From f827bacf886b38f196a60e6efe443d13725da916 Mon Sep 17 00:00:00 2001 From: TrueCharts-Bot Date: Sun, 9 Jan 2022 12:08:40 +0000 Subject: [PATCH] Commit new App releases for TrueCharts Signed-off-by: TrueCharts-Bot --- .../{0.0.11 => 0.0.12}/CHANGELOG.md | 16 +++++++++------- .../{0.0.11 => 0.0.12}/CONFIG.md | 0 .../{0.0.11 => 0.0.12}/Chart.lock | 2 +- .../{0.0.11 => 0.0.12}/Chart.yaml | 2 +- .../{0.0.11 => 0.0.12}/README.md | 0 .../{0.0.11 => 0.0.12}/app-readme.md | 0 .../{0.0.11 => 0.0.12}/charts/common-8.10.2.tgz | Bin .../{0.0.11 => 0.0.12}/helm-values.md | 1 + .../{0.0.11 => 0.0.12}/ix_values.yaml | 1 + .../{0.0.11 => 0.0.12}/questions.yaml | 11 +++++++++-- .../{0.0.11 => 0.0.12}/security.md | 1 + .../{0.0.11 => 0.0.12}/templates/common.yaml | 0 .../{0.0.11 => 0.0.12}/values.yaml | 0 13 files changed, 23 insertions(+), 11 deletions(-) rename stable/openvscode-server/{0.0.11 => 0.0.12}/CHANGELOG.md (90%) rename stable/openvscode-server/{0.0.11 => 0.0.12}/CONFIG.md (100%) rename stable/openvscode-server/{0.0.11 => 0.0.12}/Chart.lock (78%) rename stable/openvscode-server/{0.0.11 => 0.0.12}/Chart.yaml (98%) rename stable/openvscode-server/{0.0.11 => 0.0.12}/README.md (100%) rename stable/openvscode-server/{0.0.11 => 0.0.12}/app-readme.md (100%) rename stable/openvscode-server/{0.0.11 => 0.0.12}/charts/common-8.10.2.tgz (100%) rename stable/openvscode-server/{0.0.11 => 0.0.12}/helm-values.md (95%) rename stable/openvscode-server/{0.0.11 => 0.0.12}/ix_values.yaml (93%) rename stable/openvscode-server/{0.0.11 => 0.0.12}/questions.yaml (99%) rename stable/openvscode-server/{0.0.11 => 0.0.12}/security.md (99%) rename stable/openvscode-server/{0.0.11 => 0.0.12}/templates/common.yaml (100%) rename stable/openvscode-server/{0.0.11 => 0.0.12}/values.yaml (100%) diff --git a/stable/openvscode-server/0.0.11/CHANGELOG.md b/stable/openvscode-server/0.0.12/CHANGELOG.md similarity index 90% rename from stable/openvscode-server/0.0.11/CHANGELOG.md rename to stable/openvscode-server/0.0.12/CHANGELOG.md index 16a0b7e7542..9dc39d0be96 100644 --- a/stable/openvscode-server/0.0.11/CHANGELOG.md +++ b/stable/openvscode-server/0.0.12/CHANGELOG.md @@ -1,6 +1,15 @@ # Changelog
+ +### [openvscode-server-0.0.12](https://github.com/truecharts/apps/compare/openvscode-server-0.0.11...openvscode-server-0.0.12) (2022-01-09) + +#### Fix + +* allow rootfs access, make token required ([#1611](https://github.com/truecharts/apps/issues/1611)) + + + ### [openvscode-server-0.0.11](https://github.com/truecharts/apps/compare/openvscode-server-0.0.10...openvscode-server-0.0.11) (2022-01-04) @@ -88,10 +97,3 @@ ### [openvscode-server-0.0.2](https://github.com/truecharts/apps/compare/openvscode-server-0.0.1...openvscode-server-0.0.2) (2021-12-13) #### Chore - -* update docker general non-major ([#1522](https://github.com/truecharts/apps/issues/1522)) - - - - -### openvscode-server-0.0.1 (2021-12-12) diff --git a/stable/openvscode-server/0.0.11/CONFIG.md b/stable/openvscode-server/0.0.12/CONFIG.md similarity index 100% rename from stable/openvscode-server/0.0.11/CONFIG.md rename to stable/openvscode-server/0.0.12/CONFIG.md diff --git a/stable/openvscode-server/0.0.11/Chart.lock b/stable/openvscode-server/0.0.12/Chart.lock similarity index 78% rename from stable/openvscode-server/0.0.11/Chart.lock rename to stable/openvscode-server/0.0.12/Chart.lock index 2ac945aeaf7..ec6cab6a564 100644 --- a/stable/openvscode-server/0.0.11/Chart.lock +++ b/stable/openvscode-server/0.0.12/Chart.lock @@ -3,4 +3,4 @@ dependencies: repository: https://truecharts.org version: 8.10.2 digest: sha256:7ded42c1a558931bd6b9e4b585e7f1a6c96709256b3ec39317be9049c07bf96e -generated: "2022-01-04T20:31:34.217537111Z" +generated: "2022-01-09T12:05:42.014385763Z" diff --git a/stable/openvscode-server/0.0.11/Chart.yaml b/stable/openvscode-server/0.0.12/Chart.yaml similarity index 98% rename from stable/openvscode-server/0.0.11/Chart.yaml rename to stable/openvscode-server/0.0.12/Chart.yaml index bf87cf25c62..1a0c6d0c85c 100644 --- a/stable/openvscode-server/0.0.11/Chart.yaml +++ b/stable/openvscode-server/0.0.12/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 kubeVersion: ">=1.16.0-0" name: openvscode-server -version: 0.0.11 +version: 0.0.12 appVersion: "1.63.2" description: Openvscode-server provides a version of VS Code that runs a server on a remote machine. type: application diff --git a/stable/openvscode-server/0.0.11/README.md b/stable/openvscode-server/0.0.12/README.md similarity index 100% rename from stable/openvscode-server/0.0.11/README.md rename to stable/openvscode-server/0.0.12/README.md diff --git a/stable/openvscode-server/0.0.11/app-readme.md b/stable/openvscode-server/0.0.12/app-readme.md similarity index 100% rename from stable/openvscode-server/0.0.11/app-readme.md rename to stable/openvscode-server/0.0.12/app-readme.md diff --git a/stable/openvscode-server/0.0.11/charts/common-8.10.2.tgz b/stable/openvscode-server/0.0.12/charts/common-8.10.2.tgz similarity index 100% rename from stable/openvscode-server/0.0.11/charts/common-8.10.2.tgz rename to stable/openvscode-server/0.0.12/charts/common-8.10.2.tgz diff --git a/stable/openvscode-server/0.0.11/helm-values.md b/stable/openvscode-server/0.0.12/helm-values.md similarity index 95% rename from stable/openvscode-server/0.0.11/helm-values.md rename to stable/openvscode-server/0.0.12/helm-values.md index dffa312316b..67f0eaf1394 100644 --- a/stable/openvscode-server/0.0.11/helm-values.md +++ b/stable/openvscode-server/0.0.12/helm-values.md @@ -21,6 +21,7 @@ You will, however, be able to use all values referenced in the common chart here | podSecurityContext.runAsGroup | int | `0` | | | podSecurityContext.runAsUser | int | `0` | | | secret | string | `nil` | | +| securityContext.readOnlyRootFilesystem | bool | `false` | | | securityContext.runAsNonRoot | bool | `false` | | | service.main.ports.main.port | int | `10135` | | | service.main.ports.main.targetPort | int | `3000` | | diff --git a/stable/openvscode-server/0.0.11/ix_values.yaml b/stable/openvscode-server/0.0.12/ix_values.yaml similarity index 93% rename from stable/openvscode-server/0.0.11/ix_values.yaml rename to stable/openvscode-server/0.0.12/ix_values.yaml index 0ebeb8eb848..1c4363647f1 100644 --- a/stable/openvscode-server/0.0.11/ix_values.yaml +++ b/stable/openvscode-server/0.0.12/ix_values.yaml @@ -5,6 +5,7 @@ image: securityContext: runAsNonRoot: false + readOnlyRootFilesystem: false podSecurityContext: runAsUser: 0 diff --git a/stable/openvscode-server/0.0.11/questions.yaml b/stable/openvscode-server/0.0.12/questions.yaml similarity index 99% rename from stable/openvscode-server/0.0.11/questions.yaml rename to stable/openvscode-server/0.0.12/questions.yaml index 8447e40958c..4f49c5f9198 100644 --- a/stable/openvscode-server/0.0.11/questions.yaml +++ b/stable/openvscode-server/0.0.12/questions.yaml @@ -186,6 +186,7 @@ questions: schema: type: string private: true + required: true default: "" - variable: SUDO_PASSWORD label: "SUDO_PASSWORD" @@ -212,7 +213,13 @@ questions: schema: type: string default: "002" - + - variable: PUID + label: "PUID" + description: "Sets the PUID env var" + schema: + type: int + required: true + default: 568 - variable: envList label: "Image environment" group: "Container Configuration" @@ -1306,7 +1313,7 @@ questions: label: "ReadOnly Root Filesystem" schema: type: boolean - default: true + default: false - variable: allowPrivilegeEscalation label: "Allow Privilege Escalation" schema: diff --git a/stable/openvscode-server/0.0.11/security.md b/stable/openvscode-server/0.0.12/security.md similarity index 99% rename from stable/openvscode-server/0.0.11/security.md rename to stable/openvscode-server/0.0.12/security.md index 15487425c49..6df15427962 100644 --- a/stable/openvscode-server/0.0.11/security.md +++ b/stable/openvscode-server/0.0.12/security.md @@ -20,6 +20,7 @@ hide: | Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW |
Expand... The container should drop all default capabilities and add only those that are needed for its execution.


