From d0ad0f90e7cf571e8a6425fb4794cdedb7291740 Mon Sep 17 00:00:00 2001 From: Tyler Date: Thu, 26 Sep 2024 10:35:08 -0400 Subject: [PATCH] Fix: Set the `securityContext.fsGroup` to default `999` guid Bumps the PPM chart to `0.5.34` Refs: https://github.com/rstudio/package-manager/issues/14422 Update helm-docs and README.md Fix: Remove trailing space in PPM README Doc: Update PPM README.md to lowercase `postgres` Refs: https://github.com/rstudio/package-manager/issues/14420 Update helm-docs and README.md Update helm-docs and README.md Fix: Use lowercase postgres in db config example Update helm-docs and README.md Update helm-docs and README.md Fix: Switch * to _ and force CI Update helm-docs and README.md --- charts/rstudio-pm/Chart.yaml | 2 +- charts/rstudio-pm/NEWS.md | 5 +++++ charts/rstudio-pm/README.md | 8 ++++---- charts/rstudio-pm/values.yaml | 1 + 4 files changed, 11 insertions(+), 5 deletions(-) diff --git a/charts/rstudio-pm/Chart.yaml b/charts/rstudio-pm/Chart.yaml index 88740f90..0de29503 100644 --- a/charts/rstudio-pm/Chart.yaml +++ b/charts/rstudio-pm/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-pm description: Official Helm chart for Posit Package Manager -version: 0.5.33 +version: 0.5.34 apiVersion: v2 appVersion: 2024.08.2 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-pm/NEWS.md b/charts/rstudio-pm/NEWS.md index 17395ecf..bedbb286 100644 --- a/charts/rstudio-pm/NEWS.md +++ b/charts/rstudio-pm/NEWS.md @@ -1,4 +1,9 @@ # Changelog + +## 0.5.34 + +- Add `pod.securityContext.fsGroup = 999` value to set file permissions correctly when using shared storage. + ## 0.5.33 - Update default Post Package Manager version to 2024.08.2-9 diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index 8c9dfd44..e09c80ce 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -1,6 +1,6 @@ # Posit Package Manager -![Version: 0.5.33](https://img.shields.io/badge/Version-0.5.33-informational?style=flat-square) ![AppVersion: 2024.08.2](https://img.shields.io/badge/AppVersion-2024.08.2-informational?style=flat-square) +![Version: 0.5.34](https://img.shields.io/badge/Version-0.5.34-informational?style=flat-square) ![AppVersion: 2024.08.2](https://img.shields.io/badge/AppVersion-2024.08.2-informational?style=flat-square) #### _Official Helm chart for Posit Package Manager_ @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.5.33: +To install the chart with the release name `my-release` at version 0.5.34: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.33 +helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.34 ``` To explore other chart versions, look at: @@ -222,7 +222,7 @@ The Helm `config` values are converted into the `rstudio-pm.gcfg` service config | nameOverride | string | `""` | the name of the chart deployment (can be overridden) | | nodeSelector | object | `{}` | A map used verbatim as the pod's "nodeSelector" definition | | pod.annotations | object | `{}` | annotations is a map of keys / values that will be added as annotations to the pods | -| pod.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"runAsUser":999,"seccompProfile":{"type":"{{ if .Values.enableSandboxing }}Unconfined{{ else }}RuntimeDefault{{ end }}"}}` | the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the main Package Manager container. Evaluated as a template. | +| pod.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"fsGroup":999,"runAsNonRoot":true,"runAsUser":999,"seccompProfile":{"type":"{{ if .Values.enableSandboxing }}Unconfined{{ else }}RuntimeDefault{{ end }}"}}` | the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the main Package Manager container. Evaluated as a template. | | pod.env | list | `[]` | env is an array of maps that is injected as-is into the "env:" component of the pod.container spec | | pod.labels | object | `{}` | Additional labels to add to the rstudio-pm pods | | pod.lifecycle | object | `{}` | Container [lifecycle hooks](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/) | diff --git a/charts/rstudio-pm/values.yaml b/charts/rstudio-pm/values.yaml index a5ce17fb..1b41f897 100644 --- a/charts/rstudio-pm/values.yaml +++ b/charts/rstudio-pm/values.yaml @@ -129,6 +129,7 @@ pod: # -- the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the main Package Manager container. Evaluated as a template. containerSecurityContext: runAsUser: 999 + fsGroup: 999 runAsNonRoot: true allowPrivilegeEscalation: false capabilities: