{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}} |
| pushgateway.customURL | If you want to use a custom Pushgatway, specify its URL. Stash will not inject pushgatway sidecar if you set this field. | "" |
| cleaner.registry | Docker registry used to pull Webhook cleaner image | appscode |
-| cleaner.repository | Webhook cleaner container image | kubectl |
-| cleaner.tag | Webhook cleaner container image tag | v1.22 |
+| cleaner.repository | Webhook cleaner container image | kubectl-nonroot |
+| cleaner.tag | Webhook cleaner container image tag | "1.25" |
| cleaner.skip | Skip generating cleaner YAML | false |
| cleaner.securityContext | Security options the Prometheus pushgateway container should run with | {"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}} |
| cleaner.nodeSelector | Node labels for pod assignment | {"kubernetes.io/os":"linux"} |
diff --git a/charts/stash-community/values.yaml b/charts/stash-community/values.yaml
index 5be35ca8..25e595c3 100644
--- a/charts/stash-community/values.yaml
+++ b/charts/stash-community/values.yaml
@@ -100,9 +100,9 @@ cleaner:
# Docker registry used to pull Webhook cleaner image
registry: appscode
# Webhook cleaner container image
- repository: kubectl
+ repository: kubectl-nonroot
# Webhook cleaner container image tag
- tag: v1.22
+ tag: "1.25"
# Skip generating cleaner YAML
skip: false
# Security options the Prometheus pushgateway container should run with
diff --git a/charts/stash-enterprise/README.md b/charts/stash-enterprise/README.md
index 837d0d5e..00cc8078 100644
--- a/charts/stash-enterprise/README.md
+++ b/charts/stash-enterprise/README.md
@@ -74,8 +74,8 @@ The following table lists the configurable parameters of the `stash-enterprise`
| pushgateway.securityContext | Security options the Prometheus pushgateway container should run with | {"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}} |
| pushgateway.customURL | If you want to use a custom Pushgatway, specify its URL. Stash will not inject pushgatway sidecar if you set this field. | "" |
| cleaner.registry | Docker registry used to pull Webhook cleaner image | appscode |
-| cleaner.repository | Webhook cleaner container image | kubectl |
-| cleaner.tag | Webhook cleaner container image tag | v1.22 |
+| cleaner.repository | Webhook cleaner container image | kubectl-nonroot |
+| cleaner.tag | Webhook cleaner container image tag | "1.25" |
| cleaner.skip | Skip generating cleaner YAML | false |
| cleaner.securityContext | Security options the Prometheus pushgateway container should run with | {"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}} |
| cleaner.nodeSelector | Node labels for pod assignment | {"kubernetes.io/os":"linux"} |
diff --git a/charts/stash-enterprise/values.yaml b/charts/stash-enterprise/values.yaml
index 18660072..063adadc 100644
--- a/charts/stash-enterprise/values.yaml
+++ b/charts/stash-enterprise/values.yaml
@@ -98,9 +98,9 @@ cleaner:
# Docker registry used to pull Webhook cleaner image
registry: appscode
# Webhook cleaner container image
- repository: kubectl
+ repository: kubectl-nonroot
# Webhook cleaner container image tag
- tag: v1.22
+ tag: "1.25"
# Skip generating cleaner YAML
skip: false
# Security options the Prometheus pushgateway container should run with