Open Appsec helm chart automation Mon Nov 20 16:05:56 IST 2023 latest

2025-10-01 03:57:44 +03:00 · 2023-11-20 16:05:56 +02:00
parent 7f712b21e4
commit b2781d63d4
63 changed files with 698 additions and 135 deletions
--- a/build_system/charts/open-appsec-kong/values.yaml
+++ b/build_system/charts/open-appsec-kong/values.yaml
@@ -60,6 +60,11 @@ deployment:
  # Use a DaemonSet controller instead of a Deployment controller
  daemonset: false
  hostNetwork: false
+  # Set the Deployment's spec.template.hostname field.
+  # This propagates to Kong API endpoints that report
+  # the hostname, such as the admin API root and hybrid mode
+  # /clustering/data-planes endpoint
+  hostname: ""
  # kong_prefix empty dir size
  prefixDir:
    sizeLimit: 256Mi
@@ -510,13 +515,13 @@ dblessConfig:
 # -----------------------------------------------------------------------------

 # Kong Ingress Controller's primary purpose is to satisfy Ingress resources
-# created in k8s.  It uses CRDs for more fine grained control over routing and
+# created in k8s. It uses CRDs for more fine grained control over routing and
 # for Kong specific configuration.
 ingressController:
  enabled: true
  image:
    repository: kong/kubernetes-ingress-controller
-    tag: "2.12"
+    tag: "3.0"
    # Optionally set a semantic version for version-gated features. This can normally
    # be left unset. You only need to set this if your tag is not a semver string,
    # such as when you are using a "next" tag. Set this to the effective semantic
@@ -948,6 +953,14 @@ securityContext: {}
 # securityContext for containers.
 containerSecurityContext:
  readOnlyRootFilesystem: true
+  allowPrivilegeEscalation: false
+  runAsUser: 1000
+  runAsNonRoot: true
+  seccompProfile:
+    type: RuntimeDefault
+  capabilities:
+    drop:
+    - ALL

 ## Optional DNS configuration for Kong pods
 # dnsPolicy: ClusterFirst
@@ -968,7 +981,7 @@ serviceMonitor:
  # If you wish to gather metrics from a Kong instance with the proxy disabled (such as a hybrid control plane), see:
  # https://github.com/Kong/charts/blob/main/charts/kong/README.md#prometheus-operator-integration
  enabled: false
-  # interval: 10s
+  # interval: 30s
  # Specifies namespace, where ServiceMonitor should be installed
  # namespace: monitoring
  # labels:
@@ -1234,7 +1247,7 @@ appsec:
    #registry:
    repository: ghcr.io/openappsec
    image: "agent"
-    tag: "1.1.0"
+    tag: "1.1.1"
    pullPolicy: Always

    securityContext:
@@ -1248,7 +1261,7 @@ appsec:
  kong:
    image:
      repository: "ghcr.io/openappsec/kong-attachment"
-      tag: "1.1.0"
+      tag: "1.1.1"
  configMapName: appsec-settings-configmap
  configMapContent:
    crowdsec: