search

helm / charts

⚠️(OBSOLETE) Curated applications for Kubernetes
Apache License 2.0
15.49k stars 16.79k forks source link

[stable/openebs] Add securityContexts #17782

Closed davidkarlsen closed 4 years ago

davidkarlsen commented 5 years ago

Is your feature request related to a problem? Please describe. Feature req: add security-contexts to the different pods/containers - so that they run with only required permissions, readonly container if possible, and avoid running as root etc.

Describe the solution you'd like SecurityContext defined in values for each deployment, with strict (only required) defaults

Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.

Additional context This will match well with ICP (IBM Cloud Private) where namespaces are bound to a PSP through a role-binding, binding a cluster-role, which again has use access to some predefined PSPs. This will allow us to use the least privileged one https://www.ibm.com/support/knowledgecenter/en/SSBS6K_3.1.1/manage_cluster/security.html

stale[bot] commented 5 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions.

kmova commented 5 years ago

This will be attempted for 1.5 release.

stale[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions.

kmova commented 4 years ago

This is being worked on. As a first step the current RBAC rules are being reviewed. https://github.com/openebs/openebs/pull/2850

stale[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions.

stale[bot] commented 4 years ago

This issue is being automatically closed due to inactivity.

kmova commented 4 years ago

The fix is being worked on at : https://github.com/openebs/openebs/pull/2850