deps: Update policies, kubectl image (#478)

Signed-off-by: Víctor Cuadrado Juan <[email protected]> Co-authored-by: Kubewarden bot <[email protected]> Co-authored-by: Víctor Cuadrado Juan <[email protected]>
kubewarden · Jul 8, 2024 · 9e64083 · 9e64083
1 parent 69ad86a
commit 9e64083
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 2 deletions.
diff --git a/charts/kubewarden-controller/values.yaml b/charts/kubewarden-controller/values.yaml
@@ -107,7 +107,7 @@ preDeleteJob:
     # The registry is defined in the global.cattle.systemDefaultRegistry value
     # kubectl image to be used in the pre-delete helm hook
     repository: "kubewarden/kubectl"
-    tag: v1.27.15
+    tag: v1.30.2
 # kubewarden-controller deployment settings:
 podAnnotations: {}
 nodeSelector: {}

diff --git a/charts/kubewarden-defaults/questions.yaml b/charts/kubewarden-defaults/questions.yaml
@@ -324,6 +324,20 @@ questions:
   #           tooltip: Maxium UID or GID
   #           type: int
   #           variable: max
+  # - variable: recommendedPolicies.userGroupPolicy.settings.validate_container_image_configuration
+  #   default: false
+  #   tooltip: Validate the USER directive in the container image
+  #   label: Validate container image configuration
+  #   description: >-
+  #     Validate the USER directive in the container image. If set to true, the
+  #     policy will enforce the same rules as MustRunAs and MustRunAsNonRoot for
+  #     the run_as_user. And checks if the group of the USER directive is in the
+  #     run_as_group range. The user and group should be defined as uid and gid.
+  #     Container image validation is skipped if the container image is a Windows
+  #     container. And user and groups names are not allowed.
+  #   required: false
+  #   type: boolean
+  #
   # do-not-share-host-paths policy settings
   #
   # TODO sequence[ is not implemented in rancher/dashboard yet: https://github.com/rancher/dashboard/issues/10826

diff --git a/charts/kubewarden-defaults/values.yaml b/charts/kubewarden-defaults/values.yaml
@@ -157,7 +157,7 @@ recommendedPolicies:
   userGroupPolicy:
     module:
       repository: "kubewarden/policies/user-group-psp"
-      tag: v0.5.0
+      tag: v0.6.0
     name: "do-not-run-as-root"
     settings:
       run_as_user:
@@ -166,6 +166,7 @@ recommendedPolicies:
         rule: "RunAsAny"
       supplemental_groups:
         rule: "RunAsAny"
+      "validate_container_image_configuration": true
   hostPathsPolicy:
     module:
       repository: "kubewarden/policies/hostpaths-psp"