Approving OIDC auth security capabilities (#133)

* feat(oidc-forward-auth): added security context for container to values * feat(oidc-forward-auth): updated version to 1.6.2 * gatekeeper version update --------- Co-authored-by: Emily Reppin <[email protected]> Co-authored-by: Tim Jens Krause <[email protected]>
iits-consulting · Oct 14, 2024 · db1d543 · db1d543
1 parent 52cd4fc
commit db1d543
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 11 deletions.
diff --git a/charts/oidc-forward-auth/Changelog.MD b/charts/oidc-forward-auth/Changelog.MD
@@ -0,0 +1,4 @@
+### Chart version: 1.6.2
+ - Security settings for pod
+ - AppVersion update to 2.14.3
+ - No migrations necessary
diff --git a/charts/oidc-forward-auth/Chart.lock b/charts/oidc-forward-auth/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: gatekeeper
   repository: https://gogatekeeper.github.io/helm-gogatekeeper
-  version: 0.1.49
-digest: sha256:e05104bb333efa97b7508b152475f687a36b850f71b1b13785bee787c65771ad
-generated: "2024-07-30T14:33:45.657958+02:00"
+  version: 0.1.50
+digest: sha256:dd77b07d0cbcb477d733bf01bb8e20831679c8da99e4bbce7ed5182e42008ef8
+generated: "2024-10-14T17:12:52.753392+02:00"
diff --git a/charts/oidc-forward-auth/Chart.yaml b/charts/oidc-forward-auth/Chart.yaml
@@ -8,7 +8,7 @@ description: |
   charts:
     oidc-forward-auth:
       namespace: routing
-      targetRevision: "1.0.0"
+      targetRevision: "1.6.2"
       parameters:
         gatekeeper.config.client-id: "${vault:whatever/data/keycloak/keycloak_proxy_admin#client_id}"
         gatekeeper.config.client-secret: "${vault:whatever/data/keycloak/keycloak_proxy_admin#client_secret}"
@@ -34,9 +34,9 @@ description: |
       enabled: true
   ```
 name: oidc-forward-auth
-version: 1.6.1
+version: 1.6.2
 dependencies:
   - name: gatekeeper
     repository: https://gogatekeeper.github.io/helm-gogatekeeper
-    version: 0.1.49
+    version: 0.1.50
 
diff --git a/charts/oidc-forward-auth/README.md b/charts/oidc-forward-auth/README.md
@@ -1,6 +1,6 @@
 # oidc-forward-auth
 
-![Version: 1.6.1](https://img.shields.io/badge/Version-1.6.1-informational?style=flat-square)
+![Version: 1.6.2](https://img.shields.io/badge/Version-1.6.2-informational?style=flat-square)
 
 Forward Auth proxy with gogatekeeper. It replaces the old proxy mechanism
 
@@ -10,7 +10,7 @@ Forward Auth proxy with gogatekeeper. It replaces the old proxy mechanism
 charts:
   oidc-forward-auth:
     namespace: routing
-    targetRevision: "1.0.0"
+    targetRevision: "1.6.2"
     parameters:
       gatekeeper.config.client-id: "${vault:whatever/data/keycloak/keycloak_proxy_admin#client_id}"
       gatekeeper.config.client-secret: "${vault:whatever/data/keycloak/keycloak_proxy_admin#client_secret}"
@@ -39,7 +39,7 @@ ingress:
 
 | Repository | Name | Version |
 |------------|------|---------|
-| https://gogatekeeper.github.io/helm-gogatekeeper | gatekeeper | 0.1.49 |
+| https://gogatekeeper.github.io/helm-gogatekeeper | gatekeeper | 0.1.50 |
 
 ## Values
 
@@ -68,7 +68,9 @@ ingress:
 | gatekeeper.config.resources[0].uri | string | `"/*"` |  |
 | gatekeeper.config.server-read-timeout | string | `"10s"` |  |
 | gatekeeper.config.server-write-timeout | string | `"10s"` |  |
-| gatekeeper.image.tag | string | `"2.14.0"` |  |
+| gatekeeper.containerSecurityContext.allowPrivilegeEscalation | bool | `false` |  |
+| gatekeeper.containerSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` |  |
+| gatekeeper.image.tag | string | `"2.14.3"` |  |
 | gatekeeper.livenessProbe.enabled | bool | `true` |  |
 | gatekeeper.replicaCount | int | `2` |  |
 | gatekeeper.resources.limits.cpu | string | `"100m"` |  |

diff --git a/charts/oidc-forward-auth/values.yaml b/charts/oidc-forward-auth/values.yaml
@@ -16,7 +16,12 @@ gatekeeper:
     enabled: true
 
   image:
-    tag: 2.14.0
+    tag: 2.14.3
+
+  containerSecurityContext:
+    allowPrivilegeEscalation: false
+    seccompProfile:
+      type: RuntimeDefault
 
   config: