Closed Siegfriedk closed 5 months ago
almadigabor
commented
6 months ago Hey @Siegfriedk! Should we turn this TRG into a whole container/pod security topic or just keep is as non-root? I would consider adding more fields as described in the Kubernetes docs to further enhance security like runAsGroup, fsGroup and also dropping capabilities. I would welcome some suggestions here.
Siegfriedk
commented
6 months ago @almadigabor there was some discussion with the Security Team / Kristian Cicka regarding this topic. Could you ask him?
I would suggest a security context trg which could include all aspects of the running of a container
SSIRKC
commented
5 months ago Hi guys,
yes are working on a new chapter. Probably chapter 8 "Security". Checkout out our backlog: https://github.com/orgs/eclipse-tractusx/projects/44/views/1
In general the new chapter is being followed/worked on by @szafrugr and @klaudiaZF
SSIRKC
commented
5 months ago Hey @Siegfriedk! Should we turn this TRG into a whole
container/pod securitytopic or just keep is as non-root? I would consider adding more fields as described in the Kubernetes docs to further enhance security like runAsGroup, fsGroup and also dropping capabilities. I would welcome some suggestions here.
Also did some things in regards to read only file system as TRG. Maybe there is some intersection that might help :) https://eclipse-tractusx.github.io/docs/release/trg-0/trg-4-07 (Need to move it though)
almadigabor
commented
5 months ago Hey, thanks for the info! Right, seems like you're covering most of these topics in the draft TRG4-07. This case I'm not going to duplicate these in 4-03.
The TRG 4.03 contains example regarding userids https://eclipse-tractusx.github.io/docs/release/trg-4/trg-4-03 but the userids used in the examples are different.
AC: