fix: Stackrox DB Net Policy Fix

ArthurVardevanyan · Feb 11, 2024 · 68fcfcb · 68fcfcb
1 parent 1e860c0
commit 68fcfcb
Show file tree

Hide file tree

Showing 9 changed files with 12 additions and 12 deletions.
diff --git a/kubernetes/homeassistant/base/statefulset.yaml b/kubernetes/homeassistant/base/statefulset.yaml
@@ -46,7 +46,7 @@ spec:
             value: "1"
       containers:
         - name: homeassistant
-          image: homeassistant/home-assistant:2024.1.4@sha256:b5bcbcad4669e4e6b3ef7d7c8c841268d06c0eb83ad6b64aaca12cb85e9e204c
+          image: homeassistant/home-assistant:2024.2.1@sha256:5808ca4b75d89950a705119370198c53f83ab7de3c3632e2948e1305d27d649d
           securityContext:
             allowPrivilegeEscalation: true
             seccompProfile:

diff --git a/kubernetes/nextcloud/base/cronjob.yaml b/kubernetes/nextcloud/base/cronjob.yaml
@@ -51,7 +51,7 @@ spec:
                 claimName: nextcloud-data
           containers:
             - name: nextcloud-cron
-              image: nextcloud:28.0.1-apache@sha256:3d17745d388ac65fe0572ff3f1e45a868ad6c8e74ea98e03762feda9f0603fff
+              image: nextcloud:28.0.2-apache@sha256:0d231d59967d997141be8016c41df5e05f03137abbf741a8f0be2c0a8af80cf6
               command:
                 - /bin/sh
                 - "-c"

diff --git a/kubernetes/nextcloud/base/preview-cronjob.yaml b/kubernetes/nextcloud/base/preview-cronjob.yaml
@@ -52,7 +52,7 @@ spec:
             runAsUser: 33
           containers:
             - name: nextcloud-preview
-              image: nextcloud:28.0.1-apache@sha256:3d17745d388ac65fe0572ff3f1e45a868ad6c8e74ea98e03762feda9f0603fff
+              image: nextcloud:28.0.2-apache@sha256:0d231d59967d997141be8016c41df5e05f03137abbf741a8f0be2c0a8af80cf6
               command:
                 - /bin/sh
                 - -c

diff --git a/kubernetes/nextcloud/base/statefulset.yaml b/kubernetes/nextcloud/base/statefulset.yaml
@@ -43,7 +43,7 @@ spec:
         runAsUser: 33
       containers:
         - name: nextcloud
-          image: nextcloud:28.0.1-apache@sha256:3d17745d388ac65fe0572ff3f1e45a868ad6c8e74ea98e03762feda9f0603fff
+          image: nextcloud:28.0.2-apache@sha256:0d231d59967d997141be8016c41df5e05f03137abbf741a8f0be2c0a8af80cf6
           securityContext:
             runAsGroup: 33
             runAsUser: 33

diff --git a/kubernetes/quay/base/postgres/clair/network-policy.yaml b/kubernetes/quay/base/postgres/clair/network-policy.yaml
@@ -45,15 +45,15 @@ spec:
     - from:
         - namespaceSelector:
             matchLabels:
-              kubernetes.io/metadata.name: postgres
+              kubernetes.io/metadata.name: quay
           podSelector:
             matchLabels:
               postgres-operator.crunchydata.com/cluster: clair
   egress:
     - to:
         - namespaceSelector:
             matchLabels:
-              kubernetes.io/metadata.name: postgres
+              kubernetes.io/metadata.name: quay
           podSelector:
             matchLabels:
               postgres-operator.crunchydata.com/cluster: clair
diff --git a/kubernetes/quay/base/postgres/quay/network-policy.yaml b/kubernetes/quay/base/postgres/quay/network-policy.yaml
@@ -57,15 +57,15 @@ spec:
     - from:
         - namespaceSelector:
             matchLabels:
-              kubernetes.io/metadata.name: postgres
+              kubernetes.io/metadata.name: quay
           podSelector:
             matchLabels:
               postgres-operator.crunchydata.com/cluster: quay
   egress:
     - to:
         - namespaceSelector:
             matchLabels:
-              kubernetes.io/metadata.name: postgres
+              kubernetes.io/metadata.name: quay
           podSelector:
             matchLabels:
               postgres-operator.crunchydata.com/cluster: quay
diff --git a/kubernetes/stackrox-central/base/postgres/network-policy.yaml b/kubernetes/stackrox-central/base/postgres/network-policy.yaml
@@ -44,7 +44,7 @@ spec:
     - from:
         - namespaceSelector:
             matchLabels:
-              kubernetes.io/metadata.name: postgres
+              kubernetes.io/metadata.name: stackrox
           podSelector:
             matchLabels:
               postgres-operator.crunchydata.com/cluster: stackrox
diff --git a/kubernetes/stackrox-central/base/postgres/postgres.yaml b/kubernetes/stackrox-central/base/postgres/postgres.yaml
@@ -1,6 +1,6 @@
 # StackroxDB Tweak
 # alter user stackrox createdb;
-# alter user stackrox superuser
+# alter user stackrox superuser;
 # PSQL 15 Public Scheme Tweak
 # \c stackrox
 # GRANT CREATE ON SCHEMA public TO stackrox;
@@ -65,7 +65,7 @@ spec:
           - ReadWriteOnce
         resources:
           requests:
-            storage: 15Gi
+            storage: 5Gi
       name: ""
       replicas: 2
       resources:

diff --git a/kubernetes/unifi-network-application/base/statefulset.yaml b/kubernetes/unifi-network-application/base/statefulset.yaml
@@ -25,7 +25,7 @@ spec:
       serviceAccountName: unifi-network-application
       containers:
         - name: unifi-network-application
-          image: linuxserver/unifi-network-application:8.0.28@sha256:e673a6100ef8de6ec5e3d8b7bd48f1d1940466f74801048c046a471f5219f551
+          image: linuxserver/unifi-network-application:8.0.28-ls28@sha256:53b3734cad2a2c18297a2e4e17c29dec05061767f3187561c3ed483b4762fedc
           securityContext:
             runAsNonRoot: false
             privileged: true