From e77521efc7a1a54b0ac688d0999d6ee29676d57b Mon Sep 17 00:00:00 2001 From: TrueCharts-Bot Date: Thu, 24 Feb 2022 18:24:01 +0000 Subject: [PATCH] Commit new App releases for TrueCharts Signed-off-by: TrueCharts-Bot --- dev/docker-compose/0.0.1/CHANGELOG.md | 10 ---- dev/docker-compose/0.0.2/CHANGELOG.md | 20 ++++++++ dev/docker-compose/{0.0.1 => 0.0.2}/CONFIG.md | 0 .../{0.0.1 => 0.0.2}/Chart.lock | 2 +- .../{0.0.1 => 0.0.2}/Chart.yaml | 4 +- dev/docker-compose/{0.0.1 => 0.0.2}/README.md | 0 .../{0.0.1 => 0.0.2}/app-readme.md | 0 .../{0.0.1 => 0.0.2}/charts/common-8.16.0.tgz | Bin .../{0.0.1 => 0.0.2}/helm-values.md | 2 +- .../{0.0.1 => 0.0.2}/ix_values.yaml | 2 +- .../{0.0.1 => 0.0.2}/questions.yaml | 2 +- .../{0.0.1 => 0.0.2}/security.md | 16 ++++++- .../{0.0.1 => 0.0.2}/templates/common.yaml | 0 .../{0.0.1 => 0.0.2}/values.yaml | 0 dev/docker-compose/item.yaml | 2 +- .../pydio-cells/{1.0.3 => 1.0.4}/CHANGELOG.md | 26 +++++----- stable/pydio-cells/{1.0.3 => 1.0.4}/CONFIG.md | 0 .../pydio-cells/{1.0.3 => 1.0.4}/Chart.lock | 2 +- .../pydio-cells/{1.0.3 => 1.0.4}/Chart.yaml | 2 +- stable/pydio-cells/{1.0.3 => 1.0.4}/README.md | 0 .../{1.0.3 => 1.0.4}/app-readme.md | 0 .../{1.0.3 => 1.0.4}/charts/common-8.16.0.tgz | Bin .../charts/mariadb-1.0.73.tgz | Bin .../{1.0.3 => 1.0.4}/helm-values.md | 30 ++++++++---- .../{1.0.3 => 1.0.4}/ix_values.yaml | 45 ++++++++++++++---- .../{1.0.3 => 1.0.4}/questions.yaml | 8 ++-- .../pydio-cells/{1.0.3 => 1.0.4}/security.md | 6 ++- .../{1.0.3 => 1.0.4}/templates/_configmap.tpl | 0 .../{1.0.3 => 1.0.4}/templates/common.yaml | 0 .../pydio-cells/{1.0.3 => 1.0.4}/values.yaml | 0 30 files changed, 122 insertions(+), 57 deletions(-) delete mode 100644 dev/docker-compose/0.0.1/CHANGELOG.md create mode 100644 dev/docker-compose/0.0.2/CHANGELOG.md rename dev/docker-compose/{0.0.1 => 0.0.2}/CONFIG.md (100%) rename dev/docker-compose/{0.0.1 => 0.0.2}/Chart.lock (78%) rename dev/docker-compose/{0.0.1 => 0.0.2}/Chart.yaml (96%) rename dev/docker-compose/{0.0.1 => 0.0.2}/README.md (100%) rename dev/docker-compose/{0.0.1 => 0.0.2}/app-readme.md (100%) rename dev/docker-compose/{0.0.1 => 0.0.2}/charts/common-8.16.0.tgz (100%) rename dev/docker-compose/{0.0.1 => 0.0.2}/helm-values.md (96%) rename dev/docker-compose/{0.0.1 => 0.0.2}/ix_values.yaml (94%) rename dev/docker-compose/{0.0.1 => 0.0.2}/questions.yaml (99%) rename dev/docker-compose/{0.0.1 => 0.0.2}/security.md (94%) rename dev/docker-compose/{0.0.1 => 0.0.2}/templates/common.yaml (100%) rename dev/docker-compose/{0.0.1 => 0.0.2}/values.yaml (100%) rename stable/pydio-cells/{1.0.3 => 1.0.4}/CHANGELOG.md (87%) rename stable/pydio-cells/{1.0.3 => 1.0.4}/CONFIG.md (100%) rename stable/pydio-cells/{1.0.3 => 1.0.4}/Chart.lock (84%) rename stable/pydio-cells/{1.0.3 => 1.0.4}/Chart.yaml (98%) rename stable/pydio-cells/{1.0.3 => 1.0.4}/README.md (100%) rename stable/pydio-cells/{1.0.3 => 1.0.4}/app-readme.md (100%) rename stable/pydio-cells/{1.0.3 => 1.0.4}/charts/common-8.16.0.tgz (100%) rename stable/pydio-cells/{1.0.3 => 1.0.4}/charts/mariadb-1.0.73.tgz (100%) rename stable/pydio-cells/{1.0.3 => 1.0.4}/helm-values.md (66%) rename stable/pydio-cells/{1.0.3 => 1.0.4}/ix_values.yaml (57%) rename stable/pydio-cells/{1.0.3 => 1.0.4}/questions.yaml (99%) rename stable/pydio-cells/{1.0.3 => 1.0.4}/security.md (99%) rename stable/pydio-cells/{1.0.3 => 1.0.4}/templates/_configmap.tpl (100%) rename stable/pydio-cells/{1.0.3 => 1.0.4}/templates/common.yaml (100%) rename stable/pydio-cells/{1.0.3 => 1.0.4}/values.yaml (100%) diff --git a/dev/docker-compose/0.0.1/CHANGELOG.md b/dev/docker-compose/0.0.1/CHANGELOG.md deleted file mode 100644 index efe802c6bb7..00000000000 --- a/dev/docker-compose/0.0.1/CHANGELOG.md +++ /dev/null @@ -1,10 +0,0 @@ -# Changelog
- - - -### docker-compose-0.0.1 (2022-02-24) - -#### Feat - -* add a dedicated App for using Docker-Compose ([#1954](https://github.com/truecharts/apps/issues/1954)) - diff --git a/dev/docker-compose/0.0.2/CHANGELOG.md b/dev/docker-compose/0.0.2/CHANGELOG.md new file mode 100644 index 00000000000..c3b428badea --- /dev/null +++ b/dev/docker-compose/0.0.2/CHANGELOG.md @@ -0,0 +1,20 @@ +# Changelog
+ + + +### [docker-compose-0.0.2](https://github.com/truecharts/apps/compare/docker-compose-0.0.1...docker-compose-0.0.2) (2022-02-24) + +#### Chore + +* rename `web_portal` to `open` ([#1957](https://github.com/truecharts/apps/issues/1957)) +* Update adding tc catalog ([#1956](https://github.com/truecharts/apps/issues/1956)) + + + + +### docker-compose-0.0.1 (2022-02-24) + +#### Feat + +* add a dedicated App for using Docker-Compose ([#1954](https://github.com/truecharts/apps/issues/1954)) + diff --git a/dev/docker-compose/0.0.1/CONFIG.md b/dev/docker-compose/0.0.2/CONFIG.md similarity index 100% rename from dev/docker-compose/0.0.1/CONFIG.md rename to dev/docker-compose/0.0.2/CONFIG.md diff --git a/dev/docker-compose/0.0.1/Chart.lock b/dev/docker-compose/0.0.2/Chart.lock similarity index 78% rename from dev/docker-compose/0.0.1/Chart.lock rename to dev/docker-compose/0.0.2/Chart.lock index a87d808995f..9786e27710e 100644 --- a/dev/docker-compose/0.0.1/Chart.lock +++ b/dev/docker-compose/0.0.2/Chart.lock @@ -3,4 +3,4 @@ dependencies: repository: https://truecharts.org version: 8.16.0 digest: sha256:fa603eaefc7f57029052919d45fd45424e58a69f707af7b657afd49a4b41a435 -generated: "2022-02-24T15:51:11.652031381Z" +generated: "2022-02-24T18:19:25.650140959Z" diff --git a/dev/docker-compose/0.0.1/Chart.yaml b/dev/docker-compose/0.0.2/Chart.yaml similarity index 96% rename from dev/docker-compose/0.0.1/Chart.yaml rename to dev/docker-compose/0.0.2/Chart.yaml index 9e8b4c11e4c..64593704f87 100644 --- a/dev/docker-compose/0.0.1/Chart.yaml +++ b/dev/docker-compose/0.0.2/Chart.yaml @@ -7,7 +7,7 @@ dependencies: deprecated: false description: Dedicated App for using Docker-Compose on TrueNAS SCALE home: https://github.com/truecharts/apps/tree/master/charts/dev/docker-compose -icon: https://truecharts.org/_static/img/appicons/docker-compose.png +icon: https://truecharts.org/_static/img/appicons/docker-compose-icon.png keywords: - docker-compose - docker @@ -20,7 +20,7 @@ name: docker-compose sources: - https://github.com/Jackett/Jackett type: application -version: 0.0.1 +version: 0.0.2 annotations: truecharts.org/catagories: | - docker diff --git a/dev/docker-compose/0.0.1/README.md b/dev/docker-compose/0.0.2/README.md similarity index 100% rename from dev/docker-compose/0.0.1/README.md rename to dev/docker-compose/0.0.2/README.md diff --git a/dev/docker-compose/0.0.1/app-readme.md b/dev/docker-compose/0.0.2/app-readme.md similarity index 100% rename from dev/docker-compose/0.0.1/app-readme.md rename to dev/docker-compose/0.0.2/app-readme.md diff --git a/dev/docker-compose/0.0.1/charts/common-8.16.0.tgz b/dev/docker-compose/0.0.2/charts/common-8.16.0.tgz similarity index 100% rename from dev/docker-compose/0.0.1/charts/common-8.16.0.tgz rename to dev/docker-compose/0.0.2/charts/common-8.16.0.tgz diff --git a/dev/docker-compose/0.0.1/helm-values.md b/dev/docker-compose/0.0.2/helm-values.md similarity index 96% rename from dev/docker-compose/0.0.1/helm-values.md rename to dev/docker-compose/0.0.2/helm-values.md index f74c01fbd24..828c079376c 100644 --- a/dev/docker-compose/0.0.1/helm-values.md +++ b/dev/docker-compose/0.0.2/helm-values.md @@ -22,7 +22,7 @@ You will, however, be able to use all values referenced in the common chart here | hostNetwork | bool | `true` | | | image.pullPolicy | string | `"IfNotPresent"` | | | image.repository | string | `"tccr.io/truecharts/docker-in-docker"` | | -| image.tag | string | `"v20.10.12@sha256:e672e85d8141beffea3f7e5b97c79a2bca726bde478474e845fc338a08a1092f"` | | +| image.tag | string | `"v20.10.12@sha256:c62daf2fbd0b520a5849a5b463b059207e3669c892131eff1f0cf22d3b053deb"` | | | persistence.docker-certs-ca.enabled | bool | `true` | | | persistence.docker-certs-ca.mountPath | string | `"/config"` | | | persistence.mnt.enabled | bool | `true` | | diff --git a/dev/docker-compose/0.0.1/ix_values.yaml b/dev/docker-compose/0.0.2/ix_values.yaml similarity index 94% rename from dev/docker-compose/0.0.1/ix_values.yaml rename to dev/docker-compose/0.0.2/ix_values.yaml index 815882e845c..8d2150ca140 100644 --- a/dev/docker-compose/0.0.1/ix_values.yaml +++ b/dev/docker-compose/0.0.2/ix_values.yaml @@ -1,7 +1,7 @@ image: repository: tccr.io/truecharts/docker-in-docker pullPolicy: IfNotPresent - tag: v20.10.12@sha256:e672e85d8141beffea3f7e5b97c79a2bca726bde478474e845fc338a08a1092f + tag: v20.10.12@sha256:c62daf2fbd0b520a5849a5b463b059207e3669c892131eff1f0cf22d3b053deb controller: # -- Set the controller type. diff --git a/dev/docker-compose/0.0.1/questions.yaml b/dev/docker-compose/0.0.2/questions.yaml similarity index 99% rename from dev/docker-compose/0.0.1/questions.yaml rename to dev/docker-compose/0.0.2/questions.yaml index fa8c847c947..c18b3e807b5 100644 --- a/dev/docker-compose/0.0.1/questions.yaml +++ b/dev/docker-compose/0.0.2/questions.yaml @@ -26,7 +26,7 @@ groups: - name: "Advanced" description: "Advanced Configuration" portals: - web_portal: + open: protocols: - "$kubernetes-resource_configmap_portal_protocol" host: diff --git a/dev/docker-compose/0.0.1/security.md b/dev/docker-compose/0.0.2/security.md similarity index 94% rename from dev/docker-compose/0.0.1/security.md rename to dev/docker-compose/0.0.2/security.md index eeadf9e90f7..08b7fce2ae6 100644 --- a/dev/docker-compose/0.0.1/security.md +++ b/dev/docker-compose/0.0.2/security.md @@ -49,7 +49,7 @@ hide: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c - tccr.io/truecharts/docker-in-docker:v20.10.12@sha256:e672e85d8141beffea3f7e5b97c79a2bca726bde478474e845fc338a08a1092f + tccr.io/truecharts/docker-in-docker:v20.10.12@sha256:c62daf2fbd0b520a5849a5b463b059207e3669c892131eff1f0cf22d3b053deb ##### Scan Results @@ -118,4 +118,18 @@ hide: | ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Expand...https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
| +#### Container: tccr.io/truecharts/docker-in-docker:v20.10.12@sha256:c62daf2fbd0b520a5849a5b463b059207e3669c892131eff1f0cf22d3b053deb (alpine 3.15.0) + + +**alpine** + + +| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | +|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| +| libblkid | CVE-2021-3995 | MEDIUM | 2.37.2-r1 | 2.37.3-r0 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
https://ubuntu.com/security/notices/USN-5279-1
https://www.openwall.com/lists/oss-security/2022/01/24/2
| +| libblkid | CVE-2021-3996 | MEDIUM | 2.37.2-r1 | 2.37.3-r0 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
https://ubuntu.com/security/notices/USN-5279-1
https://www.openwall.com/lists/oss-security/2022/01/24/2
| +| libblkid | CVE-2022-0563 | MEDIUM | 2.37.2-r1 | 2.37.4-r0 |
Expand...https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u
| +| libuuid | CVE-2021-3995 | MEDIUM | 2.37.2-r1 | 2.37.3-r0 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
https://ubuntu.com/security/notices/USN-5279-1
https://www.openwall.com/lists/oss-security/2022/01/24/2
| +| libuuid | CVE-2021-3996 | MEDIUM | 2.37.2-r1 | 2.37.3-r0 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
https://ubuntu.com/security/notices/USN-5279-1
https://www.openwall.com/lists/oss-security/2022/01/24/2
| +| libuuid | CVE-2022-0563 | MEDIUM | 2.37.2-r1 | 2.37.4-r0 |
Expand...https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u
| diff --git a/dev/docker-compose/0.0.1/templates/common.yaml b/dev/docker-compose/0.0.2/templates/common.yaml similarity index 100% rename from dev/docker-compose/0.0.1/templates/common.yaml rename to dev/docker-compose/0.0.2/templates/common.yaml diff --git a/dev/docker-compose/0.0.1/values.yaml b/dev/docker-compose/0.0.2/values.yaml similarity index 100% rename from dev/docker-compose/0.0.1/values.yaml rename to dev/docker-compose/0.0.2/values.yaml diff --git a/dev/docker-compose/item.yaml b/dev/docker-compose/item.yaml index b1d2998f918..f04b948b8b9 100644 --- a/dev/docker-compose/item.yaml +++ b/dev/docker-compose/item.yaml @@ -1,4 +1,4 @@ -icon_url: https://truecharts.org/_static/img/appicons/docker-compose.png +icon_url: https://truecharts.org/_static/img/appicons/docker-compose-icon.png categories: - docker - test diff --git a/stable/pydio-cells/1.0.3/CHANGELOG.md b/stable/pydio-cells/1.0.4/CHANGELOG.md similarity index 87% rename from stable/pydio-cells/1.0.3/CHANGELOG.md rename to stable/pydio-cells/1.0.4/CHANGELOG.md index e7927ebcb97..a5c403f5ba2 100644 --- a/stable/pydio-cells/1.0.3/CHANGELOG.md +++ b/stable/pydio-cells/1.0.4/CHANGELOG.md @@ -1,6 +1,19 @@ # Changelog
+ +### [pydio-cells-1.0.4](https://github.com/truecharts/apps/compare/pydio-cells-1.0.3...pydio-cells-1.0.4) (2022-02-24) + +#### Chore + +* rename `web_portal` to `open` ([#1957](https://github.com/truecharts/apps/issues/1957)) + +#### Fix + +* Use different port for healthcheck ([#1949](https://github.com/truecharts/apps/issues/1949)) + + + ### [pydio-cells-1.0.3](https://github.com/truecharts/apps/compare/pydio-cells-1.0.2...pydio-cells-1.0.3) (2022-02-23) @@ -84,16 +97,3 @@ ### [pydio-cells-0.0.19](https://github.com/truecharts/apps/compare/pydio-cells-0.0.18...pydio-cells-0.0.19) (2022-02-03) - -#### Chore - -* update docker general non-major ([#1836](https://github.com/truecharts/apps/issues/1836)) - - - - -### [pydio-cells-0.0.18](https://github.com/truecharts/apps/compare/pydio-cells-0.0.17...pydio-cells-0.0.18) (2022-02-02) - -#### Chore - -* update helm general non-major helm releases ([#1828](https://github.com/truecharts/apps/issues/1828)) diff --git a/stable/pydio-cells/1.0.3/CONFIG.md b/stable/pydio-cells/1.0.4/CONFIG.md similarity index 100% rename from stable/pydio-cells/1.0.3/CONFIG.md rename to stable/pydio-cells/1.0.4/CONFIG.md diff --git a/stable/pydio-cells/1.0.3/Chart.lock b/stable/pydio-cells/1.0.4/Chart.lock similarity index 84% rename from stable/pydio-cells/1.0.3/Chart.lock rename to stable/pydio-cells/1.0.4/Chart.lock index 4a358d9bec7..65429868e95 100644 --- a/stable/pydio-cells/1.0.3/Chart.lock +++ b/stable/pydio-cells/1.0.4/Chart.lock @@ -6,4 +6,4 @@ dependencies: repository: https://truecharts.org/ version: 1.0.73 digest: sha256:bf23758781a4e58ea35281ddb9500db7987638dd59f752088b97e00b948b1e8e -generated: "2022-02-23T07:45:47.314972842Z" +generated: "2022-02-24T18:19:26.092752475Z" diff --git a/stable/pydio-cells/1.0.3/Chart.yaml b/stable/pydio-cells/1.0.4/Chart.yaml similarity index 98% rename from stable/pydio-cells/1.0.3/Chart.yaml rename to stable/pydio-cells/1.0.4/Chart.yaml index 536600f2b1b..7c08711fc16 100644 --- a/stable/pydio-cells/1.0.3/Chart.yaml +++ b/stable/pydio-cells/1.0.4/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 kubeVersion: ">=1.16.0-0" name: pydio-cells -version: 1.0.3 +version: 1.0.4 appVersion: "3.0.4" description: Pydio-cells is the nextgen file sharing platform for organizations. type: application diff --git a/stable/pydio-cells/1.0.3/README.md b/stable/pydio-cells/1.0.4/README.md similarity index 100% rename from stable/pydio-cells/1.0.3/README.md rename to stable/pydio-cells/1.0.4/README.md diff --git a/stable/pydio-cells/1.0.3/app-readme.md b/stable/pydio-cells/1.0.4/app-readme.md similarity index 100% rename from stable/pydio-cells/1.0.3/app-readme.md rename to stable/pydio-cells/1.0.4/app-readme.md diff --git a/stable/pydio-cells/1.0.3/charts/common-8.16.0.tgz b/stable/pydio-cells/1.0.4/charts/common-8.16.0.tgz similarity index 100% rename from stable/pydio-cells/1.0.3/charts/common-8.16.0.tgz rename to stable/pydio-cells/1.0.4/charts/common-8.16.0.tgz diff --git a/stable/pydio-cells/1.0.3/charts/mariadb-1.0.73.tgz b/stable/pydio-cells/1.0.4/charts/mariadb-1.0.73.tgz similarity index 100% rename from stable/pydio-cells/1.0.3/charts/mariadb-1.0.73.tgz rename to stable/pydio-cells/1.0.4/charts/mariadb-1.0.73.tgz diff --git a/stable/pydio-cells/1.0.3/helm-values.md b/stable/pydio-cells/1.0.4/helm-values.md similarity index 66% rename from stable/pydio-cells/1.0.3/helm-values.md rename to stable/pydio-cells/1.0.4/helm-values.md index 1c1e726927b..a2590677f27 100644 --- a/stable/pydio-cells/1.0.3/helm-values.md +++ b/stable/pydio-cells/1.0.4/helm-values.md @@ -11,11 +11,11 @@ You will, however, be able to use all values referenced in the common chart here | Key | Type | Default | Description | |-----|------|---------|-------------| -| env.CELLS_BIND | string | `"0.0.0.0:{{ .Values.service.main.ports.main.targetPort }}"` | | +| env.CELLS_BIND | string | `"0.0.0.0:{{ .Values.service.main.ports.main.port }}"` | | | env.CELLS_DATA_DIR | string | `"/cells/data"` | | | env.CELLS_EXTERNAL | string | `""` | | -| env.CELLS_GRPC_EXTERNAL | string | `"{{ .Values.service.gprc.ports.gprc.targetPort }}"` | | -| env.CELLS_HEALTHCHECK | string | `"{{ .Values.service.main.ports.main.targetPort }}"` | | +| env.CELLS_GRPC_EXTERNAL | string | `"{{ .Values.service.gprc.ports.gprc.port }}"` | | +| env.CELLS_HEALTHCHECK | string | `"{{ .Values.service.healthcheck.ports.healthcheck.port }}"` | | | env.CELLS_INSTALL_YAML | string | `"/cells/install.yml"` | | | env.CELLS_LOG_DIR | string | `"/cells/logs"` | | | env.CELLS_SERVICES_DIR | string | `"/cells/services"` | | @@ -35,18 +35,32 @@ You will, however, be able to use all values referenced in the common chart here | persistence.logs.mountPath | string | `"/cells/logs"` | | | persistence.services.enabled | bool | `true` | | | persistence.services.mountPath | string | `"/cells/services"` | | -| probes.liveness.path | string | `"/healthcheck"` | | -| probes.readiness.path | string | `"/healthcheck"` | | -| probes.startup.path | string | `"/healthcheck"` | | +| podSecurityContext.runAsGroup | int | `0` | | +| podSecurityContext.runAsUser | int | `0` | | +| probes.liveness.custom | bool | `true` | | +| probes.liveness.spec.httpGet.path | string | `"/healthcheck"` | | +| probes.liveness.spec.httpGet.port | int | `10162` | | +| probes.liveness.spec.httpGet.scheme | string | `"HTTP"` | | +| probes.readiness.custom | bool | `true` | | +| probes.readiness.spec.httpGet.path | string | `"/healthcheck"` | | +| probes.readiness.spec.httpGet.port | int | `10162` | | +| probes.readiness.spec.httpGet.scheme | string | `"HTTP"` | | +| probes.startup.custom | bool | `true` | | +| probes.startup.spec.httpGet.path | string | `"/healthcheck"` | | +| probes.startup.spec.httpGet.port | int | `10162` | | +| probes.startup.spec.httpGet.scheme | string | `"HTTP"` | | | pydioinstall.password | string | `"supersecret"` | | | pydioinstall.title | string | `"Pydio Cells"` | | | pydioinstall.username | string | `"admin"` | | +| securityContext.readOnlyRootFilesystem | bool | `false` | | +| securityContext.runAsNonRoot | bool | `false` | | | service.gprc.enabled | bool | `true` | | | service.gprc.ports.gprc.enabled | bool | `true` | | | service.gprc.ports.gprc.port | int | `33060` | | -| service.gprc.ports.gprc.targetPort | int | `33060` | | +| service.healthcheck.enabled | bool | `true` | | +| service.healthcheck.ports.healthcheck.enabled | bool | `true` | | +| service.healthcheck.ports.healthcheck.port | int | `10162` | | | service.main.ports.main.port | int | `10150` | | | service.main.ports.main.protocol | string | `"HTTPS"` | | -| service.main.ports.main.targetPort | int | `10150` | | All Rights Reserved - The TrueCharts Project diff --git a/stable/pydio-cells/1.0.3/ix_values.yaml b/stable/pydio-cells/1.0.4/ix_values.yaml similarity index 57% rename from stable/pydio-cells/1.0.3/ix_values.yaml rename to stable/pydio-cells/1.0.4/ix_values.yaml index bb0a5ac652e..381b2a29de4 100644 --- a/stable/pydio-cells/1.0.3/ix_values.yaml +++ b/stable/pydio-cells/1.0.4/ix_values.yaml @@ -3,11 +3,19 @@ image: pullPolicy: IfNotPresent tag: v3.0.4@sha256:81c6f8675ffc243af9ffab5a43da0ed50f33f0c153c352aad027127c3c0318ad +securityContext: + readOnlyRootFilesystem: false + runAsNonRoot: false + +podSecurityContext: + runAsUser: 0 + runAsGroup: 0 + env: CELLS_EXTERNAL: "" - CELLS_GRPC_EXTERNAL: "{{ .Values.service.gprc.ports.gprc.targetPort }}" - CELLS_HEALTHCHECK: "{{ .Values.service.main.ports.main.targetPort }}" - CELLS_BIND: "0.0.0.0:{{ .Values.service.main.ports.main.targetPort }}" + CELLS_GRPC_EXTERNAL: "{{ .Values.service.gprc.ports.gprc.port }}" + CELLS_HEALTHCHECK: "{{ .Values.service.healthcheck.ports.healthcheck.port }}" + CELLS_BIND: "0.0.0.0:{{ .Values.service.main.ports.main.port }}" CELLS_WORKING_DIR: "/cells" CELLS_DATA_DIR: "/cells/data" CELLS_LOG_DIR: "/cells/logs" @@ -21,28 +29,45 @@ pydioinstall: probes: liveness: - path: "/healthcheck" - + custom: true + spec: + httpGet: + scheme: HTTP + path: "/healthcheck" + port: 10162 readiness: - path: "/healthcheck" - + custom: true + spec: + httpGet: + scheme: HTTP + path: "/healthcheck" + port: 10162 startup: - path: "/healthcheck" + custom: true + spec: + httpGet: + scheme: HTTP + path: "/healthcheck" + port: 10162 service: main: ports: main: protocol: HTTPS - targetPort: 10150 port: 10150 gprc: enabled: true ports: gprc: enabled: true - targetPort: 33060 port: 33060 + healthcheck: + enabled: true + ports: + healthcheck: + enabled: true + port: 10162 persistence: cells: diff --git a/stable/pydio-cells/1.0.3/questions.yaml b/stable/pydio-cells/1.0.4/questions.yaml similarity index 99% rename from stable/pydio-cells/1.0.3/questions.yaml rename to stable/pydio-cells/1.0.4/questions.yaml index b0f8c3a2743..949de22aeb2 100644 --- a/stable/pydio-cells/1.0.3/questions.yaml +++ b/stable/pydio-cells/1.0.4/questions.yaml @@ -26,7 +26,7 @@ groups: - name: "Advanced" description: "Advanced Configuration" portals: - web_portal: + open: protocols: - "$kubernetes-resource_configmap_portal_protocol" host: @@ -1934,7 +1934,7 @@ questions: label: "runAsNonRoot" schema: type: boolean - default: true + default: false - variable: capabilities label: "Capabilities" schema: @@ -1974,13 +1974,13 @@ questions: description: "The UserID of the user running the application" schema: type: int - default: 568 + default: 0 - variable: runAsGroup label: "runAsGroup" description: The groupID this App of the user running the application" schema: type: int - default: 568 + default: 0 - variable: fsGroup label: "fsGroup" description: "The group that should own ALL storage." diff --git a/stable/pydio-cells/1.0.3/security.md b/stable/pydio-cells/1.0.4/security.md similarity index 99% rename from stable/pydio-cells/1.0.3/security.md rename to stable/pydio-cells/1.0.4/security.md index 042bf45a184..36367c94ad8 100644 --- a/stable/pydio-cells/1.0.3/security.md +++ b/stable/pydio-cells/1.0.4/security.md @@ -45,8 +45,10 @@ hide: | Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW |
Expand... The container should drop all default capabilities and add only those that are needed for its execution.

Container 'RELEASE-NAME-pydio-cells' of Deployment 'RELEASE-NAME-pydio-cells' should add 'ALL' to 'securityContext.capabilities.drop'
|
Expand...https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003
| | Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW |
Expand... The container should drop all default capabilities and add only those that are needed for its execution.

Container 'inotify' of Deployment 'RELEASE-NAME-pydio-cells' should add 'ALL' to 'securityContext.capabilities.drop'
|
Expand...https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003
| | Kubernetes Security Check | KSV011 | CPU not limited | LOW |
Expand... Enforcing CPU limits prevents DoS via resource exhaustion.

Container 'inotify' of Deployment 'RELEASE-NAME-pydio-cells' should set 'resources.limits.cpu'
|
Expand...https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits
https://avd.aquasec.com/appshield/ksv011
| +| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.

Container 'RELEASE-NAME-pydio-cells' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
| | Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.

Container 'autopermissions' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
| | Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.

Container 'inotify' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
| +| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.

Container 'RELEASE-NAME-pydio-cells' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.readOnlyRootFilesystem' to true
|
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
| | Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.

Container 'autopermissions' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.readOnlyRootFilesystem' to true
|
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
| | Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.

Container 'inotify' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.readOnlyRootFilesystem' to true
|
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
| | Kubernetes Security Check | KSV015 | CPU requests not specified | LOW |
Expand... When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention.

