Merge "[STRIMZI] Solve Security Policy violations"

[oom.git] / kubernetes / common / mariadb-galera / values.yaml

diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml
index 4aff9d3..faab7af 100644 (file)
--- a/kubernetes/common/mariadb-galera/values.yaml
+++ b/kubernetes/common/mariadb-galera/values.yaml
@@ -63,9 +63,9 @@ mariadbOperator:
   galera:
     enabled: true
     agentImage: mariadb-operator/mariadb-operator
-    agentVersion: v0.0.27
+    agentVersion: v0.0.28
     initImage: mariadb-operator/mariadb-operator
-    initVersion: v0.0.27
+    initVersion: v0.0.28
 
 ## String to partially override common.names.fullname template (will maintain the release name)
 ##
@@ -217,10 +217,13 @@ serviceAccount:
 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
 ##
 securityContext:
-  enabled: true
   user_id: 10001
   group_id: 10001
 
+# Old Bitnami Chart does not work without Filesystem access
+containerSecurityContext:
+  readOnlyFileSystem: false
+
 ## Database credentials for root (admin) user
 ##
 rootUser:
@@ -329,8 +332,8 @@ backup:
 
 readinessCheck:
   wait_for:
-    apps:
-      - '{{ include "common.name" . }}'
+    services:
+      - '{{ include "common.servicename" . }}'
 
 ## TLS configuration
 ##
@@ -659,6 +662,19 @@ metrics:
   ##   - --collect.binlog_size
   ##
   extraFlags: []
+  securityContext:
+    readOnlyRootFilesystem: true
+    privileged: false
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+        - ALL
+        - CAP_NET_RAW
+    runAsGroup: 10001
+    runAsNonRoot: true
+    runAsUser: 10001
+    seccompProfile:
+      type: RuntimeDefault
   ## MySQL Prometheus exporter containers' resource requests and limits
   ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
   ##