diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml index f79c4b29..ec72c02c 100644 --- a/charts/nextcloud/Chart.yaml +++ b/charts/nextcloud/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: nextcloud -version: 5.3.2 +version: 5.4.0 appVersion: 29.0.4 description: A file sharing server that puts the control and security of your own data back into your hands. keywords: diff --git a/charts/nextcloud/templates/metrics/deployment.yaml b/charts/nextcloud/templates/metrics/deployment.yaml index 27dae552..e40f0eab 100644 --- a/charts/nextcloud/templates/metrics/deployment.yaml +++ b/charts/nextcloud/templates/metrics/deployment.yaml @@ -79,7 +79,12 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} + {{- with .Values.metrics.securityContext }} securityContext: - runAsUser: 1000 - runAsNonRoot: true + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.metrics.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} {{- end }} diff --git a/charts/nextcloud/values.yaml b/charts/nextcloud/values.yaml index 4e5eebcb..ee01cc29 100644 --- a/charts/nextcloud/values.yaml +++ b/charts/nextcloud/values.yaml @@ -562,6 +562,21 @@ metrics: prometheus.io/port: "9205" labels: {} + # security context for the metrics CONTAINER in the pod + securityContext: + runAsUser: 1000 + runAsNonRoot: true + # allowPrivilegeEscalation: false + # capabilities: + # drop: + # - ALL + + # security context for the metrics POD + podSecurityContext: {} + # runAsNonRoot: true + # seccompProfile: + # type: RuntimeDefault + ## Prometheus Operator ServiceMonitor configuration ## serviceMonitor: