From b239117fbc9d08d160b156a0bfba4809b374ff63 Mon Sep 17 00:00:00 2001 From: Vivian Noronha Date: Fri, 27 Nov 2020 08:42:58 +0100 Subject: [PATCH] add security context runAsNonRoot option (#163) Signed-off-by: Vivian Noronha --- charts/jenkins/CHANGELOG.md | 4 ++++ charts/jenkins/Chart.yaml | 2 +- charts/jenkins/templates/jenkins-controller-statefulset.yaml | 1 + charts/jenkins/tests/jenkins-controller-statefulset-test.yaml | 2 ++ 4 files changed, 8 insertions(+), 1 deletion(-) diff --git a/charts/jenkins/CHANGELOG.md b/charts/jenkins/CHANGELOG.md index 25fd84f57..0c5380888 100644 --- a/charts/jenkins/CHANGELOG.md +++ b/charts/jenkins/CHANGELOG.md @@ -12,6 +12,10 @@ Use the following links to reference issues, PRs, and commits prior to v2.6.0. The change log until v1.5.7 was auto-generated based on git commits. Those entries include a reference to the git commit to be able to get more details. +## 3.0.1 + +* added 'runAsNonroot' to security context + ## 3.0.0 * Chart uses StatefulSet instead of Deployment diff --git a/charts/jenkins/Chart.yaml b/charts/jenkins/Chart.yaml index 207672d97..5e947204a 100644 --- a/charts/jenkins/Chart.yaml +++ b/charts/jenkins/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: jenkins home: https://jenkins.io/ -version: 3.0.0 +version: 3.0.1 appVersion: 2.249.3 description: Jenkins - Build great things at any scale! The leading open source automation server, Jenkins provides hundreds of plugins to support building, deploying and automating any project. sources: diff --git a/charts/jenkins/templates/jenkins-controller-statefulset.yaml b/charts/jenkins/templates/jenkins-controller-statefulset.yaml index e7b69d468..95bf5b1d4 100644 --- a/charts/jenkins/templates/jenkins-controller-statefulset.yaml +++ b/charts/jenkins/templates/jenkins-controller-statefulset.yaml @@ -72,6 +72,7 @@ spec: {{- if and (.Values.controller.runAsUser) (.Values.controller.fsGroup) }} {{- if not (eq (int .Values.controller.runAsUser) 0) }} fsGroup: {{ .Values.controller.fsGroup }} + runAsNonRoot: true {{- end }} {{- if .Values.controller.securityContextCapabilities }} capabilities: diff --git a/charts/jenkins/tests/jenkins-controller-statefulset-test.yaml b/charts/jenkins/tests/jenkins-controller-statefulset-test.yaml index 5a18a8899..5ddf158d6 100644 --- a/charts/jenkins/tests/jenkins-controller-statefulset-test.yaml +++ b/charts/jenkins/tests/jenkins-controller-statefulset-test.yaml @@ -175,6 +175,7 @@ tests: securityContext: fsGroup: 1000 runAsUser: 1000 + runAsNonRoot: true serviceAccountName: my-release-jenkins volumes: - emptyDir: {} @@ -271,6 +272,7 @@ tests: value: runAsUser: 2000 fsGroup: 4000 + runAsNonRoot: true capabilities: drop: - NET_RAW