Container 'inotify' of Deployment 'RELEASE-NAME-pydio-cells' should set 'resources.requests.cpu'
|
Expand...https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits
https://avd.aquasec.com/appshield/ksv015
| @@ -327,8 +329,8 @@ hide: | libpcre3 | CVE-2017-7245 | LOW | 2:8.39-12 | |
Expand...http://www.securityfocus.com/bid/97067
https://access.redhat.com/errata/RHSA-2018:2486
https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
https://security.gentoo.org/glsa/201710-25
| | libpcre3 | CVE-2017-7246 | LOW | 2:8.39-12 | |
Expand...http://www.securityfocus.com/bid/97067
https://access.redhat.com/errata/RHSA-2018:2486
https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
https://security.gentoo.org/glsa/201710-25
| | libpcre3 | CVE-2019-20838 | LOW | 2:8.39-12 | |
Expand...http://seclists.org/fulldisclosure/2020/Dec/32
http://seclists.org/fulldisclosure/2021/Feb/14
https://bugs.gentoo.org/717920
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838
https://linux.oracle.com/cve/CVE-2019-20838.html
https://linux.oracle.com/errata/ELSA-2021-4373.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://support.apple.com/kb/HT211931
https://support.apple.com/kb/HT212147
https://www.pcre.org/original/changelog.txt
| -| libsasl2-2 | CVE-2022-24407 | HIGH | 2.1.27+dfsg-1+deb10u1 | |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407
https://ubuntu.com/security/notices/USN-5301-1
https://ubuntu.com/security/notices/USN-5301-2
| -| libsasl2-modules-db | CVE-2022-24407 | HIGH | 2.1.27+dfsg-1+deb10u1 | |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407
https://ubuntu.com/security/notices/USN-5301-1
https://ubuntu.com/security/notices/USN-5301-2
| +| libsasl2-2 | CVE-2022-24407 | CRITICAL | 2.1.27+dfsg-1+deb10u1 | |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407
https://linux.oracle.com/cve/CVE-2022-24407.html
https://linux.oracle.com/errata/ELSA-2022-0658.html
https://ubuntu.com/security/notices/USN-5301-1
https://ubuntu.com/security/notices/USN-5301-2
https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28
| +| libsasl2-modules-db | CVE-2022-24407 | CRITICAL | 2.1.27+dfsg-1+deb10u1 | |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407
https://linux.oracle.com/cve/CVE-2022-24407.html
https://linux.oracle.com/errata/ELSA-2022-0658.html
https://ubuntu.com/security/notices/USN-5301-1
https://ubuntu.com/security/notices/USN-5301-2
https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28
| | libseccomp2 | CVE-2019-9893 | LOW | 2.3.3-4 | |
Expand...http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00027.html
http://www.paul-moore.com/blog/d/2019/03/libseccomp_v240.html
https://access.redhat.com/errata/RHSA-2019:3624
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893
https://github.com/seccomp/libseccomp/issues/139
https://linux.oracle.com/cve/CVE-2019-9893.html
https://linux.oracle.com/errata/ELSA-2019-3624.html
https://seclists.org/oss-sec/2019/q1/179
https://security.gentoo.org/glsa/201904-18
https://ubuntu.com/security/notices/USN-4001-1
https://ubuntu.com/security/notices/USN-4001-2
https://usn.ubuntu.com/4001-1/
https://usn.ubuntu.com/4001-2/
https://www.openwall.com/lists/oss-security/2019/03/15/1
| | libsepol1 | CVE-2021-36084 | LOW | 2.8-1 | |
Expand...https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084
https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml
https://linux.oracle.com/cve/CVE-2021-36084.html
https://linux.oracle.com/errata/ELSA-2021-4513.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/
| | libsepol1 | CVE-2021-36085 | LOW | 2.8-1 | |
Expand...https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085
https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml
https://linux.oracle.com/cve/CVE-2021-36085.html
https://linux.oracle.com/errata/ELSA-2021-4513.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/
| diff --git a/stable/pydio-cells/1.0.3/templates/_configmap.tpl b/stable/pydio-cells/1.0.4/templates/_configmap.tpl similarity index 100% rename from stable/pydio-cells/1.0.3/templates/_configmap.tpl rename to stable/pydio-cells/1.0.4/templates/_configmap.tpl diff --git a/stable/pydio-cells/1.0.3/templates/common.yaml b/stable/pydio-cells/1.0.4/templates/common.yaml similarity index 100% rename from stable/pydio-cells/1.0.3/templates/common.yaml rename to stable/pydio-cells/1.0.4/templates/common.yaml diff --git a/stable/pydio-cells/1.0.3/values.yaml b/stable/pydio-cells/1.0.4/values.yaml similarity index 100% rename from stable/pydio-cells/1.0.3/values.yaml rename to stable/pydio-cells/1.0.4/values.yaml