Minor Helm chart dependency updates and security improvements

2022-08-25 02:34:02 +02:00
parent 001bc9c57a
commit 68e64f2f33
9 changed files with 90 additions and 63 deletions
--- a/charts/hapi-fhir-jpaserver/templates/deployment.yaml
+++ b/charts/hapi-fhir-jpaserver/templates/deployment.yaml
@@ -30,18 +30,12 @@ spec:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      initContainers:
        - name: wait-for-db-to-be-ready
-          image: docker.io/bitnami/postgresql:14.3.0-debian-10-r20
+          image: docker.io/bitnami/postgresql:14.5.0@sha256:4355265e33e9c2a786aa145884d4b36ffd4c41c516b35d60df0b7495141ec738
          imagePullPolicy: IfNotPresent
+          {{- with .Values.restrictedContainerSecurityContext }}
          securityContext:
-            allowPrivilegeEscalation: false
-            readOnlyRootFilesystem: true
-            privileged: false
-            capabilities:
-              drop:
-                - ALL
-            runAsNonRoot: true
-            runAsUser: 1001
-            runAsGroup: 1001
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
          env:
            - name: PGHOST
              value: "{{ include "hapi-fhir-jpaserver.database.host" . }}"
@@ -60,13 +54,13 @@ spec:
        - name: {{ .Chart.Name }}
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
-          image: {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}
+          image: {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          ports:
            - name: http
              containerPort: 8080
              protocol: TCP
-            - name: metrics
+            - name: http-metrics
              containerPort: 8081
              protocol: TCP
          startupProbe: