Commit new App releases for TrueCharts

Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
TrueCharts-Bot 2021-12-21 18:46:36 +00:00
parent b2d034039a
commit a5d98718a4
4364 changed files with 137393 additions and 108670 deletions

View File

@ -1,99 +0,0 @@
# Changelog<br>
<a name="k8s-gateway-4.0.25"></a>
### [k8s-gateway-4.0.25](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.24...k8s-gateway-4.0.25) (2021-12-19)
#### Chore
* Last patch bump before RC2 branch-off
* remove `editable: true` as this is the default ([#1576](https://github.com/truecharts/apps/issues/1576))
<a name="k8s-gateway-4.0.24"></a>
### [k8s-gateway-4.0.24](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.23...k8s-gateway-4.0.24) (2021-12-19)
#### Chore
* App-Icon Organization ([#1539](https://github.com/truecharts/apps/issues/1539))
* update helm general non-major helm releases ([#1571](https://github.com/truecharts/apps/issues/1571))
<a name="k8s-gateway-4.0.23"></a>
### [k8s-gateway-4.0.23](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.22...k8s-gateway-4.0.23) (2021-12-14)
#### Chore
* update helm general non-major helm releases ([#1535](https://github.com/truecharts/apps/issues/1535))
<a name="k8s-gateway-4.0.22"></a>
### [k8s-gateway-4.0.22](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.21...k8s-gateway-4.0.22) (2021-12-13)
#### Chore
* move incubator apps to stable and bump everything
<a name="k8s-gateway-4.0.21"></a>
### [k8s-gateway-4.0.21](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.20...k8s-gateway-4.0.21) (2021-12-11)
#### Chore
* update general helm non-major helm releases ([#1509](https://github.com/truecharts/apps/issues/1509))
<a name="k8s-gateway-4.0.20"></a>
### [k8s-gateway-4.0.20](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.19...k8s-gateway-4.0.20) (2021-12-07)
#### Chore
* update non-major deps helm releases ([#1481](https://github.com/truecharts/apps/issues/1481))
<a name="k8s-gateway-4.0.19"></a>
### k8s-gateway-4.0.19 (2021-12-05)
#### Chore
* bump apps to generate security page
* move all container references to TCCR ([#1448](https://github.com/truecharts/apps/issues/1448))
* update non-major deps helm releases ([#1471](https://github.com/truecharts/apps/issues/1471))
* update non-major deps helm releases ([#1468](https://github.com/truecharts/apps/issues/1468))
* update non-major deps helm releases ([#1453](https://github.com/truecharts/apps/issues/1453))
* update non-major ([#1449](https://github.com/truecharts/apps/issues/1449))
* update non-major deps helm releases ([#1432](https://github.com/truecharts/apps/issues/1432))
#### Fix
* fix typo in theme selection ([#1428](https://github.com/truecharts/apps/issues/1428))
<a name="k8s-gateway-4.0.18"></a>
### [k8s-gateway-4.0.18](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.17...k8s-gateway-4.0.18) (2021-12-05)
#### Chore
* update non-major deps helm releases ([#1468](https://github.com/truecharts/apps/issues/1468))
<a name="k8s-gateway-4.0.17"></a>
### [k8s-gateway-4.0.17](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.16...k8s-gateway-4.0.17) (2021-12-04)
#### Chore
* bump apps to generate security page
<a name="k8s-gateway-4.0.16"></a>
### [k8s-gateway-4.0.16](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.15...k8s-gateway-4.0.16) (2021-12-04)

View File

@ -1,6 +0,0 @@
dependencies:
- name: common
repository: https://truecharts.org
version: 8.9.24
digest: sha256:1496c228986729d8cb70f0dd54bedbe7987b6ea0809484b4f4a394e26df9343c
generated: "2021-12-19T23:04:06.274527534Z"

View File

@ -1,28 +0,0 @@
apiVersion: v2
appVersion: "0.1.8"
dependencies:
- name: common
repository: https://truecharts.org
version: 8.9.24
deprecated: false
description: A Helm chart for the k8s_gateway CoreDNS plugin
home: https://github.com/truecharts/apps/tree/master/charts/stable/k8s-gateway
icon: https://truecharts.org/_static/img/appicons/k8s-gateway-icon.png
keywords:
- DNS
- networking
kubeVersion: '>=1.16.0-0'
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: k8s-gateway
sources:
- https://github.com/ori-edge/k8s_gateway
type: application
version: 4.0.25
annotations:
truecharts.org/catagories: |
- networking
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U

View File

@ -1,37 +0,0 @@
# Introduction
A Helm chart for the k8s_gateway CoreDNS plugin
TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation.
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)**
## Source Code
* <https://github.com/ori-edge/k8s_gateway>
## Requirements
Kubernetes: `>=1.16.0-0`
## Dependencies
| Repository | Name | Version |
|------------|------|---------|
| https://truecharts.org | common | 8.9.24 |
## Installing the Chart
To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/03-Installing-an-App/).
## Uninstalling the Chart
To remove this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/07-Deleting-an-App/).
## Support
- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Open-Apps/) first.
- See the [Wiki](https://truecharts.org)
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
- Open a [issue](https://github.com/truecharts/apps/issues/new/choose)
---
All Rights Reserved - The TrueCharts Project

View File

@ -1,85 +0,0 @@
---
hide:
- toc
---
# Security Overview
<link href="https://truecharts.org/_static/trivy.css" type="text/css" rel="stylesheet" />
## Helm-Chart
##### Scan Results
#### Chart Object: k8s-gateway/templates/common.yaml
| Type | Misconfiguration ID | Check | Severity | Explaination | Links |
|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container &#39;RELEASE-NAME-k8s-gateway&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should add &#39;ALL&#39; to &#39;securityContext.capabilities.drop&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;RELEASE-NAME-k8s-gateway&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV013 | Image tag &#39;:latest&#39; used | LOW | <details><summary>Expand...</summary> It is best to avoid using the &#39;:latest&#39; image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version. <br> <hr> <br> Container &#39;RELEASE-NAME-k8s-gateway&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should specify an image tag </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/configuration/overview/#container-images">https://kubernetes.io/docs/concepts/configuration/overview/#container-images</a><br><a href="https://avd.aquasec.com/appshield/ksv013">https://avd.aquasec.com/appshield/ksv013</a><br></details> |
| Kubernetes Security Check | KSV013 | Image tag &#39;:latest&#39; used | LOW | <details><summary>Expand...</summary> It is best to avoid using the &#39;:latest&#39; image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should specify an image tag </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/configuration/overview/#container-images">https://kubernetes.io/docs/concepts/configuration/overview/#container-images</a><br><a href="https://avd.aquasec.com/appshield/ksv013">https://avd.aquasec.com/appshield/ksv013</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV019 | Seccomp policies disabled | MEDIUM | <details><summary>Expand...</summary> A program inside the container can bypass Seccomp protection policies. <br> <hr> <br> Container &#39;RELEASE-NAME-k8s-gateway&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should specify a seccomp profile </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/metadata-annotations-container-seccomp-security-alpha-kubernetes-io-pod/">https://kubesec.io/basics/metadata-annotations-container-seccomp-security-alpha-kubernetes-io-pod/</a><br><a href="https://avd.aquasec.com/appshield/ksv019">https://avd.aquasec.com/appshield/ksv019</a><br></details> |
| Kubernetes Security Check | KSV019 | Seccomp policies disabled | MEDIUM | <details><summary>Expand...</summary> A program inside the container can bypass Seccomp protection policies. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should specify a seccomp profile </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/metadata-annotations-container-seccomp-security-alpha-kubernetes-io-pod/">https://kubesec.io/basics/metadata-annotations-container-seccomp-security-alpha-kubernetes-io-pod/</a><br><a href="https://avd.aquasec.com/appshield/ksv019">https://avd.aquasec.com/appshield/ksv019</a><br></details> |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;RELEASE-NAME-k8s-gateway&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;RELEASE-NAME-k8s-gateway&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should set &#39;securityContext.runAsGroup&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should set &#39;securityContext.runAsGroup&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
| Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW | <details><summary>Expand...</summary> Containers should be forbidden from running with a root primary or supplementary GID. <br> <hr> <br> Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should set &#39;spec.securityContext.runAsGroup&#39;, &#39;spec.securityContext.supplementalGroups[*]&#39; and &#39;spec.securityContext.fsGroup&#39; to integer greater than 0 </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv029">https://avd.aquasec.com/appshield/ksv029</a><br></details> |
## Containers
##### Detected Containers
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
tccr.io/truecharts/k8s_gateway:v0.1.8@sha256:c71ea11938d6c93b0af6f25230810ec13c7d28b29dfb8512adc6d1def7f200b6
##### Scan Results
#### Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2)
**alpine**
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
| busybox | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
| ssl_client | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
| ssl_client | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
#### Container: coredns
**gobinary**
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| go.etcd.io/etcd | CVE-2020-15106 | MEDIUM | v0.5.0-alpha.5.0.20200306183522-221f0cc107cb | v0.5.0-alpha.5.0.20200423152442-f4b650b51dc4 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15106">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15106</a><br><a href="https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2">https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/</a><br></details> |

View File

@ -0,0 +1,99 @@
# Changelog<br>
<a name="k8s-gateway-4.0.26"></a>
### [k8s-gateway-4.0.26](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.25...k8s-gateway-4.0.26) (2021-12-21)
#### Chore
* update helm general non-major helm releases ([#1596](https://github.com/truecharts/apps/issues/1596))
<a name="k8s-gateway-4.0.25"></a>
### [k8s-gateway-4.0.25](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.24...k8s-gateway-4.0.25) (2021-12-19)
#### Chore
* Last patch bump before RC2 branch-off
* remove `editable: true` as this is the default ([#1576](https://github.com/truecharts/apps/issues/1576))
<a name="k8s-gateway-4.0.24"></a>
### [k8s-gateway-4.0.24](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.23...k8s-gateway-4.0.24) (2021-12-19)
#### Chore
* App-Icon Organization ([#1539](https://github.com/truecharts/apps/issues/1539))
* update helm general non-major helm releases ([#1571](https://github.com/truecharts/apps/issues/1571))
<a name="k8s-gateway-4.0.23"></a>
### [k8s-gateway-4.0.23](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.22...k8s-gateway-4.0.23) (2021-12-14)
#### Chore
* update helm general non-major helm releases ([#1535](https://github.com/truecharts/apps/issues/1535))
<a name="k8s-gateway-4.0.22"></a>
### [k8s-gateway-4.0.22](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.21...k8s-gateway-4.0.22) (2021-12-13)
#### Chore
* move incubator apps to stable and bump everything
<a name="k8s-gateway-4.0.21"></a>
### [k8s-gateway-4.0.21](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.20...k8s-gateway-4.0.21) (2021-12-11)
#### Chore
* update general helm non-major helm releases ([#1509](https://github.com/truecharts/apps/issues/1509))
<a name="k8s-gateway-4.0.20"></a>
### [k8s-gateway-4.0.20](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.19...k8s-gateway-4.0.20) (2021-12-07)
#### Chore
* update non-major deps helm releases ([#1481](https://github.com/truecharts/apps/issues/1481))
<a name="k8s-gateway-4.0.19"></a>
### k8s-gateway-4.0.19 (2021-12-05)
#### Chore
* bump apps to generate security page
* move all container references to TCCR ([#1448](https://github.com/truecharts/apps/issues/1448))
* update non-major deps helm releases ([#1471](https://github.com/truecharts/apps/issues/1471))
* update non-major deps helm releases ([#1468](https://github.com/truecharts/apps/issues/1468))
* update non-major deps helm releases ([#1453](https://github.com/truecharts/apps/issues/1453))
* update non-major ([#1449](https://github.com/truecharts/apps/issues/1449))
* update non-major deps helm releases ([#1432](https://github.com/truecharts/apps/issues/1432))
#### Fix
* fix typo in theme selection ([#1428](https://github.com/truecharts/apps/issues/1428))
<a name="k8s-gateway-4.0.18"></a>
### [k8s-gateway-4.0.18](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.17...k8s-gateway-4.0.18) (2021-12-05)
#### Chore
* update non-major deps helm releases ([#1468](https://github.com/truecharts/apps/issues/1468))
<a name="k8s-gateway-4.0.17"></a>
### [k8s-gateway-4.0.17](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.16...k8s-gateway-4.0.17) (2021-12-04)

View File

@ -0,0 +1,6 @@
dependencies:
- name: common
repository: https://truecharts.org
version: 8.9.25
digest: sha256:5438a1c0fda1ea55e3677fc611fc6a62981f903cd7cae559dc798db8afb43f93
generated: "2021-12-21T18:08:43.583805573Z"

View File

@ -0,0 +1,28 @@
apiVersion: v2
appVersion: "0.1.8"
dependencies:
- name: common
repository: https://truecharts.org
version: 8.9.25
deprecated: false
description: A Helm chart for the k8s_gateway CoreDNS plugin
home: https://github.com/truecharts/apps/tree/master/charts/stable/k8s-gateway
icon: https://truecharts.org/_static/img/appicons/k8s-gateway-icon.png
keywords:
- DNS
- networking
kubeVersion: '>=1.16.0-0'
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: k8s-gateway
sources:
- https://github.com/ori-edge/k8s_gateway
type: application
version: 4.0.26
annotations:
truecharts.org/catagories: |
- networking
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U

View File

@ -0,0 +1,37 @@
# Introduction
A Helm chart for the k8s_gateway CoreDNS plugin
TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation.
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)**
## Source Code
* <https://github.com/ori-edge/k8s_gateway>
## Requirements
Kubernetes: `>=1.16.0-0`
## Dependencies
| Repository | Name | Version |
|------------|------|---------|
| https://truecharts.org | common | 8.9.25 |
## Installing the Chart
To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/03-Installing-an-App/).
## Uninstalling the Chart
To remove this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/07-Deleting-an-App/).
## Support
- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Open-Apps/) first.
- See the [Wiki](https://truecharts.org)
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
- Open a [issue](https://github.com/truecharts/apps/issues/new/choose)
---
All Rights Reserved - The TrueCharts Project

Binary file not shown.

View File

@ -0,0 +1,82 @@
---
hide:
- toc
---
# Security Overview
<link href="https://truecharts.org/_static/trivy.css" type="text/css" rel="stylesheet" />
## Helm-Chart
##### Scan Results
#### Chart Object: k8s-gateway/templates/common.yaml
| Type | Misconfiguration ID | Check | Severity | Explaination | Links |
|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container &#39;RELEASE-NAME-k8s-gateway&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should add &#39;ALL&#39; to &#39;securityContext.capabilities.drop&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;RELEASE-NAME-k8s-gateway&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;RELEASE-NAME-k8s-gateway&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;RELEASE-NAME-k8s-gateway&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should set &#39;securityContext.runAsGroup&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should set &#39;securityContext.runAsGroup&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
| Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW | <details><summary>Expand...</summary> Containers should be forbidden from running with a root primary or supplementary GID. <br> <hr> <br> Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should set &#39;spec.securityContext.runAsGroup&#39;, &#39;spec.securityContext.supplementalGroups[*]&#39; and &#39;spec.securityContext.fsGroup&#39; to integer greater than 0 </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv029">https://avd.aquasec.com/appshield/ksv029</a><br></details> |
## Containers
##### Detected Containers
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
tccr.io/truecharts/k8s_gateway:v0.1.8@sha256:c71ea11938d6c93b0af6f25230810ec13c7d28b29dfb8512adc6d1def7f200b6
##### Scan Results
#### Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2)
**alpine**
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
| busybox | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
| ssl_client | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
| ssl_client | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
#### Container: coredns
**gobinary**
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| go.etcd.io/etcd | CVE-2020-15106 | MEDIUM | v0.5.0-alpha.5.0.20200306183522-221f0cc107cb | 0.5.0-alpha.5.0.20200423152442-f4b650b51dc4 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15106">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15106</a><br><a href="https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2">https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/</a><br></details> |
| golang.org/x/text | CVE-2021-38561 | UNKNOWN | v0.3.6 | 0.3.7 | <details><summary>Expand...</summary></details> |

View File

@ -1,99 +0,0 @@
# Changelog<br>
<a name="prometheus-1.1.26"></a>
### [prometheus-1.1.26](https://github.com/truecharts/apps/compare/prometheus-1.1.25...prometheus-1.1.26) (2021-12-20)
#### Chore
* update docker general non-major ([#1589](https://github.com/truecharts/apps/issues/1589))
<a name="prometheus-1.1.25"></a>
### [prometheus-1.1.25](https://github.com/truecharts/apps/compare/prometheus-1.1.24...prometheus-1.1.25) (2021-12-20)
#### Chore
* update docker general non-major ([#1585](https://github.com/truecharts/apps/issues/1585))
<a name="prometheus-1.1.24"></a>
### [prometheus-1.1.24](https://github.com/truecharts/apps/compare/prometheus-1.1.23...prometheus-1.1.24) (2021-12-20)
#### Chore
* update docker general non-major ([#1581](https://github.com/truecharts/apps/issues/1581))
<a name="prometheus-1.1.23"></a>
### [prometheus-1.1.23](https://github.com/truecharts/apps/compare/prometheus-1.1.22...prometheus-1.1.23) (2021-12-19)
#### Chore
* Last patch bump before RC2 branch-off
<a name="prometheus-1.1.22"></a>
### [prometheus-1.1.22](https://github.com/truecharts/apps/compare/prometheus-1.1.21...prometheus-1.1.22) (2021-12-19)
#### Chore
* update helm general non-major helm releases ([#1571](https://github.com/truecharts/apps/issues/1571))
<a name="prometheus-1.1.21"></a>
### [prometheus-1.1.21](https://github.com/truecharts/apps/compare/uptimerobot-prometheus-2.0.4...prometheus-1.1.21) (2021-12-19)
#### Chore
* update docker general non-major ([#1567](https://github.com/truecharts/apps/issues/1567))
<a name="prometheus-1.1.20"></a>
### [prometheus-1.1.20](https://github.com/truecharts/apps/compare/prometheus-1.1.19...prometheus-1.1.20) (2021-12-14)
#### Chore
* update helm general non-major helm releases ([#1535](https://github.com/truecharts/apps/issues/1535))
<a name="prometheus-1.1.19"></a>
### [prometheus-1.1.19](https://github.com/truecharts/apps/compare/prometheus-1.1.18...prometheus-1.1.19) (2021-12-13)
#### Chore
* update docker general non-major ([#1531](https://github.com/truecharts/apps/issues/1531))
<a name="prometheus-1.1.18"></a>
### [prometheus-1.1.18](https://github.com/truecharts/apps/compare/prometheus-1.1.17...prometheus-1.1.18) (2021-12-13)
#### Chore
* move incubator apps to stable and bump everything
<a name="prometheus-1.1.17"></a>
### [prometheus-1.1.17](https://github.com/truecharts/apps/compare/prometheus-1.1.16...prometheus-1.1.17) (2021-12-13)
#### Chore
* update docker general non-major ([#1522](https://github.com/truecharts/apps/issues/1522))
<a name="prometheus-1.1.16"></a>
### [prometheus-1.1.16](https://github.com/truecharts/apps/compare/prometheus-1.1.15...prometheus-1.1.16) (2021-12-12)
#### Chore
* update docker general non-major ([#1518](https://github.com/truecharts/apps/issues/1518))

View File

@ -1,12 +0,0 @@
dependencies:
- name: common
repository: https://truecharts.org
version: 8.9.24
- name: node-exporter
repository: https://charts.bitnami.com/bitnami
version: 2.3.17
- name: kube-state-metrics
repository: https://charts.bitnami.com/bitnami
version: 2.1.19
digest: sha256:9996c081f33e1a636bcbb3b060bcb8ea425ad59e6bf5c808f6e88c2a3e136ab1
generated: "2021-12-20T17:55:21.60488417Z"

View File

@ -1,36 +0,0 @@
apiVersion: v2
appVersion: "0.53.0"
dependencies:
- name: common
repository: https://truecharts.org
version: 8.9.24
- condition: exporters.enabled,exporters.node-exporter.enabled
name: node-exporter
repository: https://charts.bitnami.com/bitnami
version: 2.3.17
- condition: exporters.enabled,exporters.kube-state-metrics.enabled
name: kube-state-metrics
repository: https://charts.bitnami.com/bitnami
version: 2.1.19
deprecated: false
description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator.
icon: https://truecharts.org/_static/img/appicons/prometheus-icon.png
home: https://github.com/truecharts/apps/tree/master/charts/stable/prometheus
keywords:
- metrics
kubeVersion: '>=1.16.0-0'
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: prometheus
sources:
- https://github.com/prometheus-community/helm-charts
- https://github.com/prometheus-operator/kube-prometheus
type: application
version: 1.1.26
annotations:
truecharts.org/catagories: |
- metrics
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U

View File

@ -1,40 +0,0 @@
# Introduction
kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator.
TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation.
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)**
## Source Code
* <https://github.com/prometheus-community/helm-charts>
* <https://github.com/prometheus-operator/kube-prometheus>
## Requirements
Kubernetes: `>=1.16.0-0`
## Dependencies
| Repository | Name | Version |
|------------|------|---------|
| https://charts.bitnami.com/bitnami | kube-state-metrics | 2.1.19 |
| https://charts.bitnami.com/bitnami | node-exporter | 2.3.17 |
| https://truecharts.org | common | 8.9.24 |
## Installing the Chart
To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/03-Installing-an-App/).
## Uninstalling the Chart
To remove this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/07-Deleting-an-App/).
## Support
- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Open-Apps/) first.
- See the [Wiki](https://truecharts.org)
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
- Open a [issue](https://github.com/truecharts/apps/issues/new/choose)
---
All Rights Reserved - The TrueCharts Project

View File

@ -1,351 +0,0 @@
# Default Helm-Values
TrueCharts is primarily build to supply TrueNAS SCALE Apps.
However, we also supply all Apps as standard Helm-Charts. In this document we aim to document the default values in our values.yaml file.
Most of our Apps also consume our "common" Helm Chart.
If this is the case, this means that all values.yaml values are set to the common chart values.yaml by default. This values.yaml file will only contain values that deviate from the common chart.
You will, however, be able to use all values referenced in the common chart here, besides the values listed in this document.
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| alertmanager.additionalPeers | list | `[]` | |
| alertmanager.affinity | object | `{}` | |
| alertmanager.config.global.resolve_timeout | string | `"5m"` | |
| alertmanager.config.receivers[0].name | string | `"null"` | |
| alertmanager.config.route.group_by[0] | string | `"job"` | |
| alertmanager.config.route.group_interval | string | `"5m"` | |
| alertmanager.config.route.group_wait | string | `"30s"` | |
| alertmanager.config.route.receiver | string | `"null"` | |
| alertmanager.config.route.repeat_interval | string | `"12h"` | |
| alertmanager.config.route.routes[0].match.alertname | string | `"Watchdog"` | |
| alertmanager.config.route.routes[0].receiver | string | `"null"` | |
| alertmanager.configMaps | list | `[]` | |
| alertmanager.configNamespaceSelector | object | `{}` | |
| alertmanager.configSelector | object | `{}` | |
| alertmanager.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | |
| alertmanager.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| alertmanager.containerSecurityContext.enabled | bool | `true` | |
| alertmanager.containerSecurityContext.readOnlyRootFilesystem | bool | `false` | |
| alertmanager.containerSecurityContext.runAsNonRoot | bool | `true` | |
| alertmanager.containers | list | `[]` | |
| alertmanager.enabled | bool | `true` | |
| alertmanager.externalConfig | bool | `false` | |
| alertmanager.externalUrl | string | `""` | |
| alertmanager.listenLocal | bool | `false` | |
| alertmanager.livenessProbe.enabled | bool | `true` | |
| alertmanager.livenessProbe.failureThreshold | int | `120` | |
| alertmanager.livenessProbe.initialDelaySeconds | int | `0` | |
| alertmanager.livenessProbe.path | string | `"/-/healthy"` | |
| alertmanager.livenessProbe.periodSeconds | int | `5` | |
| alertmanager.livenessProbe.successThreshold | int | `1` | |
| alertmanager.livenessProbe.timeoutSeconds | int | `3` | |
| alertmanager.logFormat | string | `"logfmt"` | |
| alertmanager.logLevel | string | `"info"` | |
| alertmanager.nodeAffinityPreset.key | string | `""` | |
| alertmanager.nodeAffinityPreset.type | string | `""` | |
| alertmanager.nodeAffinityPreset.values | list | `[]` | |
| alertmanager.nodeSelector | object | `{}` | |
| alertmanager.paused | bool | `false` | |
| alertmanager.persistence.accessModes[0] | string | `"ReadWriteOnce"` | |
| alertmanager.persistence.enabled | bool | `true` | |
| alertmanager.persistence.size | string | `"999Gi"` | |
| alertmanager.persistence.storageClass | string | `""` | |
| alertmanager.podAffinityPreset | string | `""` | |
| alertmanager.podAntiAffinityPreset | string | `"soft"` | |
| alertmanager.podDisruptionBudget.enabled | bool | `false` | |
| alertmanager.podDisruptionBudget.maxUnavailable | string | `""` | |
| alertmanager.podDisruptionBudget.minAvailable | int | `1` | |
| alertmanager.podMetadata.annotations | object | `{}` | |
| alertmanager.podMetadata.labels | object | `{}` | |
| alertmanager.podSecurityContext.enabled | bool | `true` | |
| alertmanager.podSecurityContext.fsGroup | int | `1001` | |
| alertmanager.podSecurityContext.runAsUser | int | `1001` | |
| alertmanager.portName | string | `"alertmanager"` | |
| alertmanager.priorityClassName | string | `""` | |
| alertmanager.readinessProbe.enabled | bool | `true` | |
| alertmanager.readinessProbe.failureThreshold | int | `120` | |
| alertmanager.readinessProbe.initialDelaySeconds | int | `0` | |
| alertmanager.readinessProbe.path | string | `"/-/ready"` | |
| alertmanager.readinessProbe.periodSeconds | int | `5` | |
| alertmanager.readinessProbe.successThreshold | int | `1` | |
| alertmanager.readinessProbe.timeoutSeconds | int | `3` | |
| alertmanager.replicaCount | int | `1` | |
| alertmanager.resources | object | `{}` | |
| alertmanager.retention | string | `"240h"` | |
| alertmanager.routePrefix | string | `"/"` | |
| alertmanager.secrets | list | `[]` | |
| alertmanager.serviceAccount.create | bool | `true` | |
| alertmanager.serviceAccount.name | string | `""` | |
| alertmanager.serviceMonitor.enabled | bool | `true` | |
| alertmanager.serviceMonitor.interval | string | `""` | |
| alertmanager.serviceMonitor.metricRelabelings | list | `[]` | |
| alertmanager.serviceMonitor.relabelings | list | `[]` | |
| alertmanager.storageSpec | object | `{}` | |
| alertmanager.tolerations | list | `[]` | |
| alertmanager.volumeMounts | list | `[]` | |
| alertmanager.volumes | list | `[]` | |
| alertmanagerImage.repository | string | `"tccr.io/truecharts/alertmanager"` | |
| alertmanagerImage.tag | string | `"v0.23.0@sha256:a60e78b7c55a3a4f541e93471b521ee183bd299bd6a1631e300dc1ddda02f8f1"` | |
| coreDns.enabled | bool | `true` | |
| coreDns.namespace | string | `"kube-system"` | |
| coreDns.service.enabled | bool | `true` | |
| coreDns.service.port | int | `9153` | |
| coreDns.service.selector | object | `{}` | |
| coreDns.service.targetPort | int | `9153` | |
| coreDns.serviceMonitor.interval | string | `""` | |
| coreDns.serviceMonitor.metricRelabelings | list | `[]` | |
| coreDns.serviceMonitor.relabelings | list | `[]` | |
| envValueFrom.PROMETHEUS_CONFIG_RELOADER.configMapKeyRef.key | string | `"prometheus-config-reloader"` | |
| envValueFrom.PROMETHEUS_CONFIG_RELOADER.configMapKeyRef.name | string | `"prometheus-operator-config"` | |
| exporters.kube-state-metrics.enabled | bool | `true` | |
| exporters.node-exporter.enabled | bool | `true` | |
| global.labels | object | `{}` | |
| image.repository | string | `"tccr.io/truecharts/prometheus-operator"` | |
| image.tag | string | `"v0.53.0@sha256:9ac05caa5eb93938f51c58fe126454559157efd2be632e0350519079ae59e362"` | |
| ingress.alertmanager.enabled | bool | `false` | |
| ingress.main.enabled | bool | `false` | |
| ingress.thanos.enabled | bool | `false` | |
| kube-state-metrics.serviceMonitor.enabled | bool | `true` | |
| kube-state-metrics.serviceMonitor.honorLabels | bool | `true` | |
| kubeApiServer.enabled | bool | `true` | |
| kubeApiServer.serviceMonitor.interval | string | `""` | |
| kubeApiServer.serviceMonitor.metricRelabelings | list | `[]` | |
| kubeApiServer.serviceMonitor.relabelings | list | `[]` | |
| kubeControllerManager.enabled | bool | `false` | |
| kubeControllerManager.endpoints | list | `[]` | |
| kubeControllerManager.namespace | string | `"kube-system"` | |
| kubeControllerManager.service.enabled | bool | `true` | |
| kubeControllerManager.service.port | int | `10252` | |
| kubeControllerManager.service.selector | object | `{}` | |
| kubeControllerManager.service.targetPort | int | `10252` | |
| kubeControllerManager.serviceMonitor.https | bool | `false` | |
| kubeControllerManager.serviceMonitor.insecureSkipVerify | string | `""` | |
| kubeControllerManager.serviceMonitor.interval | string | `""` | |
| kubeControllerManager.serviceMonitor.metricRelabelings | list | `[]` | |
| kubeControllerManager.serviceMonitor.relabelings | list | `[]` | |
| kubeControllerManager.serviceMonitor.serverName | string | `""` | |
| kubeProxy.enabled | bool | `false` | |
| kubeScheduler.enabled | bool | `false` | |
| kubeScheduler.endpoints | list | `[]` | |
| kubeScheduler.namespace | string | `"kube-system"` | |
| kubeScheduler.service.enabled | bool | `true` | |
| kubeScheduler.service.port | int | `10251` | |
| kubeScheduler.service.selector | object | `{}` | |
| kubeScheduler.service.targetPort | int | `10251` | |
| kubeScheduler.serviceMonitor.https | bool | `false` | |
| kubeScheduler.serviceMonitor.insecureSkipVerify | string | `""` | |
| kubeScheduler.serviceMonitor.interval | string | `""` | |
| kubeScheduler.serviceMonitor.metricRelabelings | list | `[]` | |
| kubeScheduler.serviceMonitor.relabelings | list | `[]` | |
| kubeScheduler.serviceMonitor.serverName | string | `""` | |
| kubelet.enabled | bool | `true` | |
| kubelet.namespace | string | `"kube-system"` | |
| kubelet.serviceMonitor.cAdvisorMetricRelabelings | list | `[]` | |
| kubelet.serviceMonitor.cAdvisorRelabelings | list | `[]` | |
| kubelet.serviceMonitor.https | bool | `true` | |
| kubelet.serviceMonitor.interval | string | `""` | |
| kubelet.serviceMonitor.metricRelabelings | list | `[]` | |
| kubelet.serviceMonitor.relabelings | list | `[]` | |
| node-exporter.extraArgs."collector.filesystem.ignored-fs-types" | string | `"^(autofs|binfmt_misc|cgroup|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|mqueue|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|sysfs|tracefs)$"` | |
| node-exporter.extraArgs."collector.filesystem.ignored-mount-points" | string | `"^/(dev|proc|sys|var/lib/docker/.+)($|/)"` | |
| node-exporter.service.labels.jobLabel | string | `"node-exporter"` | |
| node-exporter.serviceMonitor.enabled | bool | `true` | |
| node-exporter.serviceMonitor.jobLabel | string | `"jobLabel"` | |
| operator.configReloaderResources | object | `{}` | |
| operator.enabled | bool | `true` | |
| operator.kubeletService.enabled | bool | `true` | |
| operator.kubeletService.namespace | string | `"kube-system"` | |
| operator.logFormat | string | `"logfmt"` | |
| operator.logLevel | string | `"info"` | |
| operator.prometheusConfigReloader.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | |
| operator.prometheusConfigReloader.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| operator.prometheusConfigReloader.containerSecurityContext.enabled | bool | `true` | |
| operator.prometheusConfigReloader.containerSecurityContext.readOnlyRootFilesystem | bool | `false` | |
| operator.prometheusConfigReloader.containerSecurityContext.runAsNonRoot | bool | `true` | |
| operator.prometheusConfigReloader.livenessProbe.enabled | bool | `true` | |
| operator.prometheusConfigReloader.livenessProbe.failureThreshold | int | `6` | |
| operator.prometheusConfigReloader.livenessProbe.initialDelaySeconds | int | `10` | |
| operator.prometheusConfigReloader.livenessProbe.periodSeconds | int | `10` | |
| operator.prometheusConfigReloader.livenessProbe.successThreshold | int | `1` | |
| operator.prometheusConfigReloader.livenessProbe.timeoutSeconds | int | `5` | |
| operator.prometheusConfigReloader.readinessProbe.enabled | bool | `true` | |
| operator.prometheusConfigReloader.readinessProbe.failureThreshold | int | `6` | |
| operator.prometheusConfigReloader.readinessProbe.initialDelaySeconds | int | `15` | |
| operator.prometheusConfigReloader.readinessProbe.periodSeconds | int | `20` | |
| operator.prometheusConfigReloader.readinessProbe.successThreshold | int | `1` | |
| operator.prometheusConfigReloader.readinessProbe.timeoutSeconds | int | `5` | |
| operator.serviceMonitor.enabled | bool | `true` | |
| operator.serviceMonitor.interval | string | `""` | |
| operator.serviceMonitor.metricRelabelings | list | `[]` | |
| operator.serviceMonitor.relabelings | list | `[]` | |
| probes.liveness | object | See below | Liveness probe configuration |
| probes.readiness | object | See below | Redainess probe configuration |
| probes.startup | object | See below | Startup probe configuration |
| prometheus.additionalAlertRelabelConfigsExternal.enabled | bool | `false` | |
| prometheus.additionalAlertRelabelConfigsExternal.key | string | `""` | |
| prometheus.additionalAlertRelabelConfigsExternal.name | string | `""` | |
| prometheus.additionalPrometheusRules | list | `[]` | |
| prometheus.additionalScrapeConfigs.enabled | bool | `false` | |
| prometheus.additionalScrapeConfigs.external.key | string | `""` | |
| prometheus.additionalScrapeConfigs.external.name | string | `""` | |
| prometheus.additionalScrapeConfigs.internal.jobList | list | `[]` | |
| prometheus.additionalScrapeConfigs.type | string | `"external"` | |
| prometheus.additionalScrapeConfigsExternal.enabled | bool | `false` | |
| prometheus.additionalScrapeConfigsExternal.key | string | `""` | |
| prometheus.additionalScrapeConfigsExternal.name | string | `""` | |
| prometheus.affinity | object | `{}` | |
| prometheus.alertingEndpoints | list | `[]` | |
| prometheus.configMaps | list | `[]` | |
| prometheus.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | |
| prometheus.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| prometheus.containerSecurityContext.enabled | bool | `true` | |
| prometheus.containerSecurityContext.readOnlyRootFilesystem | bool | `false` | |
| prometheus.containerSecurityContext.runAsNonRoot | bool | `true` | |
| prometheus.containers | list | `[]` | |
| prometheus.disableCompaction | bool | `false` | |
| prometheus.enableAdminAPI | bool | `false` | |
| prometheus.enableFeatures | list | `[]` | |
| prometheus.enabled | bool | `true` | |
| prometheus.evaluationInterval | string | `""` | |
| prometheus.externalLabels | object | `{}` | |
| prometheus.externalUrl | string | `""` | |
| prometheus.listenLocal | bool | `false` | |
| prometheus.livenessProbe.enabled | bool | `true` | |
| prometheus.livenessProbe.failureThreshold | int | `10` | |
| prometheus.livenessProbe.initialDelaySeconds | int | `0` | |
| prometheus.livenessProbe.path | string | `"/-/healthy"` | |
| prometheus.livenessProbe.periodSeconds | int | `10` | |
| prometheus.livenessProbe.successThreshold | int | `1` | |
| prometheus.livenessProbe.timeoutSeconds | int | `3` | |
| prometheus.logFormat | string | `"logfmt"` | |
| prometheus.logLevel | string | `"info"` | |
| prometheus.matchLabels | object | `{}` | |
| prometheus.nodeAffinityPreset.key | string | `""` | |
| prometheus.nodeAffinityPreset.type | string | `""` | |
| prometheus.nodeAffinityPreset.values | list | `[]` | |
| prometheus.nodeSelector | object | `{}` | |
| prometheus.paused | bool | `false` | |
| prometheus.persistence.accessModes[0] | string | `"ReadWriteOnce"` | |
| prometheus.persistence.enabled | bool | `true` | |
| prometheus.persistence.size | string | `"999Gi"` | |
| prometheus.persistence.storageClass | string | `""` | |
| prometheus.podAffinityPreset | string | `""` | |
| prometheus.podAntiAffinityPreset | string | `"soft"` | |
| prometheus.podMetadata.annotations | object | `{}` | |
| prometheus.podMetadata.labels | object | `{}` | |
| prometheus.podMonitorNamespaceSelector | object | `{}` | |
| prometheus.podMonitorSelector | object | `{}` | |
| prometheus.podSecurityContext.enabled | bool | `true` | |
| prometheus.podSecurityContext.fsGroup | int | `1001` | |
| prometheus.podSecurityContext.runAsUser | int | `1001` | |
| prometheus.portName | string | `"main"` | |
| prometheus.priorityClassName | string | `""` | |
| prometheus.probeNamespaceSelector | object | `{}` | |
| prometheus.probeSelector | object | `{}` | |
| prometheus.prometheusExternalLabelName | string | `""` | |
| prometheus.prometheusExternalLabelNameClear | bool | `false` | |
| prometheus.querySpec | object | `{}` | |
| prometheus.readinessProbe.enabled | bool | `true` | |
| prometheus.readinessProbe.failureThreshold | int | `10` | |
| prometheus.readinessProbe.initialDelaySeconds | int | `0` | |
| prometheus.readinessProbe.path | string | `"/-/ready"` | |
| prometheus.readinessProbe.periodSeconds | int | `10` | |
| prometheus.readinessProbe.successThreshold | int | `1` | |
| prometheus.readinessProbe.timeoutSeconds | int | `3` | |
| prometheus.remoteRead | list | `[]` | |
| prometheus.remoteWrite | list | `[]` | |
| prometheus.replicaCount | int | `1` | |
| prometheus.replicaExternalLabelName | string | `""` | |
| prometheus.replicaExternalLabelNameClear | bool | `false` | |
| prometheus.resources | object | `{}` | |
| prometheus.retention | string | `"31d"` | |
| prometheus.retentionSize | string | `""` | |
| prometheus.routePrefix | string | `"/"` | |
| prometheus.ruleNamespaceSelector | object | `{}` | |
| prometheus.ruleSelector | object | `{}` | |
| prometheus.scrapeInterval | string | `""` | |
| prometheus.secrets | list | `[]` | |
| prometheus.serviceAccount.annotations | object | `{}` | |
| prometheus.serviceAccount.create | bool | `true` | |
| prometheus.serviceAccount.name | string | `""` | |
| prometheus.serviceMonitor.enabled | bool | `true` | |
| prometheus.serviceMonitor.interval | string | `""` | |
| prometheus.serviceMonitor.metricRelabelings | list | `[]` | |
| prometheus.serviceMonitor.relabelings | list | `[]` | |
| prometheus.serviceMonitorNamespaceSelector | object | `{}` | |
| prometheus.serviceMonitorSelector | object | `{}` | |
| prometheus.storageSpec | object | `{}` | |
| prometheus.thanos.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | |
| prometheus.thanos.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| prometheus.thanos.containerSecurityContext.enabled | bool | `true` | |
| prometheus.thanos.containerSecurityContext.readOnlyRootFilesystem | bool | `false` | |
| prometheus.thanos.containerSecurityContext.runAsNonRoot | bool | `true` | |
| prometheus.thanos.create | bool | `false` | |
| prometheus.thanos.extraArgs | list | `[]` | |
| prometheus.thanos.extraVolumeMounts | list | `[]` | |
| prometheus.thanos.livenessProbe.enabled | bool | `true` | |
| prometheus.thanos.livenessProbe.failureThreshold | int | `120` | |
| prometheus.thanos.livenessProbe.initialDelaySeconds | int | `0` | |
| prometheus.thanos.livenessProbe.path | string | `"/-/healthy"` | |
| prometheus.thanos.livenessProbe.periodSeconds | int | `5` | |
| prometheus.thanos.livenessProbe.successThreshold | int | `1` | |
| prometheus.thanos.livenessProbe.timeoutSeconds | int | `3` | |
| prometheus.thanos.objectStorageConfig | object | `{}` | |
| prometheus.thanos.prometheusUrl | string | `""` | |
| prometheus.thanos.readinessProbe.enabled | bool | `true` | |
| prometheus.thanos.readinessProbe.failureThreshold | int | `120` | |
| prometheus.thanos.readinessProbe.initialDelaySeconds | int | `0` | |
| prometheus.thanos.readinessProbe.path | string | `"/-/ready"` | |
| prometheus.thanos.readinessProbe.periodSeconds | int | `5` | |
| prometheus.thanos.readinessProbe.successThreshold | int | `1` | |
| prometheus.thanos.readinessProbe.timeoutSeconds | int | `3` | |
| prometheus.thanos.resources.limits | object | `{}` | |
| prometheus.thanos.resources.requests | object | `{}` | |
| prometheus.thanos.service.annotations | object | `{}` | |
| prometheus.thanos.service.clusterIP | string | `"None"` | |
| prometheus.thanos.service.extraPorts | list | `[]` | |
| prometheus.thanos.service.loadBalancerIP | string | `""` | |
| prometheus.thanos.service.loadBalancerSourceRanges | list | `[]` | |
| prometheus.thanos.service.nodePort | string | `""` | |
| prometheus.thanos.service.port | int | `10901` | |
| prometheus.thanos.service.type | string | `"ClusterIP"` | |
| prometheus.tolerations | list | `[]` | |
| prometheus.volumeMounts | list | `[]` | |
| prometheus.volumes | list | `[]` | |
| prometheus.walCompression | bool | `false` | |
| prometheusImage.repository | string | `"tccr.io/truecharts/prometheus"` | |
| prometheusImage.tag | string | `"v2.32.1@sha256:98e8a2e885ae6b8b9625fc0c987d30b5040ce921f46af2f7ba70c2edb42b4eee"` | |
| rbac | object | `{"enabled":true,"rules":[{"apiGroups":["apiextensions.k8s.io"],"resources":["customresourcedefinitions"],"verbs":["create"]},{"apiGroups":["apiextensions.k8s.io"],"resourceNames":["alertmanagers.monitoring.coreos.com","podmonitors.monitoring.coreos.com","prometheuses.monitoring.coreos.com","prometheusrules.monitoring.coreos.com","servicemonitors.monitoring.coreos.com","thanosrulers.monitoring.coreos.com","probes.monitoring.coreos.com"],"resources":["customresourcedefinitions"],"verbs":["get","update"]},{"apiGroups":["monitoring.coreos.com"],"resources":["alertmanagers","alertmanagers/finalizers","alertmanagerconfigs","prometheuses","prometheuses/finalizers","thanosrulers","thanosrulers/finalizers","servicemonitors","podmonitors","probes","prometheusrules"],"verbs":["*"]},{"apiGroups":["apps"],"resources":["statefulsets"],"verbs":["*"]},{"apiGroups":[""],"resources":["configmaps","secrets"],"verbs":["*"]},{"apiGroups":[""],"resources":["pods"],"verbs":["list","delete"]},{"apiGroups":[""],"resources":["services","services/finalizers","endpoints"],"verbs":["get","create","update","delete"]},{"apiGroups":[""],"resources":["nodes"],"verbs":["list","watch"]},{"apiGroups":[""],"resources":["namespaces"],"verbs":["get","list","watch"]},{"apiGroups":["networking.k8s.io"],"resources":["ingresses"],"verbs":["get","list","watch"]}]}` | Whether Role Based Access Control objects like roles and rolebindings should be created |
| securityContext.readOnlyRootFilesystem | bool | `false` | |
| service.alertmanager.enabled | bool | `true` | |
| service.alertmanager.ports.alertmanager.enabled | bool | `true` | |
| service.alertmanager.ports.alertmanager.port | int | `10087` | |
| service.alertmanager.ports.alertmanager.protocol | string | `"HTTP"` | |
| service.alertmanager.ports.alertmanager.targetPort | int | `9093` | |
| service.alertmanager.selector."app.kubernetes.io/name" | string | `"alertmanager"` | |
| service.alertmanager.selector.alertmanager | string | `"{{ template \"kube-prometheus.alertmanager.fullname\" . }}"` | |
| service.main.ports.main.port | int | `10086` | |
| service.main.ports.main.protocol | string | `"HTTP"` | |
| service.main.ports.main.targetPort | int | `9090` | |
| service.main.selector."app.kubernetes.io/name" | string | `"prometheus"` | |
| service.main.selector.prometheus | string | `"{{ template \"kube-prometheus.prometheus.fullname\" . }}"` | |
| service.promop.enabled | bool | `true` | |
| service.promop.ports.promop.enabled | bool | `true` | |
| service.promop.ports.promop.port | int | `10089` | |
| service.promop.ports.promop.protocol | string | `"HTTP"` | |
| service.promop.ports.promop.targetPort | int | `8080` | |
| service.thanos.enabled | bool | `true` | |
| service.thanos.ports.thanos.enabled | bool | `true` | |
| service.thanos.ports.thanos.port | int | `10901` | |
| service.thanos.ports.thanos.protocol | string | `"HTTP"` | |
| service.thanos.ports.thanos.targetPort | int | `10901` | |
| service.thanos.selector."app.kubernetes.io/name" | string | `"prometheus"` | |
| service.thanos.selector.prometheus | string | `"{{ template \"kube-prometheus.prometheus.fullname\" . }}"` | |
| serviceAccount | object | `{"create":true}` | The service account the pods will use to interact with the Kubernetes API |
| thanosImage.repository | string | `"tccr.io/truecharts/thanos"` | |
| thanosImage.tag | string | `"v0.23.1@sha256:2659f897b8277b69d15c7263fc09266a65bd8ba9852bd72436784ad3c9222a53"` | |
All Rights Reserved - The TrueCharts Project

File diff suppressed because it is too large Load Diff

File diff suppressed because one or more lines are too long

View File

@ -0,0 +1,99 @@
# Changelog<br>
<a name="prometheus-1.1.27"></a>
### [prometheus-1.1.27](https://github.com/truecharts/apps/compare/prometheus-1.1.26...prometheus-1.1.27) (2021-12-21)
#### Chore
* update helm general non-major helm releases ([#1596](https://github.com/truecharts/apps/issues/1596))
* update docker general non-major ([#1595](https://github.com/truecharts/apps/issues/1595))
<a name="prometheus-1.1.26"></a>
### [prometheus-1.1.26](https://github.com/truecharts/apps/compare/prometheus-1.1.25...prometheus-1.1.26) (2021-12-20)
#### Chore
* update docker general non-major ([#1589](https://github.com/truecharts/apps/issues/1589))
<a name="prometheus-1.1.25"></a>
### [prometheus-1.1.25](https://github.com/truecharts/apps/compare/prometheus-1.1.24...prometheus-1.1.25) (2021-12-20)
#### Chore
* update docker general non-major ([#1585](https://github.com/truecharts/apps/issues/1585))
<a name="prometheus-1.1.24"></a>
### [prometheus-1.1.24](https://github.com/truecharts/apps/compare/prometheus-1.1.23...prometheus-1.1.24) (2021-12-20)
#### Chore
* update docker general non-major ([#1581](https://github.com/truecharts/apps/issues/1581))
<a name="prometheus-1.1.23"></a>
### [prometheus-1.1.23](https://github.com/truecharts/apps/compare/prometheus-1.1.22...prometheus-1.1.23) (2021-12-19)
#### Chore
* Last patch bump before RC2 branch-off
<a name="prometheus-1.1.22"></a>
### [prometheus-1.1.22](https://github.com/truecharts/apps/compare/prometheus-1.1.21...prometheus-1.1.22) (2021-12-19)
#### Chore
* update helm general non-major helm releases ([#1571](https://github.com/truecharts/apps/issues/1571))
<a name="prometheus-1.1.21"></a>
### [prometheus-1.1.21](https://github.com/truecharts/apps/compare/uptimerobot-prometheus-2.0.4...prometheus-1.1.21) (2021-12-19)
#### Chore
* update docker general non-major ([#1567](https://github.com/truecharts/apps/issues/1567))
<a name="prometheus-1.1.20"></a>
### [prometheus-1.1.20](https://github.com/truecharts/apps/compare/prometheus-1.1.19...prometheus-1.1.20) (2021-12-14)
#### Chore
* update helm general non-major helm releases ([#1535](https://github.com/truecharts/apps/issues/1535))
<a name="prometheus-1.1.19"></a>
### [prometheus-1.1.19](https://github.com/truecharts/apps/compare/prometheus-1.1.18...prometheus-1.1.19) (2021-12-13)
#### Chore
* update docker general non-major ([#1531](https://github.com/truecharts/apps/issues/1531))
<a name="prometheus-1.1.18"></a>
### [prometheus-1.1.18](https://github.com/truecharts/apps/compare/prometheus-1.1.17...prometheus-1.1.18) (2021-12-13)
#### Chore
* move incubator apps to stable and bump everything
<a name="prometheus-1.1.17"></a>
### [prometheus-1.1.17](https://github.com/truecharts/apps/compare/prometheus-1.1.16...prometheus-1.1.17) (2021-12-13)
#### Chore

View File

@ -0,0 +1,12 @@
dependencies:
- name: common
repository: https://truecharts.org
version: 8.9.25
- name: node-exporter
repository: https://charts.bitnami.com/bitnami
version: 2.3.17
- name: kube-state-metrics
repository: https://charts.bitnami.com/bitnami
version: 2.1.19
digest: sha256:25d6fe25ffff90dad57305f1e97f593bb1c88cd0b396c096a9edbb70f5829028
generated: "2021-12-21T18:08:50.00415125Z"

View File

@ -0,0 +1,36 @@
apiVersion: v2
appVersion: "0.53.0"
dependencies:
- name: common
repository: https://truecharts.org
version: 8.9.25
- condition: exporters.enabled,exporters.node-exporter.enabled
name: node-exporter
repository: https://charts.bitnami.com/bitnami
version: 2.3.17
- condition: exporters.enabled,exporters.kube-state-metrics.enabled
name: kube-state-metrics
repository: https://charts.bitnami.com/bitnami
version: 2.1.19
deprecated: false
description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator.
icon: https://truecharts.org/_static/img/appicons/prometheus-icon.png
home: https://github.com/truecharts/apps/tree/master/charts/stable/prometheus
keywords:
- metrics
kubeVersion: '>=1.16.0-0'
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: prometheus
sources:
- https://github.com/prometheus-community/helm-charts
- https://github.com/prometheus-operator/kube-prometheus
type: application
version: 1.1.27
annotations:
truecharts.org/catagories: |
- metrics
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U

View File

@ -0,0 +1,40 @@
# Introduction
kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator.
TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation.
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)**
## Source Code
* <https://github.com/prometheus-community/helm-charts>
* <https://github.com/prometheus-operator/kube-prometheus>
## Requirements
Kubernetes: `>=1.16.0-0`
## Dependencies
| Repository | Name | Version |
|------------|------|---------|
| https://charts.bitnami.com/bitnami | kube-state-metrics | 2.1.19 |
| https://charts.bitnami.com/bitnami | node-exporter | 2.3.17 |
| https://truecharts.org | common | 8.9.25 |
## Installing the Chart
To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/03-Installing-an-App/).
## Uninstalling the Chart
To remove this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/07-Deleting-an-App/).
## Support
- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Open-Apps/) first.
- See the [Wiki](https://truecharts.org)
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
- Open a [issue](https://github.com/truecharts/apps/issues/new/choose)
---
All Rights Reserved - The TrueCharts Project

Binary file not shown.

View File

@ -0,0 +1,351 @@
# Default Helm-Values
TrueCharts is primarily build to supply TrueNAS SCALE Apps.
However, we also supply all Apps as standard Helm-Charts. In this document we aim to document the default values in our values.yaml file.
Most of our Apps also consume our "common" Helm Chart.
If this is the case, this means that all values.yaml values are set to the common chart values.yaml by default. This values.yaml file will only contain values that deviate from the common chart.
You will, however, be able to use all values referenced in the common chart here, besides the values listed in this document.
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| alertmanager.additionalPeers | list | `[]` | |
| alertmanager.affinity | object | `{}` | |
| alertmanager.config.global.resolve_timeout | string | `"5m"` | |
| alertmanager.config.receivers[0].name | string | `"null"` | |
| alertmanager.config.route.group_by[0] | string | `"job"` | |
| alertmanager.config.route.group_interval | string | `"5m"` | |
| alertmanager.config.route.group_wait | string | `"30s"` | |
| alertmanager.config.route.receiver | string | `"null"` | |
| alertmanager.config.route.repeat_interval | string | `"12h"` | |
| alertmanager.config.route.routes[0].match.alertname | string | `"Watchdog"` | |
| alertmanager.config.route.routes[0].receiver | string | `"null"` | |
| alertmanager.configMaps | list | `[]` | |
| alertmanager.configNamespaceSelector | object | `{}` | |
| alertmanager.configSelector | object | `{}` | |
| alertmanager.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | |
| alertmanager.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| alertmanager.containerSecurityContext.enabled | bool | `true` | |
| alertmanager.containerSecurityContext.readOnlyRootFilesystem | bool | `false` | |
| alertmanager.containerSecurityContext.runAsNonRoot | bool | `true` | |
| alertmanager.containers | list | `[]` | |
| alertmanager.enabled | bool | `true` | |
| alertmanager.externalConfig | bool | `false` | |
| alertmanager.externalUrl | string | `""` | |
| alertmanager.listenLocal | bool | `false` | |
| alertmanager.livenessProbe.enabled | bool | `true` | |
| alertmanager.livenessProbe.failureThreshold | int | `120` | |
| alertmanager.livenessProbe.initialDelaySeconds | int | `0` | |
| alertmanager.livenessProbe.path | string | `"/-/healthy"` | |
| alertmanager.livenessProbe.periodSeconds | int | `5` | |
| alertmanager.livenessProbe.successThreshold | int | `1` | |
| alertmanager.livenessProbe.timeoutSeconds | int | `3` | |
| alertmanager.logFormat | string | `"logfmt"` | |
| alertmanager.logLevel | string | `"info"` | |
| alertmanager.nodeAffinityPreset.key | string | `""` | |
| alertmanager.nodeAffinityPreset.type | string | `""` | |
| alertmanager.nodeAffinityPreset.values | list | `[]` | |
| alertmanager.nodeSelector | object | `{}` | |
| alertmanager.paused | bool | `false` | |
| alertmanager.persistence.accessModes[0] | string | `"ReadWriteOnce"` | |
| alertmanager.persistence.enabled | bool | `true` | |
| alertmanager.persistence.size | string | `"999Gi"` | |
| alertmanager.persistence.storageClass | string | `""` | |
| alertmanager.podAffinityPreset | string | `""` | |
| alertmanager.podAntiAffinityPreset | string | `"soft"` | |
| alertmanager.podDisruptionBudget.enabled | bool | `false` | |
| alertmanager.podDisruptionBudget.maxUnavailable | string | `""` | |
| alertmanager.podDisruptionBudget.minAvailable | int | `1` | |
| alertmanager.podMetadata.annotations | object | `{}` | |
| alertmanager.podMetadata.labels | object | `{}` | |
| alertmanager.podSecurityContext.enabled | bool | `true` | |
| alertmanager.podSecurityContext.fsGroup | int | `1001` | |
| alertmanager.podSecurityContext.runAsUser | int | `1001` | |
| alertmanager.portName | string | `"alertmanager"` | |
| alertmanager.priorityClassName | string | `""` | |
| alertmanager.readinessProbe.enabled | bool | `true` | |
| alertmanager.readinessProbe.failureThreshold | int | `120` | |
| alertmanager.readinessProbe.initialDelaySeconds | int | `0` | |
| alertmanager.readinessProbe.path | string | `"/-/ready"` | |
| alertmanager.readinessProbe.periodSeconds | int | `5` | |
| alertmanager.readinessProbe.successThreshold | int | `1` | |
| alertmanager.readinessProbe.timeoutSeconds | int | `3` | |
| alertmanager.replicaCount | int | `1` | |
| alertmanager.resources | object | `{}` | |
| alertmanager.retention | string | `"240h"` | |
| alertmanager.routePrefix | string | `"/"` | |
| alertmanager.secrets | list | `[]` | |
| alertmanager.serviceAccount.create | bool | `true` | |
| alertmanager.serviceAccount.name | string | `""` | |
| alertmanager.serviceMonitor.enabled | bool | `true` | |
| alertmanager.serviceMonitor.interval | string | `""` | |
| alertmanager.serviceMonitor.metricRelabelings | list | `[]` | |
| alertmanager.serviceMonitor.relabelings | list | `[]` | |
| alertmanager.storageSpec | object | `{}` | |
| alertmanager.tolerations | list | `[]` | |
| alertmanager.volumeMounts | list | `[]` | |
| alertmanager.volumes | list | `[]` | |
| alertmanagerImage.repository | string | `"tccr.io/truecharts/alertmanager"` | |
| alertmanagerImage.tag | string | `"v0.23.0@sha256:a367a332ed5ca80f49219f3b53680cac1b866b80cad39c2d1b003f8068536cf8"` | |
| coreDns.enabled | bool | `true` | |
| coreDns.namespace | string | `"kube-system"` | |
| coreDns.service.enabled | bool | `true` | |
| coreDns.service.port | int | `9153` | |
| coreDns.service.selector | object | `{}` | |
| coreDns.service.targetPort | int | `9153` | |
| coreDns.serviceMonitor.interval | string | `""` | |
| coreDns.serviceMonitor.metricRelabelings | list | `[]` | |
| coreDns.serviceMonitor.relabelings | list | `[]` | |
| envValueFrom.PROMETHEUS_CONFIG_RELOADER.configMapKeyRef.key | string | `"prometheus-config-reloader"` | |
| envValueFrom.PROMETHEUS_CONFIG_RELOADER.configMapKeyRef.name | string | `"prometheus-operator-config"` | |
| exporters.kube-state-metrics.enabled | bool | `true` | |
| exporters.node-exporter.enabled | bool | `true` | |
| global.labels | object | `{}` | |
| image.repository | string | `"tccr.io/truecharts/prometheus-operator"` | |
| image.tag | string | `"v0.53.0@sha256:9ac05caa5eb93938f51c58fe126454559157efd2be632e0350519079ae59e362"` | |
| ingress.alertmanager.enabled | bool | `false` | |
| ingress.main.enabled | bool | `false` | |
| ingress.thanos.enabled | bool | `false` | |
| kube-state-metrics.serviceMonitor.enabled | bool | `true` | |
| kube-state-metrics.serviceMonitor.honorLabels | bool | `true` | |
| kubeApiServer.enabled | bool | `true` | |
| kubeApiServer.serviceMonitor.interval | string | `""` | |
| kubeApiServer.serviceMonitor.metricRelabelings | list | `[]` | |
| kubeApiServer.serviceMonitor.relabelings | list | `[]` | |
| kubeControllerManager.enabled | bool | `false` | |
| kubeControllerManager.endpoints | list | `[]` | |
| kubeControllerManager.namespace | string | `"kube-system"` | |
| kubeControllerManager.service.enabled | bool | `true` | |
| kubeControllerManager.service.port | int | `10252` | |
| kubeControllerManager.service.selector | object | `{}` | |
| kubeControllerManager.service.targetPort | int | `10252` | |
| kubeControllerManager.serviceMonitor.https | bool | `false` | |
| kubeControllerManager.serviceMonitor.insecureSkipVerify | string | `""` | |
| kubeControllerManager.serviceMonitor.interval | string | `""` | |
| kubeControllerManager.serviceMonitor.metricRelabelings | list | `[]` | |
| kubeControllerManager.serviceMonitor.relabelings | list | `[]` | |
| kubeControllerManager.serviceMonitor.serverName | string | `""` | |
| kubeProxy.enabled | bool | `false` | |
| kubeScheduler.enabled | bool | `false` | |
| kubeScheduler.endpoints | list | `[]` | |
| kubeScheduler.namespace | string | `"kube-system"` | |
| kubeScheduler.service.enabled | bool | `true` | |
| kubeScheduler.service.port | int | `10251` | |
| kubeScheduler.service.selector | object | `{}` | |
| kubeScheduler.service.targetPort | int | `10251` | |
| kubeScheduler.serviceMonitor.https | bool | `false` | |
| kubeScheduler.serviceMonitor.insecureSkipVerify | string | `""` | |
| kubeScheduler.serviceMonitor.interval | string | `""` | |
| kubeScheduler.serviceMonitor.metricRelabelings | list | `[]` | |
| kubeScheduler.serviceMonitor.relabelings | list | `[]` | |
| kubeScheduler.serviceMonitor.serverName | string | `""` | |
| kubelet.enabled | bool | `true` | |
| kubelet.namespace | string | `"kube-system"` | |
| kubelet.serviceMonitor.cAdvisorMetricRelabelings | list | `[]` | |
| kubelet.serviceMonitor.cAdvisorRelabelings | list | `[]` | |
| kubelet.serviceMonitor.https | bool | `true` | |
| kubelet.serviceMonitor.interval | string | `""` | |
| kubelet.serviceMonitor.metricRelabelings | list | `[]` | |
| kubelet.serviceMonitor.relabelings | list | `[]` | |
| node-exporter.extraArgs."collector.filesystem.ignored-fs-types" | string | `"^(autofs|binfmt_misc|cgroup|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|mqueue|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|sysfs|tracefs)$"` | |
| node-exporter.extraArgs."collector.filesystem.ignored-mount-points" | string | `"^/(dev|proc|sys|var/lib/docker/.+)($|/)"` | |
| node-exporter.service.labels.jobLabel | string | `"node-exporter"` | |
| node-exporter.serviceMonitor.enabled | bool | `true` | |
| node-exporter.serviceMonitor.jobLabel | string | `"jobLabel"` | |
| operator.configReloaderResources | object | `{}` | |
| operator.enabled | bool | `true` | |
| operator.kubeletService.enabled | bool | `true` | |
| operator.kubeletService.namespace | string | `"kube-system"` | |
| operator.logFormat | string | `"logfmt"` | |
| operator.logLevel | string | `"info"` | |
| operator.prometheusConfigReloader.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | |
| operator.prometheusConfigReloader.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| operator.prometheusConfigReloader.containerSecurityContext.enabled | bool | `true` | |
| operator.prometheusConfigReloader.containerSecurityContext.readOnlyRootFilesystem | bool | `false` | |
| operator.prometheusConfigReloader.containerSecurityContext.runAsNonRoot | bool | `true` | |
| operator.prometheusConfigReloader.livenessProbe.enabled | bool | `true` | |
| operator.prometheusConfigReloader.livenessProbe.failureThreshold | int | `6` | |
| operator.prometheusConfigReloader.livenessProbe.initialDelaySeconds | int | `10` | |
| operator.prometheusConfigReloader.livenessProbe.periodSeconds | int | `10` | |
| operator.prometheusConfigReloader.livenessProbe.successThreshold | int | `1` | |
| operator.prometheusConfigReloader.livenessProbe.timeoutSeconds | int | `5` | |
| operator.prometheusConfigReloader.readinessProbe.enabled | bool | `true` | |
| operator.prometheusConfigReloader.readinessProbe.failureThreshold | int | `6` | |
| operator.prometheusConfigReloader.readinessProbe.initialDelaySeconds | int | `15` | |
| operator.prometheusConfigReloader.readinessProbe.periodSeconds | int | `20` | |
| operator.prometheusConfigReloader.readinessProbe.successThreshold | int | `1` | |
| operator.prometheusConfigReloader.readinessProbe.timeoutSeconds | int | `5` | |
| operator.serviceMonitor.enabled | bool | `true` | |
| operator.serviceMonitor.interval | string | `""` | |
| operator.serviceMonitor.metricRelabelings | list | `[]` | |
| operator.serviceMonitor.relabelings | list | `[]` | |
| probes.liveness | object | See below | Liveness probe configuration |
| probes.readiness | object | See below | Redainess probe configuration |
| probes.startup | object | See below | Startup probe configuration |
| prometheus.additionalAlertRelabelConfigsExternal.enabled | bool | `false` | |
| prometheus.additionalAlertRelabelConfigsExternal.key | string | `""` | |
| prometheus.additionalAlertRelabelConfigsExternal.name | string | `""` | |
| prometheus.additionalPrometheusRules | list | `[]` | |
| prometheus.additionalScrapeConfigs.enabled | bool | `false` | |
| prometheus.additionalScrapeConfigs.external.key | string | `""` | |
| prometheus.additionalScrapeConfigs.external.name | string | `""` | |
| prometheus.additionalScrapeConfigs.internal.jobList | list | `[]` | |
| prometheus.additionalScrapeConfigs.type | string | `"external"` | |
| prometheus.additionalScrapeConfigsExternal.enabled | bool | `false` | |
| prometheus.additionalScrapeConfigsExternal.key | string | `""` | |
| prometheus.additionalScrapeConfigsExternal.name | string | `""` | |
| prometheus.affinity | object | `{}` | |
| prometheus.alertingEndpoints | list | `[]` | |
| prometheus.configMaps | list | `[]` | |
| prometheus.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | |
| prometheus.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| prometheus.containerSecurityContext.enabled | bool | `true` | |
| prometheus.containerSecurityContext.readOnlyRootFilesystem | bool | `false` | |
| prometheus.containerSecurityContext.runAsNonRoot | bool | `true` | |
| prometheus.containers | list | `[]` | |
| prometheus.disableCompaction | bool | `false` | |
| prometheus.enableAdminAPI | bool | `false` | |
| prometheus.enableFeatures | list | `[]` | |
| prometheus.enabled | bool | `true` | |
| prometheus.evaluationInterval | string | `""` | |
| prometheus.externalLabels | object | `{}` | |
| prometheus.externalUrl | string | `""` | |
| prometheus.listenLocal | bool | `false` | |
| prometheus.livenessProbe.enabled | bool | `true` | |
| prometheus.livenessProbe.failureThreshold | int | `10` | |
| prometheus.livenessProbe.initialDelaySeconds | int | `0` | |
| prometheus.livenessProbe.path | string | `"/-/healthy"` | |
| prometheus.livenessProbe.periodSeconds | int | `10` | |
| prometheus.livenessProbe.successThreshold | int | `1` | |
| prometheus.livenessProbe.timeoutSeconds | int | `3` | |
| prometheus.logFormat | string | `"logfmt"` | |
| prometheus.logLevel | string | `"info"` | |
| prometheus.matchLabels | object | `{}` | |
| prometheus.nodeAffinityPreset.key | string | `""` | |
| prometheus.nodeAffinityPreset.type | string | `""` | |
| prometheus.nodeAffinityPreset.values | list | `[]` | |
| prometheus.nodeSelector | object | `{}` | |
| prometheus.paused | bool | `false` | |
| prometheus.persistence.accessModes[0] | string | `"ReadWriteOnce"` | |
| prometheus.persistence.enabled | bool | `true` | |
| prometheus.persistence.size | string | `"999Gi"` | |
| prometheus.persistence.storageClass | string | `""` | |
| prometheus.podAffinityPreset | string | `""` | |
| prometheus.podAntiAffinityPreset | string | `"soft"` | |
| prometheus.podMetadata.annotations | object | `{}` | |
| prometheus.podMetadata.labels | object | `{}` | |
| prometheus.podMonitorNamespaceSelector | object | `{}` | |
| prometheus.podMonitorSelector | object | `{}` | |
| prometheus.podSecurityContext.enabled | bool | `true` | |
| prometheus.podSecurityContext.fsGroup | int | `1001` | |
| prometheus.podSecurityContext.runAsUser | int | `1001` | |
| prometheus.portName | string | `"main"` | |
| prometheus.priorityClassName | string | `""` | |
| prometheus.probeNamespaceSelector | object | `{}` | |
| prometheus.probeSelector | object | `{}` | |
| prometheus.prometheusExternalLabelName | string | `""` | |
| prometheus.prometheusExternalLabelNameClear | bool | `false` | |
| prometheus.querySpec | object | `{}` | |
| prometheus.readinessProbe.enabled | bool | `true` | |
| prometheus.readinessProbe.failureThreshold | int | `10` | |
| prometheus.readinessProbe.initialDelaySeconds | int | `0` | |
| prometheus.readinessProbe.path | string | `"/-/ready"` | |
| prometheus.readinessProbe.periodSeconds | int | `10` | |
| prometheus.readinessProbe.successThreshold | int | `1` | |
| prometheus.readinessProbe.timeoutSeconds | int | `3` | |
| prometheus.remoteRead | list | `[]` | |
| prometheus.remoteWrite | list | `[]` | |
| prometheus.replicaCount | int | `1` | |
| prometheus.replicaExternalLabelName | string | `""` | |
| prometheus.replicaExternalLabelNameClear | bool | `false` | |
| prometheus.resources | object | `{}` | |
| prometheus.retention | string | `"31d"` | |
| prometheus.retentionSize | string | `""` | |
| prometheus.routePrefix | string | `"/"` | |
| prometheus.ruleNamespaceSelector | object | `{}` | |
| prometheus.ruleSelector | object | `{}` | |
| prometheus.scrapeInterval | string | `""` | |
| prometheus.secrets | list | `[]` | |
| prometheus.serviceAccount.annotations | object | `{}` | |
| prometheus.serviceAccount.create | bool | `true` | |
| prometheus.serviceAccount.name | string | `""` | |
| prometheus.serviceMonitor.enabled | bool | `true` | |
| prometheus.serviceMonitor.interval | string | `""` | |
| prometheus.serviceMonitor.metricRelabelings | list | `[]` | |
| prometheus.serviceMonitor.relabelings | list | `[]` | |
| prometheus.serviceMonitorNamespaceSelector | object | `{}` | |
| prometheus.serviceMonitorSelector | object | `{}` | |
| prometheus.storageSpec | object | `{}` | |
| prometheus.thanos.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | |
| prometheus.thanos.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| prometheus.thanos.containerSecurityContext.enabled | bool | `true` | |
| prometheus.thanos.containerSecurityContext.readOnlyRootFilesystem | bool | `false` | |
| prometheus.thanos.containerSecurityContext.runAsNonRoot | bool | `true` | |
| prometheus.thanos.create | bool | `false` | |
| prometheus.thanos.extraArgs | list | `[]` | |
| prometheus.thanos.extraVolumeMounts | list | `[]` | |
| prometheus.thanos.livenessProbe.enabled | bool | `true` | |
| prometheus.thanos.livenessProbe.failureThreshold | int | `120` | |
| prometheus.thanos.livenessProbe.initialDelaySeconds | int | `0` | |
| prometheus.thanos.livenessProbe.path | string | `"/-/healthy"` | |
| prometheus.thanos.livenessProbe.periodSeconds | int | `5` | |
| prometheus.thanos.livenessProbe.successThreshold | int | `1` | |
| prometheus.thanos.livenessProbe.timeoutSeconds | int | `3` | |
| prometheus.thanos.objectStorageConfig | object | `{}` | |
| prometheus.thanos.prometheusUrl | string | `""` | |
| prometheus.thanos.readinessProbe.enabled | bool | `true` | |
| prometheus.thanos.readinessProbe.failureThreshold | int | `120` | |
| prometheus.thanos.readinessProbe.initialDelaySeconds | int | `0` | |
| prometheus.thanos.readinessProbe.path | string | `"/-/ready"` | |
| prometheus.thanos.readinessProbe.periodSeconds | int | `5` | |
| prometheus.thanos.readinessProbe.successThreshold | int | `1` | |
| prometheus.thanos.readinessProbe.timeoutSeconds | int | `3` | |
| prometheus.thanos.resources.limits | object | `{}` | |
| prometheus.thanos.resources.requests | object | `{}` | |
| prometheus.thanos.service.annotations | object | `{}` | |
| prometheus.thanos.service.clusterIP | string | `"None"` | |
| prometheus.thanos.service.extraPorts | list | `[]` | |
| prometheus.thanos.service.loadBalancerIP | string | `""` | |
| prometheus.thanos.service.loadBalancerSourceRanges | list | `[]` | |
| prometheus.thanos.service.nodePort | string | `""` | |
| prometheus.thanos.service.port | int | `10901` | |
| prometheus.thanos.service.type | string | `"ClusterIP"` | |
| prometheus.tolerations | list | `[]` | |
| prometheus.volumeMounts | list | `[]` | |
| prometheus.volumes | list | `[]` | |
| prometheus.walCompression | bool | `false` | |
| prometheusImage.repository | string | `"tccr.io/truecharts/prometheus"` | |
| prometheusImage.tag | string | `"v2.32.1@sha256:71ad47195bb1d4334a7b77d358f67037639c34cf887c7fa95abc2a9c567bee43"` | |
| rbac | object | `{"enabled":true,"rules":[{"apiGroups":["apiextensions.k8s.io"],"resources":["customresourcedefinitions"],"verbs":["create"]},{"apiGroups":["apiextensions.k8s.io"],"resourceNames":["alertmanagers.monitoring.coreos.com","podmonitors.monitoring.coreos.com","prometheuses.monitoring.coreos.com","prometheusrules.monitoring.coreos.com","servicemonitors.monitoring.coreos.com","thanosrulers.monitoring.coreos.com","probes.monitoring.coreos.com"],"resources":["customresourcedefinitions"],"verbs":["get","update"]},{"apiGroups":["monitoring.coreos.com"],"resources":["alertmanagers","alertmanagers/finalizers","alertmanagerconfigs","prometheuses","prometheuses/finalizers","thanosrulers","thanosrulers/finalizers","servicemonitors","podmonitors","probes","prometheusrules"],"verbs":["*"]},{"apiGroups":["apps"],"resources":["statefulsets"],"verbs":["*"]},{"apiGroups":[""],"resources":["configmaps","secrets"],"verbs":["*"]},{"apiGroups":[""],"resources":["pods"],"verbs":["list","delete"]},{"apiGroups":[""],"resources":["services","services/finalizers","endpoints"],"verbs":["get","create","update","delete"]},{"apiGroups":[""],"resources":["nodes"],"verbs":["list","watch"]},{"apiGroups":[""],"resources":["namespaces"],"verbs":["get","list","watch"]},{"apiGroups":["networking.k8s.io"],"resources":["ingresses"],"verbs":["get","list","watch"]}]}` | Whether Role Based Access Control objects like roles and rolebindings should be created |
| securityContext.readOnlyRootFilesystem | bool | `false` | |
| service.alertmanager.enabled | bool | `true` | |
| service.alertmanager.ports.alertmanager.enabled | bool | `true` | |
| service.alertmanager.ports.alertmanager.port | int | `10087` | |
| service.alertmanager.ports.alertmanager.protocol | string | `"HTTP"` | |
| service.alertmanager.ports.alertmanager.targetPort | int | `9093` | |
| service.alertmanager.selector."app.kubernetes.io/name" | string | `"alertmanager"` | |
| service.alertmanager.selector.alertmanager | string | `"{{ template \"kube-prometheus.alertmanager.fullname\" . }}"` | |
| service.main.ports.main.port | int | `10086` | |
| service.main.ports.main.protocol | string | `"HTTP"` | |
| service.main.ports.main.targetPort | int | `9090` | |
| service.main.selector."app.kubernetes.io/name" | string | `"prometheus"` | |
| service.main.selector.prometheus | string | `"{{ template \"kube-prometheus.prometheus.fullname\" . }}"` | |
| service.promop.enabled | bool | `true` | |
| service.promop.ports.promop.enabled | bool | `true` | |
| service.promop.ports.promop.port | int | `10089` | |
| service.promop.ports.promop.protocol | string | `"HTTP"` | |
| service.promop.ports.promop.targetPort | int | `8080` | |
| service.thanos.enabled | bool | `true` | |
| service.thanos.ports.thanos.enabled | bool | `true` | |
| service.thanos.ports.thanos.port | int | `10901` | |
| service.thanos.ports.thanos.protocol | string | `"HTTP"` | |
| service.thanos.ports.thanos.targetPort | int | `10901` | |
| service.thanos.selector."app.kubernetes.io/name" | string | `"prometheus"` | |
| service.thanos.selector.prometheus | string | `"{{ template \"kube-prometheus.prometheus.fullname\" . }}"` | |
| serviceAccount | object | `{"create":true}` | The service account the pods will use to interact with the Kubernetes API |
| thanosImage.repository | string | `"tccr.io/truecharts/thanos"` | |
| thanosImage.tag | string | `"v0.23.1@sha256:2659f897b8277b69d15c7263fc09266a65bd8ba9852bd72436784ad3c9222a53"` | |
All Rights Reserved - The TrueCharts Project

File diff suppressed because it is too large Load Diff

File diff suppressed because one or more lines are too long

View File

@ -0,0 +1,99 @@
# Changelog<br>
<a name="traefik-10.0.29"></a>
### [traefik-10.0.29](https://github.com/truecharts/apps/compare/traefik-10.0.28...traefik-10.0.29) (2021-12-21)
#### Chore
* update helm general non-major helm releases ([#1596](https://github.com/truecharts/apps/issues/1596))
<a name="traefik-10.0.28"></a>
### [traefik-10.0.28](https://github.com/truecharts/apps/compare/traefik-10.0.27...traefik-10.0.28) (2021-12-19)
#### Chore
* Last patch bump before RC2 branch-off
* remove `editable: true` as this is the default ([#1576](https://github.com/truecharts/apps/issues/1576))
<a name="traefik-10.0.27"></a>
### [traefik-10.0.27](https://github.com/truecharts/apps/compare/traefik-10.0.26...traefik-10.0.27) (2021-12-19)
#### Chore
* App-Icon Organization ([#1539](https://github.com/truecharts/apps/issues/1539))
* update helm general non-major helm releases ([#1571](https://github.com/truecharts/apps/issues/1571))
<a name="traefik-10.0.26"></a>
### [traefik-10.0.26](https://github.com/truecharts/apps/compare/traefik-10.0.25...traefik-10.0.26) (2021-12-14)
#### Chore
* update helm general non-major helm releases ([#1535](https://github.com/truecharts/apps/issues/1535))
<a name="traefik-10.0.25"></a>
### [traefik-10.0.25](https://github.com/truecharts/apps/compare/traefik-10.0.24...traefik-10.0.25) (2021-12-13)
#### Chore
* move incubator apps to stable and bump everything
<a name="traefik-10.0.24"></a>
### [traefik-10.0.24](https://github.com/truecharts/apps/compare/traefik-10.0.23...traefik-10.0.24) (2021-12-12)
#### Chore
* update docker general non-major ([#1518](https://github.com/truecharts/apps/issues/1518))
<a name="traefik-10.0.23"></a>
### [traefik-10.0.23](https://github.com/truecharts/apps/compare/traefik-10.0.22...traefik-10.0.23) (2021-12-11)
#### Chore
* update general helm non-major helm releases ([#1509](https://github.com/truecharts/apps/issues/1509))
<a name="traefik-10.0.22"></a>
### [traefik-10.0.22](https://github.com/truecharts/apps/compare/traefik-10.0.21...traefik-10.0.22) (2021-12-07)
#### Chore
* update non-major deps helm releases ([#1481](https://github.com/truecharts/apps/issues/1481))
<a name="traefik-10.0.21"></a>
### traefik-10.0.21 (2021-12-05)
#### Chore
* bump apps to generate security page
* move all container references to TCCR ([#1448](https://github.com/truecharts/apps/issues/1448))
* update non-major deps helm releases ([#1471](https://github.com/truecharts/apps/issues/1471))
* update non-major deps helm releases ([#1468](https://github.com/truecharts/apps/issues/1468))
* update non-major deps helm releases ([#1453](https://github.com/truecharts/apps/issues/1453))
* update non-major ([#1449](https://github.com/truecharts/apps/issues/1449))
* update non-major deps helm releases ([#1432](https://github.com/truecharts/apps/issues/1432))
#### Fix
* fix typo in theme selection ([#1428](https://github.com/truecharts/apps/issues/1428))
<a name="traefik-10.0.20"></a>
### [traefik-10.0.20](https://github.com/truecharts/apps/compare/traefik-10.0.19...traefik-10.0.20) (2021-12-05)

View File

@ -0,0 +1,6 @@
dependencies:
- name: common
repository: https://truecharts.org
version: 8.9.25
digest: sha256:5438a1c0fda1ea55e3677fc611fc6a62981f903cd7cae559dc798db8afb43f93
generated: "2021-12-21T18:08:43.382749409Z"

View File

@ -0,0 +1,30 @@
apiVersion: v2
appVersion: "2.5.5"
dependencies:
- name: common
repository: https://truecharts.org
version: 8.9.25
deprecated: false
description: Test App for Traefik
home: https://github.com/truecharts/apps/tree/master/charts/stable/traefik
icon: https://truecharts.org/_static/img/appicons/traefik-icon.png
keywords:
- traefik
- ingress
kubeVersion: '>=1.16.0-0'
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: traefik
sources:
- https://github.com/traefik/traefik
- https://github.com/traefik/traefik-helm-chart
- https://traefik.io/
type: application
version: 10.0.29
annotations:
truecharts.org/catagories: |
- network
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U

View File

@ -0,0 +1,39 @@
# Introduction
Test App for Traefik
TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation.
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)**
## Source Code
* <https://github.com/traefik/traefik>
* <https://github.com/traefik/traefik-helm-chart>
* <https://traefik.io/>
## Requirements
Kubernetes: `>=1.16.0-0`
## Dependencies
| Repository | Name | Version |
|------------|------|---------|
| https://truecharts.org | common | 8.9.25 |
## Installing the Chart
To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/03-Installing-an-App/).
## Uninstalling the Chart
To remove this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/07-Deleting-an-App/).
## Support
- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Open-Apps/) first.
- See the [Wiki](https://truecharts.org)
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
- Open a [issue](https://github.com/truecharts/apps/issues/new/choose)
---
All Rights Reserved - The TrueCharts Project

View File

@ -0,0 +1,3 @@
Test App for Traefik
This App is supplied by TrueCharts, for more information please visit https://truecharts.org

Binary file not shown.

View File

@ -0,0 +1,198 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: ingressroutes.traefik.containo.us
spec:
group: traefik.containo.us
names:
kind: IngressRoute
listKind: IngressRouteList
plural: ingressroutes
singular: ingressroute
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: IngressRoute is an Ingress CRD specification.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: IngressRouteSpec is a specification for a IngressRouteSpec
resource.
properties:
entryPoints:
items:
type: string
type: array
routes:
items:
description: Route contains the set of routes.
properties:
kind:
enum:
- Rule
type: string
match:
type: string
middlewares:
items:
description: MiddlewareRef is a ref to the Middleware resources.
properties:
name:
type: string
namespace:
type: string
required:
- name
type: object
type: array
priority:
type: integer
services:
items:
description: Service defines an upstream to proxy traffic.
properties:
kind:
enum:
- Service
- TraefikService
type: string
name:
description: Name is a reference to a Kubernetes Service
object (for a load-balancer of servers), or to a TraefikService
object (service load-balancer, mirroring, etc). The
differentiation between the two is specified in the
Kind field.
type: string
namespace:
type: string
passHostHeader:
type: boolean
port:
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
responseForwarding:
description: ResponseForwarding holds configuration for
the forward of the response.
properties:
flushInterval:
type: string
type: object
scheme:
type: string
serversTransport:
type: string
sticky:
description: Sticky holds the sticky configuration.
properties:
cookie:
description: Cookie holds the sticky configuration
based on cookie.
properties:
httpOnly:
type: boolean
name:
type: string
sameSite:
type: string
secure:
type: boolean
type: object
type: object
strategy:
type: string
weight:
description: Weight should only be specified when Name
references a TraefikService object (and to be precise,
one that embeds a Weighted Round Robin).
type: integer
required:
- name
type: object
type: array
required:
- kind
- match
type: object
type: array
tls:
description: "TLS contains the TLS certificates configuration of the
routes. To enable Let's Encrypt, use an empty TLS struct, e.g. in
YAML: \n \t tls: {} # inline format \n \t tls: \t secretName:
# block format"
properties:
certResolver:
type: string
domains:
items:
description: Domain holds a domain name with SANs.
properties:
main:
type: string
sans:
items:
type: string
type: array
type: object
type: array
options:
description: Options is a reference to a TLSOption, that specifies
the parameters of the TLS connection.
properties:
name:
type: string
namespace:
type: string
required:
- name
type: object
secretName:
description: SecretName is the name of the referenced Kubernetes
Secret to specify the certificate details.
type: string
store:
description: Store is a reference to a TLSStore, that specifies
the parameters of the TLS store.
properties:
name:
type: string
namespace:
type: string
required:
- name
type: object
type: object
required:
- routes
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

View File

@ -0,0 +1,160 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: ingressroutetcps.traefik.containo.us
spec:
group: traefik.containo.us
names:
kind: IngressRouteTCP
listKind: IngressRouteTCPList
plural: ingressroutetcps
singular: ingressroutetcp
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: IngressRouteTCP is an Ingress CRD specification.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: IngressRouteTCPSpec is a specification for a IngressRouteTCPSpec
resource.
properties:
entryPoints:
items:
type: string
type: array
routes:
items:
description: RouteTCP contains the set of routes.
properties:
match:
type: string
middlewares:
description: Middlewares contains references to MiddlewareTCP
resources.
items:
description: ObjectReference is a generic reference to a Traefik
resource.
properties:
name:
type: string
namespace:
type: string
required:
- name
type: object
type: array
services:
items:
description: ServiceTCP defines an upstream to proxy traffic.
properties:
name:
type: string
namespace:
type: string
port:
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
proxyProtocol:
description: ProxyProtocol holds the ProxyProtocol configuration.
properties:
version:
type: integer
type: object
terminationDelay:
type: integer
weight:
type: integer
required:
- name
- port
type: object
type: array
required:
- match
type: object
type: array
tls:
description: "TLSTCP contains the TLS certificates configuration of
the routes. To enable Let's Encrypt, use an empty TLS struct, e.g.
in YAML: \n \t tls: {} # inline format \n \t tls: \t secretName:
# block format"
properties:
certResolver:
type: string
domains:
items:
description: Domain holds a domain name with SANs.
properties:
main:
type: string
sans:
items:
type: string
type: array
type: object
type: array
options:
description: Options is a reference to a TLSOption, that specifies
the parameters of the TLS connection.
properties:
name:
type: string
namespace:
type: string
required:
- name
type: object
passthrough:
type: boolean
secretName:
description: SecretName is the name of the referenced Kubernetes
Secret to specify the certificate details.
type: string
store:
description: Store is a reference to a TLSStore, that specifies
the parameters of the TLS store.
properties:
name:
type: string
namespace:
type: string
required:
- name
type: object
type: object
required:
- routes
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

View File

@ -0,0 +1,84 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: ingressrouteudps.traefik.containo.us
spec:
group: traefik.containo.us
names:
kind: IngressRouteUDP
listKind: IngressRouteUDPList
plural: ingressrouteudps
singular: ingressrouteudp
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: IngressRouteUDP is an Ingress CRD specification.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: IngressRouteUDPSpec is a specification for a IngressRouteUDPSpec
resource.
properties:
entryPoints:
items:
type: string
type: array
routes:
items:
description: RouteUDP contains the set of routes.
properties:
services:
items:
description: ServiceUDP defines an upstream to proxy traffic.
properties:
name:
type: string
namespace:
type: string
port:
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
weight:
type: integer
required:
- name
- port
type: object
type: array
type: object
type: array
required:
- routes
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

View File

@ -0,0 +1,563 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: middlewares.traefik.containo.us
spec:
group: traefik.containo.us
names:
kind: Middleware
listKind: MiddlewareList
plural: middlewares
singular: middleware
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: Middleware is a specification for a Middleware resource.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: MiddlewareSpec holds the Middleware configuration.
properties:
addPrefix:
description: AddPrefix holds the AddPrefix configuration.
properties:
prefix:
type: string
type: object
basicAuth:
description: BasicAuth holds the HTTP basic authentication configuration.
properties:
headerField:
type: string
realm:
type: string
removeHeader:
type: boolean
secret:
type: string
type: object
buffering:
description: Buffering holds the request/response buffering configuration.
properties:
maxRequestBodyBytes:
format: int64
type: integer
maxResponseBodyBytes:
format: int64
type: integer
memRequestBodyBytes:
format: int64
type: integer
memResponseBodyBytes:
format: int64
type: integer
retryExpression:
type: string
type: object
chain:
description: Chain holds a chain of middlewares.
properties:
middlewares:
items:
description: MiddlewareRef is a ref to the Middleware resources.
properties:
name:
type: string
namespace:
type: string
required:
- name
type: object
type: array
type: object
circuitBreaker:
description: CircuitBreaker holds the circuit breaker configuration.
properties:
expression:
type: string
type: object
compress:
description: Compress holds the compress configuration.
properties:
excludedContentTypes:
items:
type: string
type: array
type: object
contentType:
description: ContentType middleware - or rather its unique `autoDetect`
option - specifies whether to let the `Content-Type` header, if
it has not been set by the backend, be automatically set to a value
derived from the contents of the response. As a proxy, the default
behavior should be to leave the header alone, regardless of what
the backend did with it. However, the historic default was to always
auto-detect and set the header if it was nil, and it is going to
be kept that way in order to support users currently relying on
it. This middleware exists to enable the correct behavior until
at least the default one can be changed in a future version.
properties:
autoDetect:
type: boolean
type: object
digestAuth:
description: DigestAuth holds the Digest HTTP authentication configuration.
properties:
headerField:
type: string
realm:
type: string
removeHeader:
type: boolean
secret:
type: string
type: object
errors:
description: ErrorPage holds the custom error page configuration.
properties:
query:
type: string
service:
description: Service defines an upstream to proxy traffic.
properties:
kind:
enum:
- Service
- TraefikService
type: string
name:
description: Name is a reference to a Kubernetes Service object
(for a load-balancer of servers), or to a TraefikService
object (service load-balancer, mirroring, etc). The differentiation
between the two is specified in the Kind field.
type: string
namespace:
type: string
passHostHeader:
type: boolean
port:
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
responseForwarding:
description: ResponseForwarding holds configuration for the
forward of the response.
properties:
flushInterval:
type: string
type: object
scheme:
type: string
serversTransport:
type: string
sticky:
description: Sticky holds the sticky configuration.
properties:
cookie:
description: Cookie holds the sticky configuration based
on cookie.
properties:
httpOnly:
type: boolean
name:
type: string
sameSite:
type: string
secure:
type: boolean
type: object
type: object
strategy:
type: string
weight:
description: Weight should only be specified when Name references
a TraefikService object (and to be precise, one that embeds
a Weighted Round Robin).
type: integer
required:
- name
type: object
status:
items:
type: string
type: array
type: object
forwardAuth:
description: ForwardAuth holds the http forward authentication configuration.
properties:
address:
type: string
authRequestHeaders:
items:
type: string
type: array
authResponseHeaders:
items:
type: string
type: array
authResponseHeadersRegex:
type: string
tls:
description: ClientTLS holds TLS specific configurations as client.
properties:
caOptional:
type: boolean
caSecret:
type: string
certSecret:
type: string
insecureSkipVerify:
type: boolean
type: object
trustForwardHeader:
type: boolean
type: object
headers:
description: Headers holds the custom header configuration.
properties:
accessControlAllowCredentials:
description: AccessControlAllowCredentials is only valid if true.
false is ignored.
type: boolean
accessControlAllowHeaders:
description: AccessControlAllowHeaders must be used in response
to a preflight request with Access-Control-Request-Headers set.
items:
type: string
type: array
accessControlAllowMethods:
description: AccessControlAllowMethods must be used in response
to a preflight request with Access-Control-Request-Method set.
items:
type: string
type: array
accessControlAllowOriginList:
description: AccessControlAllowOriginList is a list of allowable
origins. Can also be a wildcard origin "*".
items:
type: string
type: array
accessControlAllowOriginListRegex:
description: AccessControlAllowOriginListRegex is a list of allowable
origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/).
items:
type: string
type: array
accessControlExposeHeaders:
description: AccessControlExposeHeaders sets valid headers for
the response.
items:
type: string
type: array
accessControlMaxAge:
description: AccessControlMaxAge sets the time that a preflight
request may be cached.
format: int64
type: integer
addVaryHeader:
description: AddVaryHeader controls if the Vary header is automatically
added/updated when the AccessControlAllowOriginList is set.
type: boolean
allowedHosts:
items:
type: string
type: array
browserXssFilter:
type: boolean
contentSecurityPolicy:
type: string
contentTypeNosniff:
type: boolean
customBrowserXSSValue:
type: string
customFrameOptionsValue:
type: string
customRequestHeaders:
additionalProperties:
type: string
type: object
customResponseHeaders:
additionalProperties:
type: string
type: object
featurePolicy:
type: string
forceSTSHeader:
type: boolean
frameDeny:
type: boolean
hostsProxyHeaders:
items:
type: string
type: array
isDevelopment:
type: boolean
publicKey:
type: string
referrerPolicy:
type: string
sslForceHost:
description: 'Deprecated: use RedirectRegex instead.'
type: boolean
sslHost:
description: 'Deprecated: use RedirectRegex instead.'
type: string
sslProxyHeaders:
additionalProperties:
type: string
type: object
sslRedirect:
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
instead.'
type: boolean
sslTemporaryRedirect:
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
instead.'
type: boolean
stsIncludeSubdomains:
type: boolean
stsPreload:
type: boolean
stsSeconds:
format: int64
type: integer
type: object
inFlightReq:
description: InFlightReq limits the number of requests being processed
and served concurrently.
properties:
amount:
format: int64
type: integer
sourceCriterion:
description: SourceCriterion defines what criterion is used to
group requests as originating from a common source. If none
are set, the default is to use the request's remote address
field. All fields are mutually exclusive.
properties:
ipStrategy:
description: IPStrategy holds the ip strategy configuration.
properties:
depth:
type: integer
excludedIPs:
items:
type: string
type: array
type: object
requestHeaderName:
type: string
requestHost:
type: boolean
type: object
type: object
ipWhiteList:
description: IPWhiteList holds the ip white list configuration.
properties:
ipStrategy:
description: IPStrategy holds the ip strategy configuration.
properties:
depth:
type: integer
excludedIPs:
items:
type: string
type: array
type: object
sourceRange:
items:
type: string
type: array
type: object
passTLSClientCert:
description: PassTLSClientCert holds the TLS client cert headers configuration.
properties:
info:
description: TLSClientCertificateInfo holds the client TLS certificate
info configuration.
properties:
issuer:
description: TLSCLientCertificateDNInfo holds the client TLS
certificate distinguished name info configuration. cf https://tools.ietf.org/html/rfc3739
properties:
commonName:
type: boolean
country:
type: boolean
domainComponent:
type: boolean
locality:
type: boolean
organization:
type: boolean
province:
type: boolean
serialNumber:
type: boolean
type: object
notAfter:
type: boolean
notBefore:
type: boolean
sans:
type: boolean
serialNumber:
type: boolean
subject:
description: TLSCLientCertificateDNInfo holds the client TLS
certificate distinguished name info configuration. cf https://tools.ietf.org/html/rfc3739
properties:
commonName:
type: boolean
country:
type: boolean
domainComponent:
type: boolean
locality:
type: boolean
organization:
type: boolean
province:
type: boolean
serialNumber:
type: boolean
type: object
type: object
pem:
type: boolean
type: object
plugin:
additionalProperties:
x-kubernetes-preserve-unknown-fields: true
type: object
rateLimit:
description: RateLimit holds the rate limiting configuration for a
given router.
properties:
average:
format: int64
type: integer
burst:
format: int64
type: integer
period:
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
sourceCriterion:
description: SourceCriterion defines what criterion is used to
group requests as originating from a common source. If none
are set, the default is to use the request's remote address
field. All fields are mutually exclusive.
properties:
ipStrategy:
description: IPStrategy holds the ip strategy configuration.
properties:
depth:
type: integer
excludedIPs:
items:
type: string
type: array
type: object
requestHeaderName:
type: string
requestHost:
type: boolean
type: object
type: object
redirectRegex:
description: RedirectRegex holds the redirection configuration.
properties:
permanent:
type: boolean
regex:
type: string
replacement:
type: string
type: object
redirectScheme:
description: RedirectScheme holds the scheme redirection configuration.
properties:
permanent:
type: boolean
port:
type: string
scheme:
type: string
type: object
replacePath:
description: ReplacePath holds the ReplacePath configuration.
properties:
path:
type: string
type: object
replacePathRegex:
description: ReplacePathRegex holds the ReplacePathRegex configuration.
properties:
regex:
type: string
replacement:
type: string
type: object
retry:
description: Retry holds the retry configuration.
properties:
attempts:
type: integer
initialInterval:
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
type: object
stripPrefix:
description: StripPrefix holds the StripPrefix configuration.
properties:
forceSlash:
type: boolean
prefixes:
items:
type: string
type: array
type: object
stripPrefixRegex:
description: StripPrefixRegex holds the StripPrefixRegex configuration.
properties:
regex:
items:
type: string
type: array
type: object
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

View File

@ -0,0 +1,59 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: middlewaretcps.traefik.containo.us
spec:
group: traefik.containo.us
names:
kind: MiddlewareTCP
listKind: MiddlewareTCPList
plural: middlewaretcps
singular: middlewaretcp
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: MiddlewareTCP is a specification for a MiddlewareTCP resource.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: MiddlewareTCPSpec holds the MiddlewareTCP configuration.
properties:
ipWhiteList:
description: TCPIPWhiteList holds the TCP ip white list configuration.
properties:
sourceRange:
items:
type: string
type: array
type: object
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

View File

@ -0,0 +1,101 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: serverstransports.traefik.containo.us
spec:
group: traefik.containo.us
names:
kind: ServersTransport
listKind: ServersTransportList
plural: serverstransports
singular: serverstransport
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: ServersTransport is a specification for a ServersTransport resource.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ServersTransportSpec options to configure communication between
Traefik and the servers.
properties:
certificatesSecrets:
description: Certificates for mTLS.
items:
type: string
type: array
disableHTTP2:
description: Disable HTTP/2 for connections with backend servers.
type: boolean
forwardingTimeouts:
description: Timeouts for requests forwarded to the backend servers.
properties:
dialTimeout:
anyOf:
- type: integer
- type: string
description: The amount of time to wait until a connection to
a backend server can be established. If zero, no timeout exists.
x-kubernetes-int-or-string: true
idleConnTimeout:
anyOf:
- type: integer
- type: string
description: The maximum period for which an idle HTTP keep-alive
connection will remain open before closing itself.
x-kubernetes-int-or-string: true
responseHeaderTimeout:
anyOf:
- type: integer
- type: string
description: The amount of time to wait for a server's response
headers after fully writing the request (including its body,
if any). If zero, no timeout exists.
x-kubernetes-int-or-string: true
type: object
insecureSkipVerify:
description: Disable SSL certificate verification.
type: boolean
maxIdleConnsPerHost:
description: If non-zero, controls the maximum idle (keep-alive) to
keep per-host. If zero, DefaultMaxIdleConnsPerHost is used.
type: integer
rootCAsSecrets:
description: Add cert file for self-signed certificate.
items:
type: string
type: array
serverName:
description: ServerName used to contact the server.
type: string
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

View File

@ -0,0 +1,87 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: tlsoptions.traefik.containo.us
spec:
group: traefik.containo.us
names:
kind: TLSOption
listKind: TLSOptionList
plural: tlsoptions
singular: tlsoption
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: TLSOption is a specification for a TLSOption resource.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: TLSOptionSpec configures TLS for an entry point.
properties:
cipherSuites:
items:
type: string
type: array
clientAuth:
description: ClientAuth defines the parameters of the client authentication
part of the TLS connection, if any.
properties:
clientAuthType:
description: ClientAuthType defines the client authentication
type to apply.
enum:
- NoClientCert
- RequestClientCert
- VerifyClientCertIfGiven
- RequireAndVerifyClientCert
type: string
secretNames:
description: SecretName is the name of the referenced Kubernetes
Secret to specify the certificate details.
items:
type: string
type: array
type: object
curvePreferences:
items:
type: string
type: array
maxVersion:
type: string
minVersion:
type: string
preferServerCipherSuites:
type: boolean
sniStrict:
type: boolean
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

View File

@ -0,0 +1,64 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: tlsstores.traefik.containo.us
spec:
group: traefik.containo.us
names:
kind: TLSStore
listKind: TLSStoreList
plural: tlsstores
singular: tlsstore
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: TLSStore is a specification for a TLSStore resource.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: TLSStoreSpec configures a TLSStore resource.
properties:
defaultCertificate:
description: DefaultCertificate holds a secret name for the TLSOption
resource.
properties:
secretName:
description: SecretName is the name of the referenced Kubernetes
Secret to specify the certificate details.
type: string
required:
- secretName
type: object
required:
- defaultCertificate
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

View File

@ -0,0 +1,270 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: traefikservices.traefik.containo.us
spec:
group: traefik.containo.us
names:
kind: TraefikService
listKind: TraefikServiceList
plural: traefikservices
singular: traefikservice
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: TraefikService is the specification for a service (that an IngressRoute
refers to) that is usually not a terminal service (i.e. not a pod of servers),
as opposed to a Kubernetes Service. That is to say, it usually refers to
other (children) services, which themselves can be TraefikServices or Services.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ServiceSpec defines whether a TraefikService is a load-balancer
of services or a mirroring service.
properties:
mirroring:
description: Mirroring defines a mirroring service, which is composed
of a main load-balancer, and a list of mirrors.
properties:
kind:
enum:
- Service
- TraefikService
type: string
maxBodySize:
format: int64
type: integer
mirrors:
items:
description: MirrorService defines one of the mirrors of a Mirroring
service.
properties:
kind:
enum:
- Service
- TraefikService
type: string
name:
description: Name is a reference to a Kubernetes Service
object (for a load-balancer of servers), or to a TraefikService
object (service load-balancer, mirroring, etc). The differentiation
between the two is specified in the Kind field.
type: string
namespace:
type: string
passHostHeader:
type: boolean
percent:
type: integer
port:
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
responseForwarding:
description: ResponseForwarding holds configuration for
the forward of the response.
properties:
flushInterval:
type: string
type: object
scheme:
type: string
serversTransport:
type: string
sticky:
description: Sticky holds the sticky configuration.
properties:
cookie:
description: Cookie holds the sticky configuration based
on cookie.
properties:
httpOnly:
type: boolean
name:
type: string
sameSite:
type: string
secure:
type: boolean
type: object
type: object
strategy:
type: string
weight:
description: Weight should only be specified when Name references
a TraefikService object (and to be precise, one that embeds
a Weighted Round Robin).
type: integer
required:
- name
type: object
type: array
name:
description: Name is a reference to a Kubernetes Service object
(for a load-balancer of servers), or to a TraefikService object
(service load-balancer, mirroring, etc). The differentiation
between the two is specified in the Kind field.
type: string
namespace:
type: string
passHostHeader:
type: boolean
port:
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
responseForwarding:
description: ResponseForwarding holds configuration for the forward
of the response.
properties:
flushInterval:
type: string
type: object
scheme:
type: string
serversTransport:
type: string
sticky:
description: Sticky holds the sticky configuration.
properties:
cookie:
description: Cookie holds the sticky configuration based on
cookie.
properties:
httpOnly:
type: boolean
name:
type: string
sameSite:
type: string
secure:
type: boolean
type: object
type: object
strategy:
type: string
weight:
description: Weight should only be specified when Name references
a TraefikService object (and to be precise, one that embeds
a Weighted Round Robin).
type: integer
required:
- name
type: object
weighted:
description: WeightedRoundRobin defines a load-balancer of services.
properties:
services:
items:
description: Service defines an upstream to proxy traffic.
properties:
kind:
enum:
- Service
- TraefikService
type: string
name:
description: Name is a reference to a Kubernetes Service
object (for a load-balancer of servers), or to a TraefikService
object (service load-balancer, mirroring, etc). The differentiation
between the two is specified in the Kind field.
type: string
namespace:
type: string
passHostHeader:
type: boolean
port:
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
responseForwarding:
description: ResponseForwarding holds configuration for
the forward of the response.
properties:
flushInterval:
type: string
type: object
scheme:
type: string
serversTransport:
type: string
sticky:
description: Sticky holds the sticky configuration.
properties:
cookie:
description: Cookie holds the sticky configuration based
on cookie.
properties:
httpOnly:
type: boolean
name:
type: string
sameSite:
type: string
secure:
type: boolean
type: object
type: object
strategy:
type: string
weight:
description: Weight should only be specified when Name references
a TraefikService object (and to be precise, one that embeds
a Weighted Round Robin).
type: integer
required:
- name
type: object
type: array
sticky:
description: Sticky holds the sticky configuration.
properties:
cookie:
description: Cookie holds the sticky configuration based on
cookie.
properties:
httpOnly:
type: boolean
name:
type: string
sameSite:
type: string
secure:
type: boolean
type: object
type: object
type: object
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

View File

@ -0,0 +1,48 @@
# Default Helm-Values
TrueCharts is primarily build to supply TrueNAS SCALE Apps.
However, we also supply all Apps as standard Helm-Charts. In this document we aim to document the default values in our values.yaml file.
Most of our Apps also consume our "common" Helm Chart.
If this is the case, this means that all values.yaml values are set to the common chart values.yaml by default. This values.yaml file will only contain values that deviate from the common chart.
You will, however, be able to use all values referenced in the common chart here, besides the values listed in this document.
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| additionalArguments[0] | string | `"--metrics.prometheus"` | |
| additionalArguments[1] | string | `"--ping"` | |
| additionalArguments[2] | string | `"--serverstransport.insecureskipverify=true"` | |
| additionalArguments[3] | string | `"--providers.kubernetesingress.allowexternalnameservices=true"` | |
| globalArguments[0] | string | `"--global.checknewversion"` | |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.repository | string | `"tccr.io/truecharts/traefik"` | |
| image.tag | string | `"v2.5.5@sha256:2c12cf3ee1d67468d4f16bd8a86478458fd97cf72038bdd9d96df4ba32fdb769"` | |
| ingressClass | object | `{"enabled":false,"fallbackApiVersion":"","isDefaultClass":false}` | Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x |
| ingressRoute | object | `{"dashboard":{"annotations":{},"enabled":true,"labels":{}}}` | Create an IngressRoute for the dashboard |
| logs | object | `{"access":{"enabled":false,"fields":{"general":{"defaultmode":"keep","names":{}},"headers":{"defaultmode":"drop","names":{}}},"filters":{}},"general":{"level":"ERROR"}}` | Logs https://docs.traefik.io/observability/logs/ |
| metrics.prometheus.entryPoint | string | `"metrics"` | |
| middlewares | object | `{"basicAuth":[],"chain":[],"forwardAuth":[],"ipWhiteList":[],"rateLimit":[],"redirectRegex":[],"redirectScheme":[]}` | SCALE Middleware Handlers |
| pilot | object | `{"enabled":false,"token":""}` | Activate Pilot integration |
| portalhook.enabled | bool | `true` | |
| probes.liveness | object | See below | Liveness probe configuration |
| probes.liveness.path | string | "/" | If a HTTP probe is used (default for HTTP/HTTPS services) this path is used |
| probes.liveness.type | string | "TCP" | sets the probe type when not using a custom probe |
| probes.readiness | object | See below | Redainess probe configuration |
| probes.readiness.path | string | "/" | If a HTTP probe is used (default for HTTP/HTTPS services) this path is used |
| probes.readiness.type | string | "TCP" | sets the probe type when not using a custom probe |
| probes.startup | object | See below | Startup probe configuration |
| probes.startup.path | string | "/" | If a HTTP probe is used (default for HTTP/HTTPS services) this path is used |
| probes.startup.type | string | "TCP" | sets the probe type when not using a custom probe |
| providers.kubernetesCRD.enabled | bool | `true` | |
| providers.kubernetesCRD.namespaces | list | `[]` | |
| providers.kubernetesIngress.enabled | bool | `true` | |
| providers.kubernetesIngress.namespaces | list | `[]` | |
| providers.kubernetesIngress.publishedService.enabled | bool | `true` | |
| rbac | object | `{"enabled":true,"rules":[{"apiGroups":[""],"resources":["services","endpoints","secrets"],"verbs":["get","list","watch"]},{"apiGroups":["extensions","networking.k8s.io"],"resources":["ingresses","ingressclasses"],"verbs":["get","list","watch"]},{"apiGroups":["extensions","networking.k8s.io"],"resources":["ingresses/status"],"verbs":["update"]},{"apiGroups":["traefik.containo.us"],"resources":["ingressroutes","ingressroutetcps","ingressrouteudps","middlewares","middlewaretcps","tlsoptions","tlsstores","traefikservices","serverstransports"],"verbs":["get","list","watch"]}]}` | Whether Role Based Access Control objects like roles and rolebindings should be created |
| service | object | `{"main":{"ports":{"main":{"port":9000,"protocol":"HTTP","targetPort":9000}},"type":"LoadBalancer"},"metrics":{"enabled":true,"ports":{"metrics":{"enabled":true,"port":9100,"protocol":"HTTP","targetPort":9100}},"type":"LoadBalancer"},"tcp":{"enabled":true,"ports":{"web":{"enabled":true,"port":9080,"protocol":"HTTP","redirectTo":"websecure"},"websecure":{"enabled":true,"port":9443,"protocol":"HTTPS"}},"type":"LoadBalancer"},"udp":{"enabled":false}}` | Options for the main traefik service, where the entrypoints traffic comes from from. |
| serviceAccount | object | `{"create":true}` | The service account the pods will use to interact with the Kubernetes API |
| tlsOptions | object | `{"default":{"cipherSuites":["TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305","TLS_AES_128_GCM_SHA256","TLS_AES_256_GCM_SHA384","TLS_CHACHA20_POLY1305_SHA256"],"curvePreferences":["CurveP521","CurveP384"],"minVersion":"VersionTLS12","sniStrict":false}}` | TLS Options to be created as TLSOption CRDs https://doc.traefik.io/tccr.io/truecharts/https/tls/#tls-options Example: |
All Rights Reserved - The TrueCharts Project

