truecharts.local
/
catalog
mirror of https://github.com/truecharts/catalog.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Commit new App releases for TrueCharts 

Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
TrueCharts-Bot 2022-02-13 22:08:07 +00:00
parent 8dd4df5b36
commit 1b2ec3292e
20 changed files with 135 additions and 501 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
incubator/linkace/0.0.1/CHANGELOG.md
View File

@ -1,10 +0,0 @@
# Changelog<br>
<a name="linkace-0.0.1"></a>
### linkace-0.0.1 (2022-02-13)
#### Feat
* Add linkace ([#1886](https://github.com/truecharts/apps/issues/1886))

23
incubator/linkace/0.0.1/templates/common.yaml
View File

@ -1,23 +0,0 @@
{{/* Make sure all variables are set properly */}}
{{ include "common.setup" . }}
{{/* Append the general configMap volume to the volumes */}}
{{- define "linkace.harcodedValues" -}}
persistence:
linkace-config:
enabled: "true"
mountPath: "/etc/nginx/conf.d/linkace.conf"
subPath: "nginx-config"
type: "custom"
volumeSpec:
configMap:
name: {{ printf "%v-config" (include "common.names.fullname" .) }}
{{- end -}}
{{- $_ := mergeOverwrite .Values (include "linkace.harcodedValues" . | fromYaml) -}}
{{- include "linkace.cronjob" . }}
{{- include "linkace.secrets" . }}
{{/* Render the templates */}}
{{ include "common.postSetup" . }}

65
incubator/linkace/0.0.1/templates/configmap.yaml
View File

@ -1,65 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.names.fullname" . }}-config
labels:
{{- include "common.labels" . | nindent 4 }}
data:
nginx-config: |-
server {
root /app/public;
server_name _;
index index.php;
charset utf-8;
client_max_body_size 20M;
port_in_redirect off;
# Choose the connection method
listen 0.0.0.0:8080;
# Content security headers for Laravel
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
# Gzip
gzip on;
gzip_vary on;
gzip_comp_level 8;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private auth;
gzip_types application/javascript application/x-javascript application/xhtml+xml font/woff font/woff2 image/svg+xml image/x-icon text/css text/javascript text/plain text/xml;
# Location configs
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# Assets and media files
location ~* \.(?:css|js|map|scss|jpg|jpeg|png|gif|mp4|woff|woff2|ico|svg|webmanifest)$ {
expires max;
access_log off;
add_header Cache-Control "public";
try_files $uri =404;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
# Error pages
error_page 404 /index.php;
error_page 403 /index.php;
# PHP handling
location ~ \.php$ {
fastcgi_pass localhost:9000;
try_files $uri /index.php;
include fastcgi_params;
fastcgi_keep_conn on;
fastcgi_intercept_errors on;
fastcgi_index index.php;
fastcgi_read_timeout 300;
}
}

18
incubator/linkace/0.0.2/CHANGELOG.md Normal file
View File

@ -0,0 +1,18 @@
# Changelog<br>
<a name="linkace-0.0.2"></a>
### [linkace-0.0.2](https://github.com/truecharts/apps/compare/linkace-0.0.1...linkace-0.0.2) (2022-02-13)
#### Fix
* Overhaul setup ([#1890](https://github.com/truecharts/apps/issues/1890))
<a name="linkace-0.0.1"></a>
### linkace-0.0.1 (2022-02-13)
#### Feat
* Add linkace ([#1886](https://github.com/truecharts/apps/issues/1886))

0
incubator/linkace/0.0.1/CONFIG.md → incubator/linkace/0.0.2/CONFIG.md
View File

2
incubator/linkace/0.0.1/Chart.lock → incubator/linkace/0.0.2/Chart.lock
View File

@ -9,4 +9,4 @@ dependencies:
repository: https://truecharts.org
version: 1.0.71
digest: sha256:b1da3265f6cd1f2de737e63e8d697b533e3f12e3b717bfa59e79677a94d34a52
generated: "2022-02-13T12:10:30.367605563Z"
generated: "2022-02-13T22:04:08.367442407Z"

2
incubator/linkace/0.0.1/Chart.yaml → incubator/linkace/0.0.2/Chart.yaml
View File

@ -27,7 +27,7 @@ sources:
- https://www.linkace.org/docs/
- https://github.com/linkace/linkace
- https://hub.docker.com/r/linkace/linkace
version: 0.0.1
version: 0.0.2
annotations:
truecharts.org/catagories: |
- media

0
incubator/linkace/0.0.1/README.md → incubator/linkace/0.0.2/README.md
View File

0
incubator/linkace/0.0.1/app-readme.md → incubator/linkace/0.0.2/app-readme.md
View File

0
incubator/linkace/0.0.1/charts/common-8.15.2.tgz → incubator/linkace/0.0.2/charts/common-8.15.2.tgz
View File

0
incubator/linkace/0.0.1/charts/mariadb-1.0.68.tgz → incubator/linkace/0.0.2/charts/mariadb-1.0.68.tgz
View File

