diff --git a/hirosystems/stacks-blockchain/Chart.lock b/hirosystems/stacks-blockchain/Chart.lock index faf8224..cffdad9 100644 --- a/hirosystems/stacks-blockchain/Chart.lock +++ b/hirosystems/stacks-blockchain/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: bitcoin-core repository: https://charts.hiro.so/hirosystems - version: 1.0.1 + version: 1.1.0 - name: common repository: https://charts.bitnami.com/bitnami version: 1.17.1 -digest: sha256:84d06d4cfdd4896f39f203925e68a1c518bbe1e2de7710d2298e7a09ba8fa869 -generated: "2022-08-26T14:08:14.453358-04:00" +digest: sha256:3db4e457ff36fe8b49bfa5f6f7a9a8ae865dce13bbc61799dad30e1719ac3b79 +generated: "2022-09-27T09:54:15.412558-04:00" diff --git a/hirosystems/stacks-blockchain/Chart.yaml b/hirosystems/stacks-blockchain/Chart.yaml index d2200bd..89d331a 100644 --- a/hirosystems/stacks-blockchain/Chart.yaml +++ b/hirosystems/stacks-blockchain/Chart.yaml @@ -33,4 +33,4 @@ name: stacks-blockchain sources: - https://github.com/stacks-network/stacks-blockchain - https://docs.stacks.co/ -version: 1.0.3 +version: 1.1.0 diff --git a/hirosystems/stacks-blockchain/templates/statefulset.yaml b/hirosystems/stacks-blockchain/templates/statefulset.yaml index befc37d..062d9fc 100644 --- a/hirosystems/stacks-blockchain/templates/statefulset.yaml +++ b/hirosystems/stacks-blockchain/templates/statefulset.yaml @@ -88,8 +88,8 @@ spec: else echo "Previous data found. Exiting." fi - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- if .Values.initContainerSecurityContext.enabled }} + securityContext: {{- omit .Values.initContainerSecurityContext "enabled" | toYaml | nindent 12 }} {{- end }} {{- if .Values.resources }} resources: {{- toYaml .Values.resources | nindent 12 }} @@ -109,9 +109,9 @@ spec: - /bin/bash - -ec - | - chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.containerSecurityContext.fsGroup }} {{ .Values.persistence.mountPath }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + chown -R {{ .Values.initContainerSecurityContext.runAsUser }}:{{ .Values.initContainerSecurityContext.fsGroup }} {{ .Values.persistence.mountPath }} + {{- if .Values.initContainerSecurityContext.enabled }} + securityContext: {{- omit .Values.initContainerSecurityContext "enabled" | toYaml | nindent 12 }} {{- end }} {{- if .Values.volumePermissions.resources }} resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} diff --git a/hirosystems/stacks-blockchain/values.yaml b/hirosystems/stacks-blockchain/values.yaml index 74fdce4..384d3aa 100644 --- a/hirosystems/stacks-blockchain/values.yaml +++ b/hirosystems/stacks-blockchain/values.yaml @@ -213,6 +213,19 @@ containerSecurityContext: runAsNonRoot: true readOnlyRootFilesystem: false +## Configure Init Container Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## @param stacksBlockchain.initContainerSecurityContext.enabled Enabled stacks-blockchain init containers' Security Context +## @param stacksBlockchain.initContainerSecurityContext.runAsUser Set stacks-blockchain init containers' Security Context runAsUser +## @param stacksBlockchain.initContainerSecurityContext.runAsNonRoot Set stacks-blockchain init containers' Security Context runAsNonRoot +## @param stacksBlockchain.initContainerSecurityContext.readOnlyRootFilesystem Set stacks-blockchain init containers' Security Context runAsNonRoot +## +initContainerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true + readOnlyRootFilesystem: false + ## @param stacksBlockchain.existingConfigmap The name of an existing ConfigMap with your custom configuration for stacks-blockchain ## existingConfigmap: