Helm

Helm chart now explicitly declares DAC_READ_SEARCH, which is required to discover dependencies and run Certificate Expiry attacks. Most container runtimes already provide a superset of this capability (DAC_OVERRIDE) by default.

Make gremlin.container.driver=any the new default, when set gremlin.container.driver=any will attempt to mount all possible container driver paths, delegating to gremlin to pick the runtime. This option has served as the easiest way to get Gremlin up and running on containerized systems because you don't need to know or muck with container driver details.

You can now add labels to the deployed Gremlin Pods using the chao.podLabels and gremlin.podLabels parameters. See the Chart documentation for details.

You can now specify SELinux options to apply to the Gremlin DaemonSet container securityContext using the gremlin.podSecurity.seLinuxOptions parameter. See the Chart documentation for details.