home-ops
home-ops copied to clipboard
Published
20 hours ago •
coolguy1771
coolguy1771
fix(helm): update thanos ( 1.17.0 → 1.17.1 )
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| thanos (source) | patch | 1.17.0 -> 1.17.1 |
[!WARNING] Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
stevehipwell/helm-charts (thanos)
v1.17.1
Changed
- Changed the defaults for
podSecurityContextandsecurityContextfor all services to be less permissive by default.
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Renovate Bot.
![lumiere-bot[bot] avatar](https://avatars.githubusercontent.com/in/165833?v=4 "Published by a pub.dev verified publisher"){kind=small}
--- kubernetes/kyak/apps/monitoring/thanos/app Kustomization: flux-system/thanos HelmRelease: monitoring/thanos
+++ kubernetes/kyak/apps/monitoring/thanos/app Kustomization: flux-system/thanos HelmRelease: monitoring/thanos
@@ -13,13 +13,13 @@
spec:
chart: thanos
sourceRef:
kind: HelmRepository
name: stevehipwell
namespace: flux-system
- version: 1.17.0
+ version: 1.17.1
dependsOn:
- name: openebs
namespace: openebs-system
- name: rook-ceph-cluster
namespace: rook-ceph
install:
--- HelmRelease: monitoring/thanos Deployment: monitoring/thanos-query-frontend
+++ HelmRelease: monitoring/thanos Deployment: monitoring/thanos-query-frontend
@@ -26,15 +26,30 @@
annotations:
configmap.reloader.stakater.com/reload: thanos-cache-configmap
spec:
serviceAccountName: thanos-query-frontend
securityContext:
fsGroup: 65534
+ runAsGroup: 65532
+ runAsNonRoot: true
runAsUser: 65534
+ seccompProfile:
+ type: RuntimeDefault
containers:
- name: thanos-query-frontend
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 65532
+ runAsNonRoot: true
+ runAsUser: 65534
+ seccompProfile:
+ type: RuntimeDefault
image: quay.io/thanos/thanos:v0.35.0
imagePullPolicy: IfNotPresent
env:
- name: HOST_IP_ADDRESS
valueFrom:
fieldRef:
--- HelmRelease: monitoring/thanos Deployment: monitoring/thanos-query
+++ HelmRelease: monitoring/thanos Deployment: monitoring/thanos-query
@@ -24,15 +24,30 @@
app.kubernetes.io/instance: thanos
app.kubernetes.io/component: query
spec:
serviceAccountName: thanos-query
securityContext:
fsGroup: 65534
+ runAsGroup: 65532
+ runAsNonRoot: true
runAsUser: 65534
+ seccompProfile:
+ type: RuntimeDefault
containers:
- name: thanos-query
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 65532
+ runAsNonRoot: true
+ runAsUser: 65534
+ seccompProfile:
+ type: RuntimeDefault
image: quay.io/thanos/thanos:v0.35.0
imagePullPolicy: IfNotPresent
env:
- name: HOST_IP_ADDRESS
valueFrom:
fieldRef:
--- HelmRelease: monitoring/thanos StatefulSet: monitoring/thanos-compact
+++ HelmRelease: monitoring/thanos StatefulSet: monitoring/thanos-compact
@@ -25,15 +25,30 @@
app.kubernetes.io/instance: thanos
app.kubernetes.io/component: compact
spec:
serviceAccountName: thanos-compact
securityContext:
fsGroup: 65534
+ runAsGroup: 65532
+ runAsNonRoot: true
runAsUser: 65534
+ seccompProfile:
+ type: RuntimeDefault
containers:
- name: thanos-compact
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 65532
+ runAsNonRoot: true
+ runAsUser: 65534
+ seccompProfile:
+ type: RuntimeDefault
image: quay.io/thanos/thanos:v0.35.0
imagePullPolicy: IfNotPresent
env:
- name: NAME
valueFrom:
fieldRef:
--- HelmRelease: monitoring/thanos StatefulSet: monitoring/thanos-rule
+++ HelmRelease: monitoring/thanos StatefulSet: monitoring/thanos-rule
@@ -25,15 +25,30 @@
app.kubernetes.io/instance: thanos
app.kubernetes.io/component: rule
spec:
serviceAccountName: thanos-rule
securityContext:
fsGroup: 65534
+ runAsGroup: 65532
+ runAsNonRoot: true
runAsUser: 65534
+ seccompProfile:
+ type: RuntimeDefault
containers:
- name: thanos-rule
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 65532
+ runAsNonRoot: true
+ runAsUser: 65534
+ seccompProfile:
+ type: RuntimeDefault
image: quay.io/thanos/thanos:v0.35.0
imagePullPolicy: IfNotPresent
env:
- name: NAME
valueFrom:
fieldRef:
--- HelmRelease: monitoring/thanos StatefulSet: monitoring/thanos-store-gateway
+++ HelmRelease: monitoring/thanos StatefulSet: monitoring/thanos-store-gateway
@@ -27,15 +27,30 @@
annotations:
configmap.reloader.stakater.com/reload: thanos-cache-configmap
spec:
serviceAccountName: thanos-store-gateway
securityContext:
fsGroup: 65534
+ runAsGroup: 65532
+ runAsNonRoot: true
runAsUser: 65534
+ seccompProfile:
+ type: RuntimeDefault
containers:
- name: thanos-store-gateway
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 65532
+ runAsNonRoot: true
+ runAsUser: 65534
+ seccompProfile:
+ type: RuntimeDefault
image: quay.io/thanos/thanos:v0.35.0
imagePullPolicy: IfNotPresent
env:
- name: NAME
valueFrom:
fieldRef: