Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set readOnlyRootFilesystem as true in Controller and Webhook #1735

Merged
merged 1 commit into from
Jul 3, 2024
Merged

Set readOnlyRootFilesystem as true in Controller and Webhook #1735

merged 1 commit into from
Jul 3, 2024

Conversation

khrm
Copy link
Contributor

@khrm khrm commented May 17, 2024
edited
Loading

Setting Controller's Deployment security context readOnlyRootFilesystem to true to increase the security and to avoid being flagged by the security scanner.

Changes

Submitter Checklist

As the author of this PR, please check off the items in this checklist:

  • Has Docs if any changes are user facing, including updates to minimum requirements e.g. Kubernetes version bumps
  • Has Tests included if any functionality added or changed
  • Follows the commit message standard
  • Meets the Tekton contributor standards (including functionality, content, code)
  • Has a kind label. You can add one by adding a comment on this PR that contains /kind <type>. Valid types are bug, cleanup, design, documentation, feature, flake, misc, question, tep
  • Release notes block below has been updated with any user facing changes (API changes, bug fixes, changes requiring upgrade notices or deprecation warnings). See some examples of good release notes.
  • Release notes contains the string "action required" if the change requires additional action from users switching to the new release

Release Notes

Controller's and Webhook's Deployment security context `readOnlyRootFilesystem`  are set to true to increase the security and to avoid being flagged by the security scanner.

@khrm
Set readOnlyRootFilesystem as true in Controller and Webhook
2771e8e 
Setting Controller's Deployment security context readOnlyRootFilesystem
to true to increase the security and to avoid being flagged by the security scanner.
@tekton-robot tekton-robot added the release-note-none Denotes a PR that doesnt merit a release note. label May 17, 2024
@tekton-robot tekton-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label May 17, 2024
khrm
khrm commented May 17, 2024
View reviewed changes
Copy link
Contributor Author

@khrm khrm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/kind security

@tekton-robot tekton-robot added the kind/security Categorizes issue or PR as related to a security issue label May 17, 2024
@savitaashture
Copy link
Contributor

Should we add readOnlyRootFilesystem to EL deployment as well?

@khrm
Copy link
Contributor Author

khrm commented May 20, 2024

We need that via a configuration not only yaml.

@savitaashture
Copy link
Contributor

savitaashture commented May 20, 2024
edited
Loading

We need that via a configuration not only yaml.

Yup i was also thinking the same

I was assuming that change should be part of this PR so added review comment

@tekton-robot tekton-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed release-note-none Denotes a PR that doesnt merit a release note. labels Jun 5, 2024
@tekton-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dibyom

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 11, 2024
@kristofferchr kristofferchr mentioned this pull request Jul 2, 2024
Closed
@khrm
Copy link
Contributor Author

khrm commented Jul 3, 2024

@savitaashture We can merge this now. There's a pr for EL now.

@savitaashture
Copy link
Contributor

@savitaashture We can merge this now. There's a pr for EL now.

Sure

@savitaashture
Copy link
Contributor

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Jul 3, 2024
@tekton-robot tekton-robot merged commit dd5ea60 into tektoncd:main Jul 3, 2024
6 checks passed
@khrm khrm deleted the readOnlyRootFilesystem branch July 3, 2024 12:13
@savitaashture savitaashture mentioned this pull request Aug 28, 2024
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dibyom dibyom dibyom approved these changes

@savitaashture savitaashture Awaiting requested review from savitaashture

Assignees

@savitaashture savitaashture

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/security Categorizes issue or PR as related to a security issue lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@khrm @savitaashture @tekton-robot @dibyom