Container 'RELEASE-NAME-openvscode-server' of Deployment 'RELEASE-NAME-openvscode-server' should add 'ALL' to 'securityContext.capabilities.drop'
|
Expand...https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003
| | Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.


Container 'RELEASE-NAME-openvscode-server' of Deployment 'RELEASE-NAME-openvscode-server' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
| | Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.


Container 'autopermissions' of Deployment 'RELEASE-NAME-openvscode-server' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
| +| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.


Container 'RELEASE-NAME-openvscode-server' of Deployment 'RELEASE-NAME-openvscode-server' should set 'securityContext.readOnlyRootFilesystem' to true
|
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
| | Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.


Container 'autopermissions' of Deployment 'RELEASE-NAME-openvscode-server' should set 'securityContext.readOnlyRootFilesystem' to true
|
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
| | Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM |
Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.


Container 'RELEASE-NAME-openvscode-server' of Deployment 'RELEASE-NAME-openvscode-server' should set 'securityContext.runAsUser' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
| | Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM |
Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.


Container 'autopermissions' of Deployment 'RELEASE-NAME-openvscode-server' should set 'securityContext.runAsUser' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
| diff --git a/stable/openvscode-server/0.0.11/templates/common.yaml b/stable/openvscode-server/0.0.12/templates/common.yaml similarity index 100% rename from stable/openvscode-server/0.0.11/templates/common.yaml rename to stable/openvscode-server/0.0.12/templates/common.yaml diff --git a/stable/openvscode-server/0.0.11/values.yaml b/stable/openvscode-server/0.0.12/values.yaml similarity index 100% rename from stable/openvscode-server/0.0.11/values.yaml rename to stable/openvscode-server/0.0.12/values.yaml