From 9c83db1e6a53866a47b59fab000b64796209b118 Mon Sep 17 00:00:00 2001 From: TrueCharts-Bot Date: Sun, 1 May 2022 22:23:02 +0000 Subject: [PATCH] Commit new App releases for TrueCharts Signed-off-by: TrueCharts-Bot --- incubator/netdata/0.0.1/CHANGELOG.md | 10 -------- incubator/netdata/0.0.2/CHANGELOG.md | 18 ++++++++++++++ incubator/netdata/{0.0.1 => 0.0.2}/Chart.lock | 2 +- incubator/netdata/{0.0.1 => 0.0.2}/Chart.yaml | 2 +- incubator/netdata/{0.0.1 => 0.0.2}/README.md | 0 .../netdata/{0.0.1 => 0.0.2}/app-readme.md | 0 .../{0.0.1 => 0.0.2}/charts/common-9.3.2.tgz | Bin .../netdata/{0.0.1 => 0.0.2}/ix_values.yaml | 20 +++++++-------- .../netdata/{0.0.1 => 0.0.2}/questions.yaml | 0 .../netdata/{0.0.1 => 0.0.2}/security.md | 23 +++++++++--------- .../{0.0.1 => 0.0.2}/templates/common.yaml | 0 .../netdata/{0.0.1 => 0.0.2}/values.yaml | 0 12 files changed, 41 insertions(+), 34 deletions(-) delete mode 100644 incubator/netdata/0.0.1/CHANGELOG.md create mode 100644 incubator/netdata/0.0.2/CHANGELOG.md rename incubator/netdata/{0.0.1 => 0.0.2}/Chart.lock (80%) rename incubator/netdata/{0.0.1 => 0.0.2}/Chart.yaml (97%) rename incubator/netdata/{0.0.1 => 0.0.2}/README.md (100%) rename incubator/netdata/{0.0.1 => 0.0.2}/app-readme.md (100%) rename incubator/netdata/{0.0.1 => 0.0.2}/charts/common-9.3.2.tgz (100%) rename incubator/netdata/{0.0.1 => 0.0.2}/ix_values.yaml (91%) rename incubator/netdata/{0.0.1 => 0.0.2}/questions.yaml (100%) rename incubator/netdata/{0.0.1 => 0.0.2}/security.md (99%) rename incubator/netdata/{0.0.1 => 0.0.2}/templates/common.yaml (100%) rename incubator/netdata/{0.0.1 => 0.0.2}/values.yaml (100%) diff --git a/incubator/netdata/0.0.1/CHANGELOG.md b/incubator/netdata/0.0.1/CHANGELOG.md deleted file mode 100644 index d1b6ff67016..00000000000 --- a/incubator/netdata/0.0.1/CHANGELOG.md +++ /dev/null @@ -1,10 +0,0 @@ -# Changelog
- - - -### netdata-0.0.1 (2022-05-01) - -#### Feat - -* add netdata ([#2595](https://github.com/truecharts/apps/issues/2595)) - diff --git a/incubator/netdata/0.0.2/CHANGELOG.md b/incubator/netdata/0.0.2/CHANGELOG.md new file mode 100644 index 00000000000..cec37545016 --- /dev/null +++ b/incubator/netdata/0.0.2/CHANGELOG.md @@ -0,0 +1,18 @@ +# Changelog
+ + + +### [netdata-0.0.2](https://github.com/truecharts/apps/compare/netdata-0.0.1...netdata-0.0.2) (2022-05-01) + +#### Fix + +* make host mounts readonly ([#2596](https://github.com/truecharts/apps/issues/2596)) + + + + +### netdata-0.0.1 (2022-05-01) + +#### Feat + +* add netdata ([#2595](https://github.com/truecharts/apps/issues/2595)) diff --git a/incubator/netdata/0.0.1/Chart.lock b/incubator/netdata/0.0.2/Chart.lock similarity index 80% rename from incubator/netdata/0.0.1/Chart.lock rename to incubator/netdata/0.0.2/Chart.lock index 7f1543eaa93..f52fb8ea603 100644 --- a/incubator/netdata/0.0.1/Chart.lock +++ b/incubator/netdata/0.0.2/Chart.lock @@ -3,4 +3,4 @@ dependencies: repository: https://library-charts.truecharts.org version: 9.3.2 digest: sha256:4514044d0d416a02c0029081a25943395114bcb29df51a2ede27d4257f71d412 -generated: "2022-05-01T20:52:25.980307332Z" +generated: "2022-05-01T22:16:20.328544076Z" diff --git a/incubator/netdata/0.0.1/Chart.yaml b/incubator/netdata/0.0.2/Chart.yaml similarity index 97% rename from incubator/netdata/0.0.1/Chart.yaml rename to incubator/netdata/0.0.2/Chart.yaml index d0700922c5f..32052b49697 100644 --- a/incubator/netdata/0.0.1/Chart.yaml +++ b/incubator/netdata/0.0.2/Chart.yaml @@ -18,7 +18,7 @@ maintainers: name: netdata sources: - https://github.com/netdata -version: 0.0.1 +version: 0.0.2 annotations: truecharts.org/catagories: | - utilities diff --git a/incubator/netdata/0.0.1/README.md b/incubator/netdata/0.0.2/README.md similarity index 100% rename from incubator/netdata/0.0.1/README.md rename to incubator/netdata/0.0.2/README.md diff --git a/incubator/netdata/0.0.1/app-readme.md b/incubator/netdata/0.0.2/app-readme.md similarity index 100% rename from incubator/netdata/0.0.1/app-readme.md rename to incubator/netdata/0.0.2/app-readme.md diff --git a/incubator/netdata/0.0.1/charts/common-9.3.2.tgz b/incubator/netdata/0.0.2/charts/common-9.3.2.tgz similarity index 100% rename from incubator/netdata/0.0.1/charts/common-9.3.2.tgz rename to incubator/netdata/0.0.2/charts/common-9.3.2.tgz diff --git a/incubator/netdata/0.0.1/ix_values.yaml b/incubator/netdata/0.0.2/ix_values.yaml similarity index 91% rename from incubator/netdata/0.0.1/ix_values.yaml rename to incubator/netdata/0.0.2/ix_values.yaml index 0d4ccb07fc9..da2a411e474 100644 --- a/incubator/netdata/0.0.1/ix_values.yaml +++ b/incubator/netdata/0.0.2/ix_values.yaml @@ -67,34 +67,34 @@ persistence: mountPath: "/var/cache/netdata" passwd: enabled: true + type: hostPath hostPath: "/etc/passwd" mountPath: "/host/etc/passwd" - hostPathType: "" - readOnly: false + readOnly: true group: enabled: true + type: hostPath hostPath: "/etc/group" mountPath: "/host/etc/group" - hostPathType: "" - readOnly: false + readOnly: true proc: enabled: true + type: hostPath hostPath: "/proc" mountPath: "/host/proc" - hostPathType: "" - readOnly: false + readOnly: true sys: enabled: true + type: hostPath hostPath: "/sys" mountPath: "/host/sys" - hostPathType: "" - readOnly: false + readOnly: true os: enabled: true + type: hostPath hostPath: "/etc/os-release" mountPath: "/host/etc/os-release" - hostPathType: "" - readOnly: false + readOnly: true initContainers: create-config: diff --git a/incubator/netdata/0.0.1/questions.yaml b/incubator/netdata/0.0.2/questions.yaml similarity index 100% rename from incubator/netdata/0.0.1/questions.yaml rename to incubator/netdata/0.0.2/questions.yaml diff --git a/incubator/netdata/0.0.1/security.md b/incubator/netdata/0.0.2/security.md similarity index 99% rename from incubator/netdata/0.0.1/security.md rename to incubator/netdata/0.0.2/security.md index 3d2ebb84fd5..0ed6f9f9e01 100644 --- a/incubator/netdata/0.0.1/security.md +++ b/incubator/netdata/0.0.2/security.md @@ -12,9 +12,9 @@ hide: ##### Scan Results #### Chart Object: netdata/templates/common.yaml - - + + | Type | Misconfiguration ID | Check | Severity | Explaination | Links | |:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------| | Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM |
Expand... A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.


Container 'create-config' of Deployment 'RELEASE-NAME-netdata' should set 'securityContext.allowPrivilegeEscalation' to false
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv001
| @@ -64,11 +64,11 @@ hide: #### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 |
Expand...https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
https://nvd.nist.gov/vuln/detail/CVE-2022-28391
| @@ -85,11 +85,11 @@ hide: #### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 |
Expand...https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
https://nvd.nist.gov/vuln/detail/CVE-2022-28391
| @@ -108,11 +108,11 @@ hide: #### Container: netdata/netdata:v1.34.1@sha256:f6cac082c234ac0fac0d0d464a4b4fe68fe3ec53d18a03b553307c8286e92f0c (alpine 3.15.4) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | curl | CVE-2022-22576 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-22576
https://curl.se/docs/CVE-2022-22576.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576
https://ubuntu.com/security/notices/USN-5397-1
| @@ -126,17 +126,16 @@ hide: **python-pkg** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/prometheus/prometheus | CVE-2019-3826 | MEDIUM | v2.5.0+incompatible | v2.7.1 |
Expand...https://access.redhat.com/errata/RHBA-2019:0327
https://access.redhat.com/security/cve/CVE-2019-3826
https://advisory.checkmarx.net/advisory/CX-2019-4297
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3826
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3826
https://github.com/prometheus/prometheus/commit/62e591f9
https://github.com/prometheus/prometheus/pull/5163
https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573@%3Ccommits.zookeeper.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2019-3826
| | golang.org/x/crypto | CVE-2022-27191 | HIGH | v0.0.0-20210506145944-38f3c27a63bf | 0.0.0-20220315160706-3147a52a75dd |
Expand...https://access.redhat.com/security/cve/CVE-2022-27191
https://github.com/advisories/GHSA-8c26-wmh5-6g9v
https://groups.google.com/g/golang-announce
https://groups.google.com/g/golang-announce/c/-cp44ypCT5s
https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/
https://nvd.nist.gov/vuln/detail/CVE-2022-27191
https://security.netapp.com/advisory/ntap-20220429-0002/
| - diff --git a/incubator/netdata/0.0.1/templates/common.yaml b/incubator/netdata/0.0.2/templates/common.yaml similarity index 100% rename from incubator/netdata/0.0.1/templates/common.yaml rename to incubator/netdata/0.0.2/templates/common.yaml diff --git a/incubator/netdata/0.0.1/values.yaml b/incubator/netdata/0.0.2/values.yaml similarity index 100% rename from incubator/netdata/0.0.1/values.yaml rename to incubator/netdata/0.0.2/values.yaml