View File

@ -0,0 +1,309 @@
image:
repository: tccr.io/truecharts/traefik
# defaults to appVersion
tag: v2.5.5@sha256:2c12cf3ee1d67468d4f16bd8a86478458fd97cf72038bdd9d96df4ba32fdb769
pullPolicy: IfNotPresent
# -- Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x
ingressClass:
# true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
enabled: false
isDefaultClass: false
# Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1"
fallbackApiVersion: ""
# -- Activate Pilot integration
pilot:
enabled: false
token: ""
# Toggle Pilot Dashboard
# dashboard: false
# -- Create an IngressRoute for the dashboard
ingressRoute:
dashboard:
enabled: true
# Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
annotations: {}
# Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
labels: {}
#
# -- Configure providers
providers:
kubernetesCRD:
enabled: true
namespaces: []
# - "default"
kubernetesIngress:
enabled: true
# labelSelector: environment=production,method=traefik
namespaces: []
# - "default"
# IP used for Kubernetes Ingress endpoints
publishedService:
enabled: true
# Published Kubernetes Service to copy status from. Format: namespace/servicename
# By default this Traefik service
# pathOverride: ""
# -- Logs
# https://docs.traefik.io/observability/logs/
logs:
# Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
general:
# By default, the logs use a text format (common), but you can
# also ask for the json format in the format option
# format: json
# By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
level: ERROR
access:
# To enable access logs
enabled: false
# By default, logs are written using the Common Log Format (CLF).
# To write logs in JSON, use json in the format option.
# If the given format is unsupported, the default (CLF) is used instead.
# format: json
# To write the logs in an asynchronous fashion, specify a bufferingSize option.
# This option represents the number of log lines Traefik will keep in memory before writing
# them to the selected output. In some cases, this option can greatly help performances.
# bufferingSize: 100
# Filtering https://docs.traefik.io/observability/access-logs/#filtering
filters: {}
# statuscodes: "200,300-302"
# retryattempts: true
# minduration: 10ms
# Fields
# https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers
fields:
general:
defaultmode: keep
names: {}
# Examples:
# ClientUsername: drop
headers:
defaultmode: drop
names: {}
# Examples:
# User-Agent: redact
# Authorization: drop
# Content-Type: keep
metrics:
# datadog:
# address: 127.0.0.1:8125
# influxdb:
# address: localhost:8089
# protocol: udp
prometheus:
entryPoint: metrics
# statsd:
# address: localhost:8125
globalArguments:
- "--global.checknewversion"
##
# -- Additional arguments to be passed at Traefik's binary
# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
additionalArguments:
- "--metrics.prometheus"
- "--ping"
- "--serverstransport.insecureskipverify=true"
- "--providers.kubernetesingress.allowexternalnameservices=true"
# -- TLS Options to be created as TLSOption CRDs
# https://doc.traefik.io/tccr.io/truecharts/https/tls/#tls-options
# Example:
tlsOptions:
default:
sniStrict: false
minVersion: VersionTLS12
curvePreferences:
- CurveP521
- CurveP384
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
# -- Options for the main traefik service, where the entrypoints traffic comes from
# from.
service:
main:
type: LoadBalancer
ports:
main:
port: 9000
targetPort: 9000
protocol: HTTP
tcp:
enabled: true
type: LoadBalancer
ports:
web:
enabled: true
port: 9080
protocol: HTTP
redirectTo: websecure
websecure:
enabled: true
port: 9443
protocol: HTTPS
# tcpexample:
# enabled: true
# targetPort: 9443
# protocol: TCP
# tls:
# enabled: false
# # this is the name of a TLSOption definition
# options: ""
# certResolver: ""
# domains: []
# # - main: example.com
# # sans:
# # - foo.example.com
# # - bar.example.com
metrics:
enabled: true
type: LoadBalancer
ports:
metrics:
enabled: true
port: 9100
targetPort: 9100
protocol: HTTP
udp:
enabled: false
probes:
# -- Liveness probe configuration
# @default -- See below
liveness:
# -- sets the probe type when not using a custom probe
# @default -- "TCP"
type: HTTP
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
# @default -- "/"
path: "/ping"
# -- Redainess probe configuration
# @default -- See below
readiness:
# -- sets the probe type when not using a custom probe
# @default -- "TCP"
type: HTTP
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
# @default -- "/"
path: "/ping"
# -- Startup probe configuration
# @default -- See below
startup:
# -- sets the probe type when not using a custom probe
# @default -- "TCP"
type: HTTP
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
# @default -- "/"
path: "/ping"
# -- Whether Role Based Access Control objects like roles and rolebindings should be created
rbac:
enabled: true
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- traefik.containo.us
resources:
- ingressroutes
- ingressroutetcps
- ingressrouteudps
- middlewares
- middlewaretcps
- tlsoptions
- tlsstores
- traefikservices
- serverstransports
verbs:
- get
- list
- watch
# -- The service account the pods will use to interact with the Kubernetes API
serviceAccount:
create: true
# -- SCALE Middleware Handlers
middlewares:
basicAuth: []
# - name: basicauthexample
# users:
# - username: testuser
# password: testpassword
forwardAuth: []
# - name: forwardAuthexample
# address: https://auth.example.com/
# authResponseHeaders:
# - X-Secret
# - X-Auth-User
# authRequestHeaders:
# - "Accept"
# - "X-CustomHeader"
# authResponseHeadersRegex: "^X-"
# trustForwardHeader: true
chain: []
# - name: chainname
# middlewares:
# - name: compress
redirectScheme: []
# - name: redirectSchemeName
# scheme: https
# permanent: true
rateLimit: []
# - name: rateLimitName
# average: 300
# burst: 200
redirectRegex: []
# - name: redirectRegexName
# regex: putregexhere
# replacement: replacementurlhere
# permanent: false
ipWhiteList: []
# - name: ipWhiteListName
# sourceRange: []
# ipStrategy:
# depth: 2
# excludedIPs: []
portalhook:
enabled: true

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,100 @@
---
hide:
- toc
---
# Security Overview
<link href="https://truecharts.org/_static/trivy.css" type="text/css" rel="stylesheet" />
## Helm-Chart
##### Scan Results
#### Chart Object: traefik/templates/common.yaml
| Type | Misconfiguration ID | Check | Severity | Explaination | Links |
|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container &#39;RELEASE-NAME-traefik&#39; of Deployment &#39;RELEASE-NAME-traefik&#39; should add &#39;ALL&#39; to &#39;securityContext.capabilities.drop&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-traefik&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-traefik&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;RELEASE-NAME-traefik&#39; of Deployment &#39;RELEASE-NAME-traefik&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-traefik&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;RELEASE-NAME-traefik&#39; of Deployment &#39;RELEASE-NAME-traefik&#39; should set &#39;securityContext.runAsGroup&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-traefik&#39; should set &#39;securityContext.runAsGroup&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
| Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW | <details><summary>Expand...</summary> Containers should be forbidden from running with a root primary or supplementary GID. <br> <hr> <br> Deployment &#39;RELEASE-NAME-traefik&#39; should set &#39;spec.securityContext.runAsGroup&#39;, &#39;spec.securityContext.supplementalGroups[*]&#39; and &#39;spec.securityContext.fsGroup&#39; to integer greater than 0 </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv029">https://avd.aquasec.com/appshield/ksv029</a><br></details> |
| No Misconfigurations found |
|:---------------------------------|
| No Misconfigurations found |
|:---------------------------------|
## Containers
##### Detected Containers
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
tccr.io/truecharts/traefik:v2.5.5@sha256:2c12cf3ee1d67468d4f16bd8a86478458fd97cf72038bdd9d96df4ba32fdb769
##### Scan Results
#### Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2)
**alpine**
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
| busybox | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
| ssl_client | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
| ssl_client | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
#### Container: tccr.io/truecharts/traefik:v2.5.5@sha256:2c12cf3ee1d67468d4f16bd8a86478458fd97cf72038bdd9d96df4ba32fdb769 (alpine 3.14.3)
**alpine**
| No Vulnerabilities found |
|:---------------------------------|
**gobinary**
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| golang.org/x/text | CVE-2021-38561 | UNKNOWN | v0.3.6 | 0.3.7 | <details><summary>Expand...</summary></details> |

View File

@ -0,0 +1,141 @@
{{/* Define the args */}}
{{- define "traefik.args" -}}
args:
{{/* merge all ports */}}
{{- $ports := dict }}
{{- range $.Values.service }}
{{- range $name, $value := .ports }}
{{- $_ := set $ports $name $value }}
{{- end }}
{{- end }}
{{/* start of actual arguments */}}
{{- with .Values.globalArguments }}
{{- range . }}
- {{ . | quote }}
{{- end }}
{{- end }}
{{- range $name, $config := $ports }}
{{- if $config }}
{{- if or ( eq $config.protocol "HTTP" ) ( eq $config.protocol "HTTPS" ) ( eq $config.protocol "TCP" ) }}
{{- $_ := set $config "protocol" "TCP" }}
{{- end }}
- "--entryPoints.{{$name}}.address=:{{ $config.port }}/{{ default "tcp" $config.protocol | lower }}"
{{- end }}
{{- end }}
- "--api.dashboard=true"
- "--ping=true"
{{- if .Values.metrics }}
{{- if .Values.metrics.datadog }}
- "--metrics.datadog=true"
- "--metrics.datadog.address={{ .Values.metrics.datadog.address }}"
{{- end }}
{{- if .Values.metrics.influxdb }}
- "--metrics.influxdb=true"
- "--metrics.influxdb.address={{ .Values.metrics.influxdb.address }}"
- "--metrics.influxdb.protocol={{ .Values.metrics.influxdb.protocol }}"
{{- end }}
{{- if .Values.metrics.prometheus }}
- "--metrics.prometheus=true"
- "--metrics.prometheus.entrypoint={{ .Values.metrics.prometheus.entryPoint }}"
{{- end }}
{{- if .Values.metrics.statsd }}
- "--metrics.statsd=true"
- "--metrics.statsd.address={{ .Values.metrics.statsd.address }}"
{{- end }}
{{- end }}
{{- if .Values.providers.kubernetesCRD.enabled }}
- "--providers.kubernetescrd"
{{- end }}
{{- if .Values.providers.kubernetesIngress.enabled }}
- "--providers.kubernetesingress"
{{- if and .Values.providers.kubernetesIngress.publishedService.enabled }}
- "--providers.kubernetesingress.ingressendpoint.publishedservice={{ template "providers.kubernetesIngress.publishedServicePath" . }}"
{{- end }}
{{- if .Values.providers.kubernetesIngress.labelSelector }}
- "--providers.kubernetesingress.labelSelector={{ .Values.providers.kubernetesIngress.labelSelector }}"
{{- end }}
{{- end }}
{{- if and .Values.rbac.enabled .Values.rbac.namespaced }}
{{- if .Values.providers.kubernetesCRD.enabled }}
- "--providers.kubernetescrd.namespaces={{ template "providers.kubernetesCRD.namespaces" . }}"
{{- end }}
{{- if .Values.providers.kubernetesIngress.enabled }}
- "--providers.kubernetesingress.namespaces={{ template "providers.kubernetesIngress.namespaces" . }}"
{{- end }}
{{- end }}
{{- range $entrypoint, $config := $ports }}
{{- if $config.redirectTo }}
{{- $toPort := index $ports $config.redirectTo }}
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $toPort.port }}"
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https"
{{- end }}
{{- if or ( $config.tls ) ( eq $config.protocol "HTTPS" ) }}
{{- if or ( $config.tls.enabled ) ( eq $config.protocol "HTTPS" ) }}
- "--entrypoints.{{ $entrypoint }}.http.tls=true"
{{- if $config.tls.options }}
- "--entrypoints.{{ $entrypoint }}.http.tls.options={{ $config.tls.options }}"
{{- end }}
{{- if $config.tls.certResolver }}
- "--entrypoints.{{ $entrypoint }}.http.tls.certResolver={{ $config.tls.certResolver }}"
{{- end }}
{{- if $config.tls.domains }}
{{- range $index, $domain := $config.tls.domains }}
{{- if $domain.main }}
- "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].main={{ $domain.main }}"
{{- end }}
{{- if $domain.sans }}
- "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].sans={{ join "," $domain.sans }}"
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- with .Values.logs }}
{{- if .general.format }}
- "--log.format={{ .general.format }}"
{{- end }}
{{- if ne .general.level "ERROR" }}
- "--log.level={{ .general.level | upper }}"
{{- end }}
{{- if .access.enabled }}
- "--accesslog=true"
{{- if .access.format }}
- "--accesslog.format={{ .access.format }}"
{{- end }}
{{- if .access.bufferingsize }}
- "--accesslog.bufferingsize={{ .access.bufferingsize }}"
{{- end }}
{{- if .access.filters }}
{{- if .access.filters.statuscodes }}
- "--accesslog.filters.statuscodes={{ .access.filters.statuscodes }}"
{{- end }}
{{- if .access.filters.retryattempts }}
- "--accesslog.filters.retryattempts"
{{- end }}
{{- if .access.filters.minduration }}
- "--accesslog.filters.minduration={{ .access.filters.minduration }}"
{{- end }}
{{- end }}
- "--accesslog.fields.defaultmode={{ .access.fields.general.defaultmode }}"
{{- range $fieldname, $fieldaction := .access.fields.general.names }}
- "--accesslog.fields.names.{{ $fieldname }}={{ $fieldaction }}"
{{- end }}
- "--accesslog.fields.headers.defaultmode={{ .access.fields.headers.defaultmode }}"
{{- range $fieldname, $fieldaction := .access.fields.headers.names }}
- "--accesslog.fields.headers.names.{{ $fieldname }}={{ $fieldaction }}"
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.pilot.enabled }}
- "--pilot.token={{ .Values.pilot.token }}"
{{- end }}
{{- if hasKey .Values.pilot "dashboard" }}
- "--pilot.dashboard={{ .Values.pilot.dashboard }}"
{{- end }}
{{- with .Values.additionalArguments }}
{{- range . }}
- {{ . | quote }}
{{- end }}
{{- end }}
{{- end -}}

View File

@ -0,0 +1,22 @@
{{/*
Construct the path for the providers.kubernetesingress.ingressendpoint.publishedservice.
By convention this will simply use the <namespace>/<service-name> to match the name of the
service generated.
Users can provide an override for an explicit service they want bound via `.Values.providers.kubernetesIngress.publishedService.pathOverride`
*/}}
{{- define "providers.kubernetesIngress.publishedServicePath" -}}
{{- $fullName := include "common.names.fullname" . -}}
{{- $defServiceName := printf "%s/%s-tcp" .Release.Namespace $fullName -}}
{{- $servicePath := default $defServiceName .Values.providers.kubernetesIngress.publishedService.pathOverride }}
{{- print $servicePath | trimSuffix "-" -}}
{{- end -}}
{{/*
Construct a comma-separated list of whitelisted namespaces
*/}}
{{- define "providers.kubernetesIngress.namespaces" -}}
{{- default .Release.Namespace (join "," .Values.providers.kubernetesIngress.namespaces) }}
{{- end -}}
{{- define "providers.kubernetesCRD.namespaces" -}}
{{- default .Release.Namespace (join "," .Values.providers.kubernetesCRD.namespaces) }}
{{- end -}}

View File

@ -0,0 +1,24 @@
{{/* Define the ingressClass */}}
{{- define "traefik.ingressClass" -}}
{{- if .Values.ingressClass.enabled }}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass" }}
apiVersion: networking.k8s.io/v1
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/IngressClass" }}
apiVersion: networking.k8s.io/v1beta1
{{- else if or (eq .Values.ingressClass.fallbackApiVersion "v1beta1") (eq .Values.ingressClass.fallbackApiVersion "v1") }}
apiVersion: {{ printf "networking.k8s.io/%s" .Values.ingressClass.fallbackApiVersion }}
{{- else }}
{{- fail "\n\n ERROR: You must have at least networking.k8s.io/v1beta1 to use ingressClass" }}
{{- end }}
---
kind: IngressClass
metadata:
annotations:
ingressclass.kubernetes.io/is-default-class: {{ .Values.ingressClass.isDefaultClass | quote }}
labels:
{{- include "common.labels" . | nindent 4 }}
name: {{ .Release.Name }}
spec:
controller: traefik.io/ingress-controller
{{- end }}
{{- end }}

View File

@ -0,0 +1,25 @@
{{/* Define the ingressRoute */}}
{{- define "traefik.ingressRoute" -}}
{{- if .Values.ingressRoute.dashboard.enabled }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: {{ include "common.names.fullname" . }}-dashboard
annotations:
{{- with .Values.ingressRoute.dashboard.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
entryPoints:
- main
routes:
- match: PathPrefix(`/dashboard`) || PathPrefix(`/api`)
kind: Rule
services:
- name: api@internal
kind: TraefikService
{{- end -}}
{{- end -}}

Some files were not shown because too many files have changed in this diff Show More