Commit new App releases for TrueCharts

Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
TrueCharts-Bot 2022-01-20 16:17:08 +00:00
parent 97cf834e7d
commit ff43154503
13 changed files with 15 additions and 12 deletions

View File

@ -1,6 +1,15 @@
# Changelog<br>
<a name="firefox-0.0.14"></a>
### [firefox-0.0.14](https://github.com/truecharts/apps/compare/firefox-syncserver-5.0.23...firefox-0.0.14) (2022-01-20)
#### Fix
* disable rofs ([#1746](https://github.com/truecharts/apps/issues/1746))
<a name="firefox-0.0.13"></a>
### [firefox-0.0.13](https://github.com/truecharts/apps/compare/firefox-syncserver-5.0.22...firefox-0.0.13) (2022-01-18)
@ -88,12 +97,3 @@
<a name="firefox-0.0.4"></a>
### [firefox-0.0.4](https://github.com/truecharts/apps/compare/firefox-0.0.3...firefox-0.0.4) (2021-12-18)
#### Chore
* cleanup questions by removing hidden dicts ([#1558](https://github.com/truecharts/apps/issues/1558))
* App-Icon Organization ([#1539](https://github.com/truecharts/apps/issues/1539))

View File

@ -3,4 +3,4 @@ dependencies:
repository: https://truecharts.org
version: 8.13.1
digest: sha256:5d8b49b1fb2103e55ad00efd7d0bc401dd47a5946249994d7ba63e2ce3aeb0b8
generated: "2022-01-18T15:34:49.276647495Z"
generated: "2022-01-20T16:12:58.83277584Z"

View File

@ -1,7 +1,7 @@
apiVersion: v2
kubeVersion: ">=1.16.0-0"
name: firefox
version: 0.0.13
version: 0.0.14
appVersion: "78.15.0"
description: Firefox Browser, also known as Mozilla Firefox or simply Firefox,
type: application

View File

@ -20,6 +20,7 @@ You will, however, be able to use all values referenced in the common chart here
| persistence.varrun.enabled | bool | `true` | |
| podSecurityContext.runAsGroup | int | `0` | |
| podSecurityContext.runAsUser | int | `0` | |
| securityContext.readOnlyRootFilesystem | bool | `false` | |
| securityContext.runAsNonRoot | bool | `false` | |
| service.main.ports.main.port | int | `10131` | |
| service.main.ports.main.targetPort | int | `3000` | |

View File

@ -5,6 +5,7 @@ image:
securityContext:
runAsNonRoot: false
readOnlyRootFilesystem: false
podSecurityContext:
runAsUser: 0

View File

@ -1396,7 +1396,7 @@ questions:
label: "ReadOnly Root Filesystem"
schema:
type: boolean
default: true
default: false
- variable: allowPrivilegeEscalation
label: "Allow Privilege Escalation"
schema:

View File

@ -20,6 +20,7 @@ hide:
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container &#39;RELEASE-NAME-firefox&#39; of Deployment &#39;RELEASE-NAME-firefox&#39; should add &#39;ALL&#39; to &#39;securityContext.capabilities.drop&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;RELEASE-NAME-firefox&#39; of Deployment &#39;RELEASE-NAME-firefox&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-firefox&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;RELEASE-NAME-firefox&#39; of Deployment &#39;RELEASE-NAME-firefox&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-firefox&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;RELEASE-NAME-firefox&#39; of Deployment &#39;RELEASE-NAME-firefox&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-firefox&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |