diff --git a/stable/scrutiny/0.0.2/CHANGELOG.md b/stable/scrutiny/0.0.2/CHANGELOG.md deleted file mode 100644 index 300ea111e3a..00000000000 --- a/stable/scrutiny/0.0.2/CHANGELOG.md +++ /dev/null @@ -1,14 +0,0 @@ -# Changelog
- - - -### [scrutiny-0.0.2](https://github.com/truecharts/apps/compare/scrutiny-0.0.1...scrutiny-0.0.2) (2021-12-13) - -#### Chore - -* move incubator apps to stable and bump everything - - - - -### scrutiny-0.0.1 (2021-12-12) diff --git a/stable/scrutiny/0.0.3/CHANGELOG.md b/stable/scrutiny/0.0.3/CHANGELOG.md new file mode 100644 index 00000000000..5115df323aa --- /dev/null +++ b/stable/scrutiny/0.0.3/CHANGELOG.md @@ -0,0 +1,27 @@ +# Changelog
+ + + +### [scrutiny-0.0.3](https://github.com/truecharts/apps/compare/scrutiny-0.0.2...scrutiny-0.0.3) (2021-12-13) + +#### Feat + +* add the new buttons ([#1532](https://github.com/truecharts/apps/issues/1532)) + +#### Fix + +* fix storage and envs ([#1530](https://github.com/truecharts/apps/issues/1530)) + + + + +### [scrutiny-0.0.2](https://github.com/truecharts/apps/compare/scrutiny-0.0.1...scrutiny-0.0.2) (2021-12-13) + +#### Chore + +* move incubator apps to stable and bump everything + + + + +### scrutiny-0.0.1 (2021-12-12) diff --git a/stable/scrutiny/0.0.2/CONFIG.md b/stable/scrutiny/0.0.3/CONFIG.md similarity index 100% rename from stable/scrutiny/0.0.2/CONFIG.md rename to stable/scrutiny/0.0.3/CONFIG.md diff --git a/stable/scrutiny/0.0.2/Chart.lock b/stable/scrutiny/0.0.3/Chart.lock similarity index 78% rename from stable/scrutiny/0.0.2/Chart.lock rename to stable/scrutiny/0.0.3/Chart.lock index 2d8f7e26294..6cf894bf9e8 100644 --- a/stable/scrutiny/0.0.2/Chart.lock +++ b/stable/scrutiny/0.0.3/Chart.lock @@ -3,4 +3,4 @@ dependencies: repository: https://truecharts.org version: 8.9.16 digest: sha256:ef00b9bcc5bd3a8688faa1a5508da1db6f35ec96c95736a989771d30e96c3a13 -generated: "2021-12-13T12:30:09.987320995Z" +generated: "2021-12-13T22:17:15.416040584Z" diff --git a/stable/scrutiny/0.0.2/Chart.yaml b/stable/scrutiny/0.0.3/Chart.yaml similarity index 98% rename from stable/scrutiny/0.0.2/Chart.yaml rename to stable/scrutiny/0.0.3/Chart.yaml index f3927c319ad..ee0d3e3feb5 100644 --- a/stable/scrutiny/0.0.2/Chart.yaml +++ b/stable/scrutiny/0.0.3/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 kubeVersion: ">=1.16.0-0" name: scrutiny -version: 0.0.2 +version: 0.0.3 appVersion: "2021.11.18" description: Scrutiny WebUI for smartd S.M.A.R.T monitoring. Scrutiny is a Hard Drive Health Dashboard & Monitoring solution. type: application diff --git a/stable/scrutiny/0.0.2/README.md b/stable/scrutiny/0.0.3/README.md similarity index 100% rename from stable/scrutiny/0.0.2/README.md rename to stable/scrutiny/0.0.3/README.md diff --git a/stable/scrutiny/0.0.2/app-readme.md b/stable/scrutiny/0.0.3/app-readme.md similarity index 100% rename from stable/scrutiny/0.0.2/app-readme.md rename to stable/scrutiny/0.0.3/app-readme.md diff --git a/stable/scrutiny/0.0.2/charts/common-8.9.16.tgz b/stable/scrutiny/0.0.3/charts/common-8.9.16.tgz similarity index 100% rename from stable/scrutiny/0.0.2/charts/common-8.9.16.tgz rename to stable/scrutiny/0.0.3/charts/common-8.9.16.tgz diff --git a/stable/scrutiny/0.0.2/helm-values.md b/stable/scrutiny/0.0.3/helm-values.md similarity index 83% rename from stable/scrutiny/0.0.2/helm-values.md rename to stable/scrutiny/0.0.3/helm-values.md index e2624618af4..d8cdc73efaa 100644 --- a/stable/scrutiny/0.0.2/helm-values.md +++ b/stable/scrutiny/0.0.3/helm-values.md @@ -12,11 +12,16 @@ You will, however, be able to use all values referenced in the common chart here | Key | Type | Default | Description | |-----|------|---------|-------------| | env.PUID | int | `568` | | +| env.SCRUTINY_API_ENDPOINT | string | `"http://localhost:8080"` | | +| env.SCRUTINY_COLLECTOR | bool | `true` | | +| env.SCRUTINY_WEB | bool | `true` | | | image.pullPolicy | string | `"IfNotPresent"` | | | image.repository | string | `"tccr.io/truecharts/scrutiny"` | | | image.tag | string | `"v2021.11.18"` | | | persistence.config.enabled | bool | `true` | | | persistence.config.mountPath | string | `"/scrutiny/config"` | | +| persistence.data.enabled | bool | `true` | | +| persistence.data.mountPath | string | `"/config"` | | | persistence.udev.hostPath | string | `"/run/udev"` | | | persistence.udev.mountPath | string | `"/run/udev"` | | | persistence.udev.readOnly | bool | `true` | | @@ -26,6 +31,7 @@ You will, however, be able to use all values referenced in the common chart here | podSecurityContext.runAsUser | int | `0` | | | securityContext.allowPrivilegeEscalation | bool | `true` | | | securityContext.privileged | bool | `true` | | +| securityContext.readOnlyRootFilesystem | bool | `false` | | | securityContext.runAsNonRoot | bool | `false` | | | service.main.ports.main.port | int | `10151` | | | service.main.ports.main.targetPort | int | `8080` | | diff --git a/stable/scrutiny/0.0.2/ix_values.yaml b/stable/scrutiny/0.0.3/ix_values.yaml similarity index 75% rename from stable/scrutiny/0.0.2/ix_values.yaml rename to stable/scrutiny/0.0.3/ix_values.yaml index 12cdfdc3d31..81d7d32587f 100644 --- a/stable/scrutiny/0.0.2/ix_values.yaml +++ b/stable/scrutiny/0.0.3/ix_values.yaml @@ -7,6 +7,7 @@ securityContext: runAsNonRoot: false privileged: true allowPrivilegeEscalation: true + readOnlyRootFilesystem: false podSecurityContext: runAsUser: 0 @@ -14,6 +15,9 @@ podSecurityContext: env: PUID: 568 + SCRUTINY_WEB: true + SCRUTINY_COLLECTOR: true + SCRUTINY_API_ENDPOINT: "http://localhost:8080" service: main: @@ -28,6 +32,9 @@ persistence: config: enabled: true mountPath: "/scrutiny/config" + data: + enabled: true + mountPath: "/config" udev: type: hostPath hostPath: /run/udev diff --git a/stable/scrutiny/0.0.2/questions.yaml b/stable/scrutiny/0.0.3/questions.yaml similarity index 90% rename from stable/scrutiny/0.0.2/questions.yaml rename to stable/scrutiny/0.0.3/questions.yaml index effaf0fbd4c..ff513aeb439 100644 --- a/stable/scrutiny/0.0.2/questions.yaml +++ b/stable/scrutiny/0.0.3/questions.yaml @@ -195,7 +195,29 @@ questions: schema: type: string default: "002" - + - variable: GIN_MODE + label: "GIN_MODE" + schema: + type: string + default: "release" + required: true + enum: + - value: "release" + description: "release" + - value: "debug" + description: "debug" + - variable: SCRUTINY_WEB + label: "SCRUTINY_WEB" + description: "SCRUTINY_WEB" + schema: + type: boolean + default: true + - variable: SCRUTINY_COLLECTOR + label: "SCRUTINY_COLLECTOR" + description: "SCRUTINY_COLLECTOR" + schema: + type: boolean + default: true - variable: envList label: "Image environment" group: "Container Configuration" @@ -758,6 +780,180 @@ questions: label: "Value" schema: type: string + - variable: data + label: "App data Storage" + description: "Stores the Application data." + schema: + type: dict + attrs: + - variable: enabled + label: "Enable the storage" + schema: + type: boolean + default: true + hidden: true + - variable: type + label: "Type of Storage" + description: "Sets the persistence type, Anything other than PVC could break rollback!" + schema: + type: string + default: "simplePVC" + enum: + - value: "simplePVC" + description: "PVC (simple)" + - value: "simpleHP" + description: "HostPath (simple)" + - value: "emptyDir" + description: "emptyDir" + - value: "pvc" + description: "pvc" + - value: "hostPath" + description: "hostPath" + - variable: setPermissionsSimple + label: "Automatic Permissions" + description: "Automatically set permissions on install" + schema: + show_if: [["type", "=", "simpleHP"]] + type: boolean + default: true + - variable: setPermissions + label: "Automatic Permissions" + description: "Automatically set permissions on install" + schema: + show_if: [["type", "=", "hostPath"]] + type: boolean + default: true + - variable: readOnly + label: "readOnly" + schema: + type: boolean + default: false + - variable: hostPathSimple + label: "hostPath" + description: "Path inside the container the storage is mounted" + schema: + show_if: [["type", "=", "simpleHP"]] + type: hostpath + - variable: hostPath + label: "hostPath" + description: "Path inside the container the storage is mounted" + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: mountPath + label: "mountPath" + description: "Path inside the container the storage is mounted" + schema: + type: string + default: "/config" + hidden: true + valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$' + - variable: medium + label: "EmptyDir Medium" + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "Memory" + description: "Memory" + - variable: size + label: "Size quotum of storage" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "999Gi" + - variable: hostPathType + label: "(Advanced) hostPath Type" + schema: + show_if: [["type", "=", "hostPath"]] + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "DirectoryOrCreate" + description: "DirectoryOrCreate" + - value: "Directory" + description: "Directory" + - value: "FileOrCreate" + description: "FileOrCreate" + - value: "File" + description: "File" + - value: "Socket" + description: "Socket" + - value: "CharDevice" + description: "CharDevice" + - value: "BlockDevice" + description: "BlockDevice" + - variable: storageClass + label: "(Advanced) storageClass" + description: "Warning: Anything other than SCALE-ZFS or empty will break rollback!" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "SCALE-ZFS" + - variable: accessMode + label: "(Advanced) Access Mode" + description: "Allow or disallow multiple PVC's writhing to the same PV" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "ReadWriteOnce" + enum: + - value: "ReadWriteOnce" + description: "ReadWriteOnce" + - value: "ReadOnlyMany" + description: "ReadOnlyMany" + - value: "ReadWriteMany" + description: "ReadWriteMany" + - variable: advanced + label: "Show Advanced Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: labelsList + label: "Labels" + schema: + type: list + default: [] + items: + - variable: labelItem + label: "Label" + schema: + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: annotationsList + label: "Annotations" + schema: + type: list + default: [] + items: + - variable: annotationItem + label: "Label" + schema: + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string - variable: persistenceList label: "Additional app storage" @@ -1304,7 +1500,7 @@ questions: label: "ReadOnly Root Filesystem" schema: type: boolean - default: true + default: false - variable: allowPrivilegeEscalation label: "Allow Privilege Escalation" schema: diff --git a/stable/scrutiny/0.0.2/security.md b/stable/scrutiny/0.0.3/security.md similarity index 86% rename from stable/scrutiny/0.0.2/security.md rename to stable/scrutiny/0.0.3/security.md index 79e659ad540..b68246beb03 100644 --- a/stable/scrutiny/0.0.2/security.md +++ b/stable/scrutiny/0.0.3/security.md @@ -22,6 +22,7 @@ hide: | Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.

Container 'RELEASE-NAME-scrutiny' of Deployment 'RELEASE-NAME-scrutiny' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
| | Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.

Container 'autopermissions' of Deployment 'RELEASE-NAME-scrutiny' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
| | Kubernetes Security Check | KSV013 | Image tag ':latest' used | LOW |
Expand... It is best to avoid using the ':latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version.

Container 'autopermissions' of Deployment 'RELEASE-NAME-scrutiny' should specify an image tag
|
Expand...https://kubernetes.io/docs/concepts/configuration/overview/#container-images
https://avd.aquasec.com/appshield/ksv013
| +| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.

Container 'RELEASE-NAME-scrutiny' of Deployment 'RELEASE-NAME-scrutiny' should set 'securityContext.readOnlyRootFilesystem' to true
|
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
| | Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.

Container 'autopermissions' of Deployment 'RELEASE-NAME-scrutiny' should set 'securityContext.readOnlyRootFilesystem' to true
|
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
| | Kubernetes Security Check | KSV017 | Privileged container | HIGH |
Expand... Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges.

Container 'RELEASE-NAME-scrutiny' of Deployment 'RELEASE-NAME-scrutiny' should set 'securityContext.privileged' to false
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
https://avd.aquasec.com/appshield/ksv017
| | Kubernetes Security Check | KSV019 | Seccomp policies disabled | MEDIUM |
Expand... A program inside the container can bypass Seccomp protection policies.

Container 'RELEASE-NAME-scrutiny' of Deployment 'RELEASE-NAME-scrutiny' should specify a seccomp profile
|
Expand...https://kubesec.io/basics/metadata-annotations-container-seccomp-security-alpha-kubernetes-io-pod/
https://avd.aquasec.com/appshield/ksv019
| @@ -74,4 +75,27 @@ hide: | ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Expand...https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| +#### Container: usr/local/bin/scrutiny + + +**gobinary** + + +| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | +|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| +| golang.org/x/crypto | CVE-2020-29652 | HIGH | v0.0.0-20200622213623-75b288015ac9 | v0.0.0-20201216223049-8b5274cf687f |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652
https://go-review.googlesource.com/c/crypto/+/278852
https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
https://linux.oracle.com/cve/CVE-2020-29652.html
https://linux.oracle.com/errata/ELSA-2021-1796.html
https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-29652
| + +**gobinary** + + +| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | +|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| +| golang.org/x/crypto | CVE-2020-29652 | HIGH | v0.0.0-20200622213623-75b288015ac9 | v0.0.0-20201216223049-8b5274cf687f |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652
https://go-review.googlesource.com/c/crypto/+/278852
https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
https://linux.oracle.com/cve/CVE-2020-29652.html
https://linux.oracle.com/errata/ELSA-2021-1796.html
https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-29652
| + +**gobinary** + + +| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | +|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| +| golang.org/x/crypto | CVE-2020-29652 | HIGH | v0.0.0-20200622213623-75b288015ac9 | v0.0.0-20201216223049-8b5274cf687f |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652
https://go-review.googlesource.com/c/crypto/+/278852
https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
https://linux.oracle.com/cve/CVE-2020-29652.html
https://linux.oracle.com/errata/ELSA-2021-1796.html
https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-29652
| diff --git a/stable/scrutiny/0.0.2/templates/common.yaml b/stable/scrutiny/0.0.3/templates/common.yaml similarity index 100% rename from stable/scrutiny/0.0.2/templates/common.yaml rename to stable/scrutiny/0.0.3/templates/common.yaml diff --git a/stable/scrutiny/0.0.2/values.yaml b/stable/scrutiny/0.0.3/values.yaml similarity index 100% rename from stable/scrutiny/0.0.2/values.yaml rename to stable/scrutiny/0.0.3/values.yaml