Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[bitnami/grafana-operator] feat!: 🔒 💥 Improve security defaults #24647

Merged
merged 1 commit into from
Apr 1, 2024
Merged

[bitnami/grafana-operator] feat!: 🔒 💥 Improve security defaults #24647

merged 1 commit into from
Apr 1, 2024

Conversation

javsalgar
Copy link
Contributor

BREAKING CHANGE

Signed-off-by: Javier Salmeron Garcia jsalmeron@vmware.com

Description of the change

This major bump changes the following security defaults:

  • runAsGroup is changed from 0 to 1001
  • readOnlyRootFilesystem is set to true
  • resourcesPreset is changed from none to the minimum size working in our test suites (NOTE: resourcesPreset is not meant for production usage, but resources adapted to your use case).
  • global.compatibility.openshift.adaptSecurityContext is changed from disabled to auto.

Benefits

  • Better compliance with NSA and MITRE security checklists
  • Improved compatibility with Openshift

Possible drawbacks

This could potentially break any customization or init scripts used in your deployment. If this is the case, change the default values to the previous ones.

Applicable issues

Additional information

Checklist

  • Chart version bumped in Chart.yaml according to semver. This is not necessary when the changes only affect README.md files.
  • Variables are documented in the values.yaml and added to the README.md using readme-generator-for-helm
  • Title of the pull request follows this pattern [bitnami/<name_of_the_chart>] Descriptive title
  • All commits signed off and in agreement of Developer Certificate of Origin (DCO)

@javsalgar
[bitnami/grafana-operator] feat!: 🔒 💥 Improve security defaults
6730868 
Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
@bitnami-bot bitnami-bot added the verify Execute verification workflow for these changes label Mar 25, 2024
@javsalgar javsalgar mentioned this pull request Mar 27, 2024
Closed
@javsalgar javsalgar merged commit 2e4b5de into main Apr 1, 2024
20 checks passed
@javsalgar javsalgar deleted the feature/grafana-operator-security-major branch April 1, 2024 11:14
@github-actions github-actions bot added the solved label Apr 1, 2024
djjudas21 pushed a commit to djjudas21/bitnami-charts that referenced this pull request Apr 17, 2024
@javsalgar @djjudas21
[bitnami/grafana-operator] feat!: 🔒 💥 Improve security defaults (bitn…
18adb18 
…ami#24647)

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
Signed-off-by: Jonathan Gazeley <me@jonathangazeley.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andresbono andresbono andresbono approved these changes

Assignees

@andresbono andresbono

@javsalgar javsalgar

Labels
bitnami grafana-operator solved verify Execute verification workflow for these changes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@javsalgar @andresbono @bitnami-bot