[skip-ci] Update artifacts

Merge pull request #393 from stakater/dependabot/go_modules/golang.org/x/net-0.7.0
Bump golang.org/x/net from 0.5.0 to 0.7.0
2026-02-14 18:09:50 +00:00 · 2023-02-26 12:07:53 +00:00 · 2023-02-26 12:48:16 +01:00 · 2023-02-26 11:35:45 +00:00 · 2023-02-26 12:16:42 +01:00 · 2023-02-18 04:14:25 +00:00
11 changed files with 95 additions and 35 deletions
--- a/deployments/kubernetes/chart/reloader/Chart.yaml
+++ b/deployments/kubernetes/chart/reloader/Chart.yaml
@@ -3,8 +3,8 @@
 apiVersion: v1
 name: reloader
 description: Reloader chart that runs on kubernetes
-version: v1.0.6
-appVersion: v1.0.6
+version: v1.0.8
+appVersion: v1.0.8
 keywords:
  - Reloader
  - kubernetes
--- a/deployments/kubernetes/chart/reloader/templates/deployment.yaml
+++ b/deployments/kubernetes/chart/reloader/templates/deployment.yaml
@@ -146,9 +146,13 @@ spec:
          periodSeconds: {{ .Values.reloader.deployment.readinessProbe.periodSeconds | default "10" }}
          successThreshold: {{ .Values.reloader.deployment.readinessProbe.successThreshold | default "1" }}

-      {{- with .Values.reloader.deployment.containerSecurityContext }}
-        securityContext: {{ toYaml . | nindent 10 }}
-      {{- end }}
+        {{- $containerSecurityContext := .Values.reloader.deployment.containerSecurityContext | default dict }}
+        {{- if .Values.reloader.readOnlyRootFileSystem }}
+          {{- $_ := set $containerSecurityContext "readOnlyRootFilesystem" true }}
+        {{- end }}
+
+        securityContext:
+          {{- toYaml $containerSecurityContext | nindent 10 }}

      {{- if eq .Values.reloader.readOnlyRootFileSystem true }}
        volumeMounts:
--- a/deployments/kubernetes/chart/reloader/tests/deployment_test.yaml
+++ b/deployments/kubernetes/chart/reloader/tests/deployment_test.yaml
@@ -0,0 +1,50 @@
+suite: Deployment
+
+templates:
+  - deployment.yaml
+
+tests:
+  - it: sets readOnlyRootFilesystem in container securityContext when reloader.readOnlyRootFileSystem is true
+    set:
+      reloader:
+        readOnlyRootFileSystem: true
+        deployment:
+          containerSecurityContext:
+            readOnlyRootFilesystem: false
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem
+          value: true
+
+  - it: sets readOnlyRootFilesystem in container securityContext even if reloader.deployment.containerSecurityContext is null
+    set:
+      reloader:
+        readOnlyRootFileSystem: true
+        deployment:
+          containerSecurityContext: null
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem
+          value: true
+
+  - it: does not override readOnlyRootFilesystem in container securityContext based on reloader.readOnlyRootFileSystem
+    set:
+      reloader:
+        readOnlyRootFileSystem: false
+        deployment:
+          containerSecurityContext:
+            readOnlyRootFilesystem: true
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem
+          value: true
+
+  - it: template is still valid with no defined containerSecurityContext
+    set:
+      reloader:
+        readOnlyRootFileSystem: false
+        deployment:
+          containerSecurityContext: null
+    asserts:
+      - isEmpty:
+          path: spec.template.spec.containers[0].securityContext
--- a/deployments/kubernetes/chart/reloader/values.yaml
+++ b/deployments/kubernetes/chart/reloader/values.yaml
@@ -66,10 +66,10 @@ reloader:
    labels:
      provider: stakater
      group: com.stakater.platform
-      version: v1.0.6
+      version: v1.0.8
    image:
      name: stakater/reloader
-      tag: v1.0.6
+      tag: v1.0.8
      pullPolicy: IfNotPresent
    # Support for extra environment variables.
    env:
--- a/deployments/kubernetes/manifests/clusterrole.yaml
+++ b/deployments/kubernetes/manifests/clusterrole.yaml
@@ -9,7 +9,7 @@ metadata:
    meta.helm.sh/release-name: "reloader"
  labels:
    app: reloader-reloader
-    chart: "reloader-v1.0.6"
+    chart: "reloader-v1.0.8"
    release: "reloader"
    heritage: "Helm"
    app.kubernetes.io/managed-by: "Helm"
--- a/deployments/kubernetes/manifests/clusterrolebinding.yaml
+++ b/deployments/kubernetes/manifests/clusterrolebinding.yaml
@@ -9,7 +9,7 @@ metadata:
    meta.helm.sh/release-name: "reloader"
  labels:
    app: reloader-reloader
-    chart: "reloader-v1.0.6"
+    chart: "reloader-v1.0.8"
    release: "reloader"
    heritage: "Helm"
    app.kubernetes.io/managed-by: "Helm"
--- a/deployments/kubernetes/manifests/deployment.yaml
+++ b/deployments/kubernetes/manifests/deployment.yaml
@@ -8,13 +8,13 @@ metadata:
    meta.helm.sh/release-name: "reloader"
  labels:
    app: reloader-reloader
-    chart: "reloader-v1.0.6"
+    chart: "reloader-v1.0.8"
    release: "reloader"
    heritage: "Helm"
    app.kubernetes.io/managed-by: "Helm"
    group: com.stakater.platform
    provider: stakater
-    version: v1.0.6
+    version: v1.0.8
  name: reloader-reloader
  namespace: default
 spec:
@@ -28,16 +28,16 @@ spec:
    metadata:
      labels:
        app: reloader-reloader
-        chart: "reloader-v1.0.6"
+        chart: "reloader-v1.0.8"
        release: "reloader"
        heritage: "Helm"
        app.kubernetes.io/managed-by: "Helm"
        group: com.stakater.platform
        provider: stakater
-        version: v1.0.6
+        version: v1.0.8
    spec:
      containers:
-      - image: "stakater/reloader:v1.0.6"
+      - image: "stakater/reloader:v1.0.8"
        imagePullPolicy: IfNotPresent
        name: reloader-reloader

@@ -60,6 +60,9 @@ spec:
          failureThreshold: 5
          periodSeconds: 10
          successThreshold: 1
+
+        securityContext:
+          {}
      securityContext: 
        runAsNonRoot: true
        runAsUser: 65534
--- a/deployments/kubernetes/manifests/serviceaccount.yaml
+++ b/deployments/kubernetes/manifests/serviceaccount.yaml
@@ -8,7 +8,7 @@ metadata:
    meta.helm.sh/release-name: "reloader"
  labels:
    app: reloader-reloader
-    chart: "reloader-v1.0.6"
+    chart: "reloader-v1.0.8"
    release: "reloader"
    heritage: "Helm"
    app.kubernetes.io/managed-by: "Helm"
--- a/deployments/kubernetes/reloader.yaml
+++ b/deployments/kubernetes/reloader.yaml
@@ -8,7 +8,7 @@ metadata:
    meta.helm.sh/release-name: "reloader"
  labels:
    app: reloader-reloader
-    chart: "reloader-v1.0.6"
+    chart: "reloader-v1.0.8"
    release: "reloader"
    heritage: "Helm"
    app.kubernetes.io/managed-by: "Helm"
@@ -25,7 +25,7 @@ metadata:
    meta.helm.sh/release-name: "reloader"
  labels:
    app: reloader-reloader
-    chart: "reloader-v1.0.6"
+    chart: "reloader-v1.0.8"
    release: "reloader"
    heritage: "Helm"
    app.kubernetes.io/managed-by: "Helm"
@@ -80,7 +80,7 @@ metadata:
    meta.helm.sh/release-name: "reloader"
  labels:
    app: reloader-reloader
-    chart: "reloader-v1.0.6"
+    chart: "reloader-v1.0.8"
    release: "reloader"
    heritage: "Helm"
    app.kubernetes.io/managed-by: "Helm"
@@ -104,13 +104,13 @@ metadata:
    meta.helm.sh/release-name: "reloader"
  labels:
    app: reloader-reloader
-    chart: "reloader-v1.0.6"
+    chart: "reloader-v1.0.8"
    release: "reloader"
    heritage: "Helm"
    app.kubernetes.io/managed-by: "Helm"
    group: com.stakater.platform
    provider: stakater
-    version: v1.0.6
+    version: v1.0.8
  name: reloader-reloader
  namespace: default
 spec:
@@ -124,16 +124,16 @@ spec:
    metadata:
      labels:
        app: reloader-reloader
-        chart: "reloader-v1.0.6"
+        chart: "reloader-v1.0.8"
        release: "reloader"
        heritage: "Helm"
        app.kubernetes.io/managed-by: "Helm"
        group: com.stakater.platform
        provider: stakater
-        version: v1.0.6
+        version: v1.0.8
    spec:
      containers:
-      - image: "stakater/reloader:v1.0.6"
+      - image: "stakater/reloader:v1.0.8"
        imagePullPolicy: IfNotPresent
        name: reloader-reloader

@@ -156,6 +156,9 @@ spec:
          failureThreshold: 5
          periodSeconds: 10
          successThreshold: 1
+
+        securityContext:
+          {}
      securityContext: 
        runAsNonRoot: true
        runAsUser: 65534
--- a/go.mod
+++ b/go.mod
@@ -47,11 +47,11 @@ require (
 	github.com/prometheus/procfs v0.9.0 // indirect
 	github.com/smartystreets/goconvey v1.7.2 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	golang.org/x/net v0.5.0 // indirect
+	golang.org/x/net v0.7.0 // indirect
 	golang.org/x/oauth2 v0.4.0 // indirect
-	golang.org/x/sys v0.4.0 // indirect
-	golang.org/x/term v0.4.0 // indirect
-	golang.org/x/text v0.6.0 // indirect
+	golang.org/x/sys v0.5.0 // indirect
+	golang.org/x/term v0.5.0 // indirect
+	golang.org/x/text v0.7.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/protobuf v1.28.1 // indirect
--- a/go.sum
+++ b/go.sum
@@ -352,8 +352,8 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY
 golang.org/x/net v0.0.0-20210224082022-3d97a244fca7/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.5.0 h1:GyT4nK/YDHSqa1c4753ouYCDajOYKTja9Xb/OHtgvSw=
-golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
+golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g=
+golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -398,13 +398,13 @@ golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.4.0 h1:Zr2JFtRQNX3BCZ8YtxRE9hNJYC8J6I1MVbMg6owUp18=
-golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.4.0 h1:O7UWfv5+A2qiuulQk30kVinPoMtoIPeVaKLEgLpVkvg=
-golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
+golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -413,8 +413,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.6.0 h1:3XmdazWV+ubf7QgHSTWeykHOci5oeekaGJBLkrkaw4k=
-golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
Author	SHA1	Message	Date
stakater-user	f795fa2aec	[skip-ci] Update artifacts	2023-02-26 12:07:53 +00:00
Faizan Ahmad	34c1f389bc	Merge pull request #393 from stakater/dependabot/go_modules/golang.org/x/net-0.7.0 Bump golang.org/x/net from 0.5.0 to 0.7.0	2023-02-26 12:48:16 +01:00
stakater-user	fdc8a61fc6	[skip-ci] Update artifacts	2023-02-26 11:35:45 +00:00
Faizan Ahmad	c7f507a4b9	Merge pull request #386 from d3adb5/feat/set-rootfs-ro feat: set read-only root filesystem at container level	2023-02-26 12:16:42 +01:00
dependabot[bot]	646c64a326	Bump golang.org/x/net from 0.5.0 to 0.7.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.5.0 to 0.7.0. - [Release notes](https://github.com/golang/net/releases) - [Commits](https://github.com/golang/net/compare/v0.5.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2023-02-18 04:14:25 +00:00
d3adb5	5a9ccbf01f	fix: properly capitalize 'filesystem' in values Use the proper capitalization in the reference to the value reloader.readOnlyRootFileSystem: FileSystem instead of Filesystem.	2023-02-08 14:15:28 -08:00
d3adb5	451e4f636b	feat: set read-only root filesystem at container level Change the securityContext field of the Reloader container if reloader.readOnlyFilesystem is set to true. The change takes effect even if not container securityContext is defined. Closes #339.	2023-02-07 00:16:16 -08:00