +32,9 @@ persistence:
config:
enabled: true
mountPath: "/scrutiny/config"
+ data:
+ enabled: true
+ mountPath: "/config"
udev:
type: hostPath
hostPath: /run/udev
diff --git a/stable/scrutiny/0.0.2/questions.yaml b/stable/scrutiny/0.0.3/questions.yaml
similarity index 90%
rename from stable/scrutiny/0.0.2/questions.yaml
rename to stable/scrutiny/0.0.3/questions.yaml
index effaf0fbd4c..ff513aeb439 100644
--- a/stable/scrutiny/0.0.2/questions.yaml
+++ b/stable/scrutiny/0.0.3/questions.yaml
@@ -195,7 +195,29 @@ questions:
schema:
type: string
default: "002"
-
+ - variable: GIN_MODE
+ label: "GIN_MODE"
+ schema:
+ type: string
+ default: "release"
+ required: true
+ enum:
+ - value: "release"
+ description: "release"
+ - value: "debug"
+ description: "debug"
+ - variable: SCRUTINY_WEB
+ label: "SCRUTINY_WEB"
+ description: "SCRUTINY_WEB"
+ schema:
+ type: boolean
+ default: true
+ - variable: SCRUTINY_COLLECTOR
+ label: "SCRUTINY_COLLECTOR"
+ description: "SCRUTINY_COLLECTOR"
+ schema:
+ type: boolean
+ default: true
- variable: envList
label: "Image environment"
group: "Container Configuration"
@@ -758,6 +780,180 @@ questions:
label: "Value"
schema:
type: string
+ - variable: data
+ label: "App data Storage"
+ description: "Stores the Application data."
+ schema:
+ type: dict
+ attrs:
+ - variable: enabled
+ label: "Enable the storage"
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: type
+ label: "Type of Storage"
+ description: "Sets the persistence type, Anything other than PVC could break rollback!"
+ schema:
+ type: string
+ default: "simplePVC"
+ enum:
+ - value: "simplePVC"
+ description: "PVC (simple)"
+ - value: "simpleHP"
+ description: "HostPath (simple)"
+ - value: "emptyDir"
+ description: "emptyDir"
+ - value: "pvc"
+ description: "pvc"
+ - value: "hostPath"
+ description: "hostPath"
+ - variable: setPermissionsSimple
+ label: "Automatic Permissions"
+ description: "Automatically set permissions on install"
+ schema:
+ show_if: [["type", "=", "simpleHP"]]
+ type: boolean
+ default: true
+ - variable: setPermissions
+ label: "Automatic Permissions"
+ description: "Automatically set permissions on install"
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: boolean
+ default: true
+ - variable: readOnly
+ label: "readOnly"
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPathSimple
+ label: "hostPath"
+ description: "Path inside the container the storage is mounted"
+ schema:
+ show_if: [["type", "=", "simpleHP"]]
+ type: hostpath
+ - variable: hostPath
+ label: "hostPath"
+ description: "Path inside the container the storage is mounted"
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: hostpath
+ - variable: mountPath
+ label: "mountPath"
+ description: "Path inside the container the storage is mounted"
+ schema:
+ type: string
+ default: "/config"
+ hidden: true
+ valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$'
+ - variable: medium
+ label: "EmptyDir Medium"
+ schema:
+ show_if: [["type", "=", "emptyDir"]]
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: "Default"
+ - value: "Memory"
+ description: "Memory"
+ - variable: size
+ label: "Size quotum of storage"
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: "999Gi"
+ - variable: hostPathType
+ label: "(Advanced) hostPath Type"
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: "Default"
+ - value: "DirectoryOrCreate"
+ description: "DirectoryOrCreate"
+ - value: "Directory"
+ description: "Directory"
+ - value: "FileOrCreate"
+ description: "FileOrCreate"
+ - value: "File"
+ description: "File"
+ - value: "Socket"
+ description: "Socket"
+ - value: "CharDevice"
+ description: "CharDevice"
+ - value: "BlockDevice"
+ description: "BlockDevice"
+ - variable: storageClass
+ label: "(Advanced) storageClass"
+ description: "Warning: Anything other than SCALE-ZFS or empty will break rollback!"
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: "SCALE-ZFS"
+ - variable: accessMode
+ label: "(Advanced) Access Mode"
+ description: "Allow or disallow multiple PVC's writhing to the same PV"
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: "ReadWriteOnce"
+ enum:
+ - value: "ReadWriteOnce"
+ description: "ReadWriteOnce"
+ - value: "ReadOnlyMany"
+ description: "ReadOnlyMany"
+ - value: "ReadWriteMany"
+ description: "ReadWriteMany"
+ - variable: advanced
+ label: "Show Advanced Options"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: labelsList
+ label: "Labels"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: labelItem
+ label: "Label"
+ schema:
+ type: dict
+ attrs:
+ - variable: name
+ label: "Name"
+ schema:
+ type: string
+ - variable: value
+ label: "Value"
+ schema:
+ type: string
+ - variable: annotationsList
+ label: "Annotations"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: annotationItem
+ label: "Label"
+ schema:
+ type: dict
+ attrs:
+ - variable: name
+ label: "Name"
+ schema:
+ type: string
+ - variable: value
+ label: "Value"
+ schema:
+ type: string
- variable: persistenceList
label: "Additional app storage"
@@ -1304,7 +1500,7 @@ questions:
label: "ReadOnly Root Filesystem"
schema:
type: boolean
- default: true
+ default: false
- variable: allowPrivilegeEscalation
label: "Allow Privilege Escalation"
schema:
diff --git a/stable/scrutiny/0.0.2/security.md b/stable/scrutiny/0.0.3/security.md
similarity index 86%
rename from stable/scrutiny/0.0.2/security.md
rename to stable/scrutiny/0.0.3/security.md
index 79e659ad540..b68246beb03 100644
--- a/stable/scrutiny/0.0.2/security.md
+++ b/stable/scrutiny/0.0.3/security.md
@@ -22,6 +22,7 @@ hide:
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | Expand...
'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.
Container 'RELEASE-NAME-scrutiny' of Deployment 'RELEASE-NAME-scrutiny' should set 'securityContext.runAsNonRoot' to true | Expand...
https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
|
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | Expand...
'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.
Container 'autopermissions' of Deployment 'RELEASE-NAME-scrutiny' should set 'securityContext.runAsNonRoot' to true | Expand...
https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
|
| Kubernetes Security Check | KSV013 | Image tag ':latest' used | LOW | Expand...
It is best to avoid using the ':latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version.
Container 'autopermissions' of Deployment 'RELEASE-NAME-scrutiny' should specify an image tag | Expand...
https://kubernetes.io/docs/concepts/configuration/overview/#container-images
https://avd.aquasec.com/appshield/ksv013
|
+| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | Expand...
An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.
Container 'RELEASE-NAME-scrutiny' of Deployment 'RELEASE-NAME-scrutiny' should set 'securityContext.readOnlyRootFilesystem' to true | Expand...
https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
|
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | Expand...
An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.
Container 'autopermissions' of Deployment 'RELEASE-NAME-scrutiny' should set 'securityContext.readOnlyRootFilesystem' to true | Expand...
https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
|
| Kubernetes Security Check | KSV017 | Privileged container | HIGH | Expand...
Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges.
Container 'RELEASE-NAME-scrutiny' of Deployment 'RELEASE-NAME-scrutiny' should set 'securityContext.privileged' to false | Expand...
https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
https://avd.aquasec.com/appshield/ksv017
|
| Kubernetes Security Check | KSV019 | Seccomp policies disabled | MEDIUM | Expand...
A program inside the container can bypass Seccomp protection policies.
Container 'RELEASE-NAME-scrutiny' of Deployment 'RELEASE-NAME-scrutiny' should specify a seccomp profile | Expand...
https://kubesec.io/basics/metadata-annotations-container-seccomp-security-alpha-kubernetes-io-pod/
https://avd.aquasec.com/appshield/ksv019
|
@@ -74,4 +75,27 @@ hide:
| ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 | Expand...
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
|
+#### Container: usr/local/bin/scrutiny
+
+
+**gobinary**
+
+
+| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
+|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
+| golang.org/x/crypto | CVE-2020-29652 | HIGH | v0.0.0-20200622213623-75b288015ac9 | v0.0.0-20201216223049-8b5274cf687f | Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652
https://go-review.googlesource.com/c/crypto/+/278852
https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
https://linux.oracle.com/cve/CVE-2020-29652.html
https://linux.oracle.com/errata/ELSA-2021-1796.html
https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-29652
|
+
+**gobinary**
+
+
+| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
+|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
+| golang.org/x/crypto | CVE-2020-29652 | HIGH | v0.0.0-20200622213623-75b288015ac9 | v0.0.0-20201216223049-8b5274cf687f | Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652
https://go-review.googlesource.com/c/crypto/+/278852
https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
https://linux.oracle.com/cve/CVE-2020-29652.html
https://linux.oracle.com/errata/ELSA-2021-1796.html
https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-29652
|
+
+**gobinary**
+
+
+| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
+|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
+| golang.org/x/crypto | CVE-2020-29652 | HIGH | v0.0.0-20200622213623-75b288015ac9 | v0.0.0-20201216223049-8b5274cf687f | Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652
https://go-review.googlesource.com/c/crypto/+/278852
https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
https://linux.oracle.com/cve/CVE-2020-29652.html
https://linux.oracle.com/errata/ELSA-2021-1796.html
https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-29652
|
diff --git a/stable/scrutiny/0.0.2/templates/common.yaml b/stable/scrutiny/0.0.3/templates/common.yaml
similarity index 100%
rename from stable/scrutiny/0.0.2/templates/common.yaml
rename to stable/scrutiny/0.0.3/templates/common.yaml
diff --git a/stable/scrutiny/0.0.2/values.yaml b/stable/scrutiny/0.0.3/values.yaml
similarity index 100%
rename from stable/scrutiny/0.0.2/values.yaml
rename to stable/scrutiny/0.0.3/values.yaml