0
incubator/linkace/0.0.1/charts/redis-1.0.71.tgz → incubator/linkace/0.0.2/charts/redis-1.0.71.tgz
View File

45
incubator/linkace/0.0.1/helm-values.md → incubator/linkace/0.0.2/helm-values.md
View File

@ -11,19 +11,9 @@ You will, however, be able to use all values referenced in the common chart here
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| additionalContainers.nginx.image | string | `"{{ .Values.nginxImage.repository }}:{{ .Values.nginxImage.tag }}"` | |
| additionalContainers.nginx.name | string | `"nginx"` | |
| additionalContainers.nginx.ports[0].containerPort | int | `80` | |
| additionalContainers.nginx.ports[0].name | string | `"main"` | |
| additionalContainers.nginx.volumeMounts[0].mountPath | string | `"/etc/nginx/conf.d/linkace.conf"` | |
| additionalContainers.nginx.volumeMounts[0].name | string | `"linkace-config"` | |
| additionalContainers.nginx.volumeMounts[0].readOnly | bool | `true` | |
| additionalContainers.nginx.volumeMounts[0].subPath | string | `"nginx-config"` | |
| additionalContainers.nginx.volumeMounts[1].mountPath | string | `"/app"` | |
| additionalContainers.nginx.volumeMounts[1].name | string | `"app"` | |
| cronjob.annotations | object | `{}` | |
| cronjob.failedJobsHistoryLimit | int | `5` | |
| cronjob.schedule | string | `"* * * * *"` | |
| cronjob.schedule | string | `"*/15 * * * *"` | |
| cronjob.successfulJobsHistoryLimit | int | `2` | |
| env.APP_DEBUG | bool | `false` | |
| env.APP_ENV | string | `"production"` | |
@ -54,19 +44,33 @@ You will, however, be able to use all values referenced in the common chart here
| envValueFrom.REDIS_PASSWORD.secretKeyRef.name | string | `"rediscreds"` | |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.repository | string | `"tccr.io/truecharts/linkace"` | |
| image.tag | string | `"v1.9.1@sha256:d56fa76113e3e5ab0889a13bdfb463d12b71b3e2ec839a8ff6fa99ec036be862"` | |
| initContainers.1-create-env-file.args[0] | string | `"if [ ! -f \"/app/.env\" ]; then\n echo \"Preparing for initial installation\";\n echo \"SETUP_COMPLETED=false\" > /app/.env;\nelse\n echo \"Initial installation has already completed.\";\nfi;\n"` | |
| initContainers.1-create-env-file.command[0] | string | `"/bin/sh"` | |
| initContainers.1-create-env-file.command[1] | string | `"-c"` | |
| initContainers.1-create-env-file.image | string | `"{{ .Values.image.repository }}:{{ .Values.image.tag }}"` | |
| initContainers.1-create-env-file.volumeMounts[0].mountPath | string | `"/app"` | |
| initContainers.1-create-env-file.volumeMounts[0].name | string | `"app"` | |
| image.tag | string | `"v1.9.1@sha256:88923f556900b0c6b79ea978e3692c690c0a6f9c28d048f2067a803095de1ef1"` | |
| initContainers.1-copy-app.args[0] | string | `"echo \"Copying app...\"; cp -R /app/* /tmp/;\n"` | |
| initContainers.1-copy-app.command[0] | string | `"/bin/sh"` | |
| initContainers.1-copy-app.command[1] | string | `"-c"` | |
| initContainers.1-copy-app.image | string | `"{{ .Values.image.repository }}:{{ .Values.image.tag }}"` | |
| initContainers.1-copy-app.volumeMounts[0].mountPath | string | `"/tmp"` | |
| initContainers.1-copy-app.volumeMounts[0].name | string | `"app"` | |
| initContainers.2-create-env-file.args[0] | string | `"if [ ! -f \"/app/.env\" ]; then\n echo \"Preparing for initial installation\";\n echo \"SETUP_COMPLETED=false\" > /app/.env;\n echo \"File .env created.\";\nelse\n echo \"Initial installation has already completed.\";\nfi;\n"` | |
| initContainers.2-create-env-file.command[0] | string | `"/bin/sh"` | |
| initContainers.2-create-env-file.command[1] | string | `"-c"` | |
| initContainers.2-create-env-file.image | string | `"{{ .Values.image.repository }}:{{ .Values.image.tag }}"` | |
| initContainers.2-create-env-file.volumeMounts[0].mountPath | string | `"/app"` | |
| initContainers.2-create-env-file.volumeMounts[0].name | string | `"app"` | |
| initContainers.3-chmod.args[0] | string | `"echo \"CHMOD-ing files...\"; chmod -R 777 /app; chmod -R 777 /app/storage/logs; chmod -R 777 /app/storage/app/backups; echo \"CHMOD Complete\";\n"` | |
| initContainers.3-chmod.command[0] | string | `"/bin/sh"` | |
| initContainers.3-chmod.command[1] | string | `"-c"` | |
| initContainers.3-chmod.image | string | `"{{ .Values.image.repository }}:{{ .Values.image.tag }}"` | |
| initContainers.3-chmod.volumeMounts[0].mountPath | string | `"/app"` | |
| initContainers.3-chmod.volumeMounts[0].name | string | `"app"` | |
| initContainers.3-chmod.volumeMounts[1].mountPath | string | `"/app/storage/logs"` | |
| initContainers.3-chmod.volumeMounts[1].name | string | `"logs"` | |
| initContainers.3-chmod.volumeMounts[2].mountPath | string | `"/app/storage/app/backups"` | |
| initContainers.3-chmod.volumeMounts[2].name | string | `"backups"` | |
| mariadb.enabled | bool | `true` | |
| mariadb.existingSecret | string | `"mariadbcreds"` | |
| mariadb.mariadbDatabase | string | `"linkace"` | |
| mariadb.mariadbUsername | string | `"linkace"` | |
| nginxImage.repository | string | `"tccr.io/truecharts/nginx"` | |
| nginxImage.tag | string | `"v1.21.6@sha256:80d87a1d4d67749d2caaa64ee061a66a946b81942ac56f4780e36f8356cee371"` | |
| persistence.app.enabled | bool | `true` | |
| persistence.app.mountPath | string | `"/app"` | |
| persistence.backups.enabled | bool | `true` | |
@ -77,6 +81,7 @@ You will, however, be able to use all values referenced in the common chart here
| podSecurityContext.runAsUser | int | `0` | |
| redis.enabled | bool | `true` | |
| redis.existingSecret | string | `"rediscreds"` | |
| securityContext.readOnlyRootFilesystem | bool | `false` | |
| securityContext.runAsNonRoot | bool | `false` | |
| service.main.ports.main.port | int | `10160` | |
| service.main.ports.main.targetPort | int | `80` | |

58
incubator/linkace/0.0.1/ix_values.yaml → incubator/linkace/0.0.2/ix_values.yaml
View File

@ -1,13 +1,10 @@
image:
repository: tccr.io/truecharts/linkace
tag: v1.9.1@sha256:d56fa76113e3e5ab0889a13bdfb463d12b71b3e2ec839a8ff6fa99ec036be862
tag: v1.9.1@sha256:88923f556900b0c6b79ea978e3692c690c0a6f9c28d048f2067a803095de1ef1
pullPolicy: IfNotPresent
nginxImage:
repository: tccr.io/truecharts/nginx
tag: v1.21.6@sha256:80d87a1d4d67749d2caaa64ee061a66a946b81942ac56f4780e36f8356cee371
securityContext:
readOnlyRootFilesystem: false
runAsNonRoot: false
podSecurityContext:
@ -57,26 +54,22 @@ envValueFrom:
name: linkace-secrets
key: APP_KEY
additionalContainers:
nginx:
name: nginx
image: "{{ .Values.nginxImage.repository }}:{{ .Values.nginxImage.tag }}"
ports:
- containerPort: 80
name: main
volumeMounts:
- name: linkace-config
mountPath: "/etc/nginx/conf.d/linkace.conf"
subPath: nginx-config
readOnly: true
- name: app
mountPath: "/app"
initContainers:
# Copy app to a temp folder as we gonna need it, so we can create the ".env" file in there.
1-copy-app:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
volumeMounts:
- name: app
mountPath: "/tmp"
command: ["/bin/sh", "-c"]
args:
- >
echo "Copying app...";
cp -R /app/* /tmp/;
# App checks ".env" for "SETUP_COMPELTED" status, to determine if it needs to run initial setup or not.
# We create this file and set it to false if it doesn't exists.
# If it exists, we let the app decide it's value (true|false) and how to proceed.
1-create-env-file:
2-create-env-file:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
volumeMounts:
- name: app
@ -88,12 +81,33 @@ initContainers:
then
echo "Preparing for initial installation";
echo "SETUP_COMPLETED=false" > /app/.env;
echo "File .env created.";
else
echo "Initial installation has already completed.";
fi;
# App does not like 775 perms on dirs.. So we have to set 777
3-chmod:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
volumeMounts:
- name: app
mountPath: "/app"
- name: logs
mountPath: "/app/storage/logs"
- name: backups
mountPath: "/app/storage/app/backups"
command: ["/bin/sh", "-c"]
args:
- >
echo "CHMOD-ing files...";
chmod -R 777 /app;
chmod -R 777 /app/storage/logs;
chmod -R 777 /app/storage/app/backups;
echo "CHMOD Complete";
# Set cron every 15 min, official docs says every minute, but seems excesive.
# It just checks for dead links and sends a request to WayBack Machine to archive.
cronjob:
schedule: "* * * * *"
schedule: "*/15 * * * *"
annotations: {}
failedJobsHistoryLimit: 5
successfulJobsHistoryLimit: 2

328
incubator/linkace/0.0.1/questions.yaml → incubator/linkace/0.0.2/questions.yaml
View File

@ -837,332 +837,6 @@ questions:
additional_attrs: true
type: dict
attrs:
- variable: app
label: "App Storage"
description: "Stores the Application."
schema:
additional_attrs: true
type: dict
attrs:
- variable: type
label: "Type of Storage"
description: "Sets the persistence type, Anything other than PVC could break rollback!"
schema:
type: string
default: "simplePVC"
enum:
- value: "simplePVC"
description: "PVC (simple)"
- value: "simpleHP"
description: "HostPath (simple)"
- value: "emptyDir"
description: "emptyDir"
- value: "pvc"
description: "pvc"
- value: "hostPath"
description: "hostPath"
- variable: setPermissionsSimple
label: "Automatic Permissions"
description: "Automatically set permissions on install"
schema:
show_if: [["type", "=", "simpleHP"]]
type: boolean
default: true
- variable: setPermissions
label: "Automatic Permissions"
description: "Automatically set permissions on install"
schema:
show_if: [["type", "=", "hostPath"]]
type: boolean
default: true
- variable: readOnly
label: "readOnly"
schema:
type: boolean
default: false
- variable: hostPathSimple
label: "hostPath"
description: "Path inside the container the storage is mounted"
schema:
show_if: [["type", "=", "simpleHP"]]
type: hostpath
- variable: hostPath
label: "hostPath"
description: "Path inside the container the storage is mounted"
schema:
show_if: [["type", "=", "hostPath"]]
type: hostpath
- variable: medium
label: "EmptyDir Medium"
schema:
show_if: [["type", "=", "emptyDir"]]
type: string
default: ""
enum:
- value: ""
description: "Default"
- value: "Memory"
description: "Memory"
- variable: size
label: "Size quotum of storage"
schema:
show_if: [["type", "=", "pvc"]]
type: string
default: "999Gi"
- variable: hostPathType
label: "(Advanced) hostPath Type"
schema:
show_if: [["type", "=", "hostPath"]]
type: string
default: ""
enum:
- value: ""
description: "Default"
- value: "DirectoryOrCreate"
description: "DirectoryOrCreate"
- value: "Directory"
description: "Directory"
- value: "FileOrCreate"
description: "FileOrCreate"
- value: "File"
description: "File"
- value: "Socket"
description: "Socket"
- value: "CharDevice"
description: "CharDevice"
- value: "BlockDevice"
description: "BlockDevice"
- variable: storageClass
label: "(Advanced) storageClass"
description: "Warning: Anything other than SCALE-ZFS or empty will break rollback!"
schema:
show_if: [["type", "=", "pvc"]]
type: string
default: "SCALE-ZFS"
- variable: accessMode
label: "(Advanced) Access Mode"
description: "Allow or disallow multiple PVC's writhing to the same PV"
schema:
show_if: [["type", "=", "pvc"]]
type: string
default: "ReadWriteOnce"
enum:
- value: "ReadWriteOnce"
description: "ReadWriteOnce"
- value: "ReadOnlyMany"
description: "ReadOnlyMany"
- value: "ReadWriteMany"
description: "ReadWriteMany"
- variable: advanced
label: "Show Advanced Options"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: labelsList
label: "Labels"
schema:
type: list
default: []
items:
- variable: labelItem
label: "Label"
schema:
additional_attrs: true
type: dict
attrs:
- variable: name
label: "Name"
schema:
type: string
- variable: value
label: "Value"
schema:
type: string
- variable: annotationsList
label: "Annotations"
schema:
type: list
default: []
items:
- variable: annotationItem
label: "Label"
schema:
additional_attrs: true
type: dict
attrs:
- variable: name
label: "Name"
schema:
type: string
- variable: value
label: "Value"
schema:
type: string
- variable: logs
label: "App Log Storage"
description: "Stores the Application Logs."
schema:
additional_attrs: true
type: dict
attrs:
- variable: type
label: "Type of Storage"
description: "Sets the persistence type, Anything other than PVC could break rollback!"
schema:
type: string
default: "simplePVC"
enum:
- value: "simplePVC"
description: "PVC (simple)"
- value: "simpleHP"
description: "HostPath (simple)"
- value: "emptyDir"
description: "emptyDir"
- value: "pvc"
description: "pvc"
- value: "hostPath"
description: "hostPath"
- variable: setPermissionsSimple
label: "Automatic Permissions"
description: "Automatically set permissions on install"
schema:
show_if: [["type", "=", "simpleHP"]]
type: boolean
default: true
- variable: setPermissions
label: "Automatic Permissions"
description: "Automatically set permissions on install"
schema:
show_if: [["type", "=", "hostPath"]]
type: boolean
default: true
- variable: readOnly
label: "readOnly"
schema:
type: boolean
default: false
- variable: hostPathSimple
label: "hostPath"
description: "Path inside the container the storage is mounted"
schema:
show_if: [["type", "=", "simpleHP"]]
type: hostpath
- variable: hostPath
label: "hostPath"
description: "Path inside the container the storage is mounted"
schema:
show_if: [["type", "=", "hostPath"]]
type: hostpath
- variable: medium
label: "EmptyDir Medium"
schema:
show_if: [["type", "=", "emptyDir"]]
type: string
default: ""
enum:
- value: ""
description: "Default"
- value: "Memory"
description: "Memory"
- variable: size
label: "Size quotum of storage"
schema:
show_if: [["type", "=", "pvc"]]
type: string
default: "999Gi"
- variable: hostPathType
label: "(Advanced) hostPath Type"
schema:
show_if: [["type", "=", "hostPath"]]
type: string
default: ""
enum:
- value: ""
description: "Default"
- value: "DirectoryOrCreate"
description: "DirectoryOrCreate"
- value: "Directory"
description: "Directory"
- value: "FileOrCreate"
description: "FileOrCreate"
- value: "File"
description: "File"
- value: "Socket"
description: "Socket"
- value: "CharDevice"
description: "CharDevice"
- value: "BlockDevice"
description: "BlockDevice"
- variable: storageClass
label: "(Advanced) storageClass"
description: "Warning: Anything other than SCALE-ZFS or empty will break rollback!"
schema:
show_if: [["type", "=", "pvc"]]
type: string
default: "SCALE-ZFS"
- variable: accessMode
label: "(Advanced) Access Mode"
description: "Allow or disallow multiple PVC's writhing to the same PV"
schema:
show_if: [["type", "=", "pvc"]]
type: string
default: "ReadWriteOnce"
enum:
- value: "ReadWriteOnce"
description: "ReadWriteOnce"
- value: "ReadOnlyMany"
description: "ReadOnlyMany"
- value: "ReadWriteMany"
description: "ReadWriteMany"
- variable: advanced
label: "Show Advanced Options"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: labelsList
label: "Labels"
schema:
type: list
default: []
items:
- variable: labelItem
label: "Label"
schema:
additional_attrs: true
type: dict
attrs:
- variable: name
label: "Name"
schema:
type: string
- variable: value
label: "Value"
schema:
type: string
- variable: annotationsList
label: "Annotations"
schema:
type: list
default: []
items:
- variable: annotationItem
label: "Label"
schema:
additional_attrs: true
type: dict
attrs:
- variable: name
label: "Name"
schema:
type: string
- variable: value
label: "Value"
schema:
type: string
- variable: backups
label: "App Backup Storage"
description: "Stores the Application Backup."
@ -1890,7 +1564,7 @@ questions:
label: "ReadOnly Root Filesystem"
schema:
type: boolean
default: true
default: false
- variable: allowPrivilegeEscalation
label: "Allow Privilege Escalation"
schema:

76
incubator/linkace/0.0.1/security.md → incubator/linkace/0.0.2/security.md
View File

@ -65,45 +65,56 @@ hide:
| Type | Misconfiguration ID | Check | Severity | Explaination | Links |
|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | <details><summary>Expand...</summary> A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node. <br> <hr> <br> Container &#39;1-create-env-file&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.allowPrivilegeEscalation&#39; to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv001">https://avd.aquasec.com/appshield/ksv001</a><br></details> |
| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | <details><summary>Expand...</summary> A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node. <br> <hr> <br> Container &#39;1-copy-app&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.allowPrivilegeEscalation&#39; to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv001">https://avd.aquasec.com/appshield/ksv001</a><br></details> |
| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | <details><summary>Expand...</summary> A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node. <br> <hr> <br> Container &#39;2-create-env-file&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.allowPrivilegeEscalation&#39; to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv001">https://avd.aquasec.com/appshield/ksv001</a><br></details> |
| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | <details><summary>Expand...</summary> A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node. <br> <hr> <br> Container &#39;3-chmod&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.allowPrivilegeEscalation&#39; to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv001">https://avd.aquasec.com/appshield/ksv001</a><br></details> |
| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | <details><summary>Expand...</summary> A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node. <br> <hr> <br> Container &#39;inotify&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.allowPrivilegeEscalation&#39; to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv001">https://avd.aquasec.com/appshield/ksv001</a><br></details> |
| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | <details><summary>Expand...</summary> A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node. <br> <hr> <br> Container &#39;nginx&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.allowPrivilegeEscalation&#39; to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv001">https://avd.aquasec.com/appshield/ksv001</a><br></details> |
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container &#39;1-create-env-file&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should add &#39;ALL&#39; to &#39;securityContext.capabilities.drop&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container &#39;1-copy-app&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should add &#39;ALL&#39; to &#39;securityContext.capabilities.drop&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container &#39;2-create-env-file&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should add &#39;ALL&#39; to &#39;securityContext.capabilities.drop&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container &#39;3-chmod&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should add &#39;ALL&#39; to &#39;securityContext.capabilities.drop&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container &#39;RELEASE-NAME-linkace&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should add &#39;ALL&#39; to &#39;securityContext.capabilities.drop&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container &#39;inotify&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should add &#39;ALL&#39; to &#39;securityContext.capabilities.drop&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container &#39;nginx&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should add &#39;ALL&#39; to &#39;securityContext.capabilities.drop&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
| Kubernetes Security Check | KSV011 | CPU not limited | LOW | <details><summary>Expand...</summary> Enforcing CPU limits prevents DoS via resource exhaustion. <br> <hr> <br> Container &#39;1-create-env-file&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;resources.limits.cpu&#39; </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv011">https://avd.aquasec.com/appshield/ksv011</a><br></details> |
| Kubernetes Security Check | KSV011 | CPU not limited | LOW | <details><summary>Expand...</summary> Enforcing CPU limits prevents DoS via resource exhaustion. <br> <hr> <br> Container &#39;1-copy-app&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;resources.limits.cpu&#39; </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv011">https://avd.aquasec.com/appshield/ksv011</a><br></details> |
| Kubernetes Security Check | KSV011 | CPU not limited | LOW | <details><summary>Expand...</summary> Enforcing CPU limits prevents DoS via resource exhaustion. <br> <hr> <br> Container &#39;2-create-env-file&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;resources.limits.cpu&#39; </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv011">https://avd.aquasec.com/appshield/ksv011</a><br></details> |
| Kubernetes Security Check | KSV011 | CPU not limited | LOW | <details><summary>Expand...</summary> Enforcing CPU limits prevents DoS via resource exhaustion. <br> <hr> <br> Container &#39;3-chmod&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;resources.limits.cpu&#39; </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv011">https://avd.aquasec.com/appshield/ksv011</a><br></details> |
| Kubernetes Security Check | KSV011 | CPU not limited | LOW | <details><summary>Expand...</summary> Enforcing CPU limits prevents DoS via resource exhaustion. <br> <hr> <br> Container &#39;inotify&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;resources.limits.cpu&#39; </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv011">https://avd.aquasec.com/appshield/ksv011</a><br></details> |
| Kubernetes Security Check | KSV011 | CPU not limited | LOW | <details><summary>Expand...</summary> Enforcing CPU limits prevents DoS via resource exhaustion. <br> <hr> <br> Container &#39;nginx&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;resources.limits.cpu&#39; </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv011">https://avd.aquasec.com/appshield/ksv011</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;1-create-env-file&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;1-copy-app&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;2-create-env-file&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;3-chmod&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;RELEASE-NAME-linkace&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;inotify&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;nginx&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;1-create-env-file&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;1-copy-app&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;2-create-env-file&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;3-chmod&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;RELEASE-NAME-linkace&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;inotify&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;nginx&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV015 | CPU requests not specified | LOW | <details><summary>Expand...</summary> When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. <br> <hr> <br> Container &#39;1-create-env-file&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;resources.requests.cpu&#39; </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv015">https://avd.aquasec.com/appshield/ksv015</a><br></details> |
| Kubernetes Security Check | KSV015 | CPU requests not specified | LOW | <details><summary>Expand...</summary> When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. <br> <hr> <br> Container &#39;1-copy-app&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;resources.requests.cpu&#39; </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv015">https://avd.aquasec.com/appshield/ksv015</a><br></details> |
| Kubernetes Security Check | KSV015 | CPU requests not specified | LOW | <details><summary>Expand...</summary> When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. <br> <hr> <br> Container &#39;2-create-env-file&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;resources.requests.cpu&#39; </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv015">https://avd.aquasec.com/appshield/ksv015</a><br></details> |
| Kubernetes Security Check | KSV015 | CPU requests not specified | LOW | <details><summary>Expand...</summary> When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. <br> <hr> <br> Container &#39;3-chmod&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;resources.requests.cpu&#39; </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv015">https://avd.aquasec.com/appshield/ksv015</a><br></details> |
| Kubernetes Security Check | KSV015 | CPU requests not specified | LOW | <details><summary>Expand...</summary> When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. <br> <hr> <br> Container &#39;inotify&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;resources.requests.cpu&#39; </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv015">https://avd.aquasec.com/appshield/ksv015</a><br></details> |
| Kubernetes Security Check | KSV015 | CPU requests not specified | LOW | <details><summary>Expand...</summary> When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. <br> <hr> <br> Container &#39;nginx&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;resources.requests.cpu&#39; </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv015">https://avd.aquasec.com/appshield/ksv015</a><br></details> |
| Kubernetes Security Check | KSV016 | Memory requests not specified | LOW | <details><summary>Expand...</summary> When containers have memory requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. <br> <hr> <br> Container &#39;1-create-env-file&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;resources.requests.memory&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-resources-limits-memory/">https://kubesec.io/basics/containers-resources-limits-memory/</a><br><a href="https://avd.aquasec.com/appshield/ksv016">https://avd.aquasec.com/appshield/ksv016</a><br></details> |
| Kubernetes Security Check | KSV016 | Memory requests not specified | LOW | <details><summary>Expand...</summary> When containers have memory requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. <br> <hr> <br> Container &#39;1-copy-app&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;resources.requests.memory&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-resources-limits-memory/">https://kubesec.io/basics/containers-resources-limits-memory/</a><br><a href="https://avd.aquasec.com/appshield/ksv016">https://avd.aquasec.com/appshield/ksv016</a><br></details> |
| Kubernetes Security Check | KSV016 | Memory requests not specified | LOW | <details><summary>Expand...</summary> When containers have memory requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. <br> <hr> <br> Container &#39;2-create-env-file&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;resources.requests.memory&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-resources-limits-memory/">https://kubesec.io/basics/containers-resources-limits-memory/</a><br><a href="https://avd.aquasec.com/appshield/ksv016">https://avd.aquasec.com/appshield/ksv016</a><br></details> |
| Kubernetes Security Check | KSV016 | Memory requests not specified | LOW | <details><summary>Expand...</summary> When containers have memory requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. <br> <hr> <br> Container &#39;3-chmod&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;resources.requests.memory&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-resources-limits-memory/">https://kubesec.io/basics/containers-resources-limits-memory/</a><br><a href="https://avd.aquasec.com/appshield/ksv016">https://avd.aquasec.com/appshield/ksv016</a><br></details> |
| Kubernetes Security Check | KSV016 | Memory requests not specified | LOW | <details><summary>Expand...</summary> When containers have memory requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. <br> <hr> <br> Container &#39;inotify&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;resources.requests.memory&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-resources-limits-memory/">https://kubesec.io/basics/containers-resources-limits-memory/</a><br><a href="https://avd.aquasec.com/appshield/ksv016">https://avd.aquasec.com/appshield/ksv016</a><br></details> |
| Kubernetes Security Check | KSV016 | Memory requests not specified | LOW | <details><summary>Expand...</summary> When containers have memory requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. <br> <hr> <br> Container &#39;nginx&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;resources.requests.memory&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-resources-limits-memory/">https://kubesec.io/basics/containers-resources-limits-memory/</a><br><a href="https://avd.aquasec.com/appshield/ksv016">https://avd.aquasec.com/appshield/ksv016</a><br></details> |
| Kubernetes Security Check | KSV017 | Privileged container | HIGH | <details><summary>Expand...</summary> Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges. <br> <hr> <br> Container &#39;inotify&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.privileged&#39; to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline">https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline</a><br><a href="https://avd.aquasec.com/appshield/ksv017">https://avd.aquasec.com/appshield/ksv017</a><br></details> |
| Kubernetes Security Check | KSV018 | Memory not limited | LOW | <details><summary>Expand...</summary> Enforcing memory limits prevents DoS via resource exhaustion. <br> <hr> <br> Container &#39;1-create-env-file&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;resources.limits.memory&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-resources-limits-memory/">https://kubesec.io/basics/containers-resources-limits-memory/</a><br><a href="https://avd.aquasec.com/appshield/ksv018">https://avd.aquasec.com/appshield/ksv018</a><br></details> |
| Kubernetes Security Check | KSV018 | Memory not limited | LOW | <details><summary>Expand...</summary> Enforcing memory limits prevents DoS via resource exhaustion. <br> <hr> <br> Container &#39;1-copy-app&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;resources.limits.memory&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-resources-limits-memory/">https://kubesec.io/basics/containers-resources-limits-memory/</a><br><a href="https://avd.aquasec.com/appshield/ksv018">https://avd.aquasec.com/appshield/ksv018</a><br></details> |
| Kubernetes Security Check | KSV018 | Memory not limited | LOW | <details><summary>Expand...</summary> Enforcing memory limits prevents DoS via resource exhaustion. <br> <hr> <br> Container &#39;2-create-env-file&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;resources.limits.memory&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-resources-limits-memory/">https://kubesec.io/basics/containers-resources-limits-memory/</a><br><a href="https://avd.aquasec.com/appshield/ksv018">https://avd.aquasec.com/appshield/ksv018</a><br></details> |
| Kubernetes Security Check | KSV018 | Memory not limited | LOW | <details><summary>Expand...</summary> Enforcing memory limits prevents DoS via resource exhaustion. <br> <hr> <br> Container &#39;3-chmod&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;resources.limits.memory&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-resources-limits-memory/">https://kubesec.io/basics/containers-resources-limits-memory/</a><br><a href="https://avd.aquasec.com/appshield/ksv018">https://avd.aquasec.com/appshield/ksv018</a><br></details> |
| Kubernetes Security Check | KSV018 | Memory not limited | LOW | <details><summary>Expand...</summary> Enforcing memory limits prevents DoS via resource exhaustion. <br> <hr> <br> Container &#39;inotify&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;resources.limits.memory&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-resources-limits-memory/">https://kubesec.io/basics/containers-resources-limits-memory/</a><br><a href="https://avd.aquasec.com/appshield/ksv018">https://avd.aquasec.com/appshield/ksv018</a><br></details> |
| Kubernetes Security Check | KSV018 | Memory not limited | LOW | <details><summary>Expand...</summary> Enforcing memory limits prevents DoS via resource exhaustion. <br> <hr> <br> Container &#39;nginx&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;resources.limits.memory&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-resources-limits-memory/">https://kubesec.io/basics/containers-resources-limits-memory/</a><br><a href="https://avd.aquasec.com/appshield/ksv018">https://avd.aquasec.com/appshield/ksv018</a><br></details> |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;1-create-env-file&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;1-copy-app&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;2-create-env-file&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;3-chmod&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;RELEASE-NAME-linkace&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;inotify&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;nginx&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;1-create-env-file&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.runAsGroup&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;1-copy-app&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.runAsGroup&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;2-create-env-file&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.runAsGroup&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;3-chmod&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.runAsGroup&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;RELEASE-NAME-linkace&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.runAsGroup&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.runAsGroup&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;inotify&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.runAsGroup&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;nginx&#39; of Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;securityContext.runAsGroup&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
| Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW | <details><summary>Expand...</summary> Containers should be forbidden from running with a root primary or supplementary GID. <br> <hr> <br> Deployment &#39;RELEASE-NAME-linkace&#39; should set &#39;spec.securityContext.runAsGroup&#39;, &#39;spec.securityContext.supplementalGroups[*]&#39; and &#39;spec.securityContext.fsGroup&#39; to integer greater than 0 </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv029">https://avd.aquasec.com/appshield/ksv029</a><br></details> |
## Containers
@ -112,9 +123,10 @@ hide:
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
'tccr.io/truecharts/linkace:v1.9.1@sha256:d56fa76113e3e5ab0889a13bdfb463d12b71b3e2ec839a8ff6fa99ec036be862'
tccr.io/truecharts/linkace:v1.9.1@sha256:d56fa76113e3e5ab0889a13bdfb463d12b71b3e2ec839a8ff6fa99ec036be862
- 'tccr.io/truecharts/nginx:v1.21.6@sha256:80d87a1d4d67749d2caaa64ee061a66a946b81942ac56f4780e36f8356cee371'
'tccr.io/truecharts/linkace:v1.9.1@sha256:88923f556900b0c6b79ea978e3692c690c0a6f9c28d048f2067a803095de1ef1'
'tccr.io/truecharts/linkace:v1.9.1@sha256:88923f556900b0c6b79ea978e3692c690c0a6f9c28d048f2067a803095de1ef1'
'tccr.io/truecharts/linkace:v1.9.1@sha256:88923f556900b0c6b79ea978e3692c690c0a6f9c28d048f2067a803095de1ef1'
tccr.io/truecharts/linkace:v1.9.1@sha256:88923f556900b0c6b79ea978e3692c690c0a6f9c28d048f2067a803095de1ef1
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
tccr.io/truecharts/mariadb:v10.6.5@sha256:c791efc33f2d5fc972dc67bb015deba4b1a10def2b2f5058550f58415a34fb42
@ -191,16 +203,20 @@ hide:
#### Container: tccr.io/truecharts/linkace:v1.9.1@sha256:d56fa76113e3e5ab0889a13bdfb463d12b71b3e2ec839a8ff6fa99ec036be862 (alpine 3.15.0)
#### Container: tccr.io/truecharts/linkace:v1.9.1@sha256:88923f556900b0c6b79ea978e3692c690c0a6f9c28d048f2067a803095de1ef1 (alpine 3.15.0)
**alpine**
| No Vulnerabilities found |
|:---------------------------------|
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| expat | CVE-2022-23852 | CRITICAL | 2.4.3-r0 | 2.4.4-r0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852</a><br><a href="https://github.com/libexpat/libexpat/pull/550">https://github.com/libexpat/libexpat/pull/550</a><br><a href="https://www.tenable.com/security/tns-2022-05">https://www.tenable.com/security/tns-2022-05</a><br></details> |
| expat | CVE-2022-23990 | CRITICAL | 2.4.3-r0 | 2.4.4-r0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990</a><br><a href="https://github.com/libexpat/libexpat/pull/551">https://github.com/libexpat/libexpat/pull/551</a><br><a href="https://www.tenable.com/security/tns-2022-05">https://www.tenable.com/security/tns-2022-05</a><br></details> |
**node-pkg**
@ -219,10 +235,6 @@ hide:
#### Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2)

0
incubator/linkace/0.0.1/templates/_cronjob.tpl → incubator/linkace/0.0.2/templates/_cronjob.tpl
View File

0
incubator/linkace/0.0.1/templates/_secrets.tpl → incubator/linkace/0.0.2/templates/_secrets.tpl
View File

9
incubator/linkace/0.0.2/templates/common.yaml Normal file
View File

@ -0,0 +1,9 @@
{{/* Make sure all variables are set properly */}}
{{ include "common.setup" . }}
{{ include "linkace.cronjob" . }}
{{ include "linkace.secrets" . }}
{{/* Render the templates */}}
{{ include "common.postSetup" . }}

0
incubator/linkace/0.0.1/values.yaml → incubator/linkace/0.0.2/values.yaml
View File