Update Pod Security Standards #266
Milestone
Comments
jmesnil
added a commit
to jmesnil/wildfly-operator
that referenced
this issue
Mar 13, 2023
Configure the statefulset's pods to run in non-root mode. It drops all security capabilities and does not allow priviledge escalation. This fixes wildfly#266 WIP add security context to statefulset Signed-off-by: Jeff Mesnil <[email protected]>
jmesnil
added a commit
to jmesnil/wildfly-operator
that referenced
this issue
Mar 13, 2023
* Add a default Security Context if the user does not specify one from the WildFlyServerSpec. * In the CSV, updates the operator's own deployment to comply with the security standards. This fixes wildfly#266 Signed-off-by: Jeff Mesnil <[email protected]>
jmesnil
added a commit
to jmesnil/wildfly-operator
that referenced
this issue
Mar 14, 2023
* Add a default Security Context if the user does not specify one from the WildFlyServerSpec. * In the CSV, updates the operator's own deployment to comply with the security standards. This fixes wildfly#266 Signed-off-by: Jeff Mesnil <[email protected]>
jmesnil
added a commit
to jmesnil/wildfly-operator
that referenced
this issue
Mar 14, 2023
* Add a default Security Context if the user does not specify one from the WildFlyServerSpec. * In the CSV, updates the operator's own deployment to comply with the security standards. This fixes wildfly#266 Signed-off-by: Jeff Mesnil <[email protected]>
jmesnil
added a commit
to jmesnil/wildfly-operator
that referenced
this issue
Mar 14, 2023
* Add a default Security Context if the user does not specify one from the WildFlyServerSpec. * In the CSV, updates the operator's own deployment to comply with the security standards. This fixes wildfly#266 Signed-off-by: Jeff Mesnil <[email protected]>
jmesnil
added a commit
to jmesnil/wildfly-operator
that referenced
this issue
Mar 14, 2023
* Add a default Security Context if the user does not specify one from the WildFlyServerSpec. * In the CSV, updates the operator's own deployment to comply with the security standards. This fixes wildfly#266 Signed-off-by: Jeff Mesnil <[email protected]>
jmesnil
added a commit
to jmesnil/wildfly-operator
that referenced
this issue
Mar 29, 2023
* Add a default Security Context if the user does not specify one from the WildFlyServerSpec. * In the CSV, updates the operator's own deployment to comply with the security standards. This fixes wildfly#266 Signed-off-by: Jeff Mesnil <[email protected]>
jmesnil
added a commit
that referenced
this issue
Mar 29, 2023
[#266] Updated Pod security standards
jmesnil
added a commit
to jmesnil/wildfly-operator
that referenced
this issue
Apr 11, 2023
* Do not specify the 185 (jboss) user by default Signed-off-by: Jeff Mesnil <[email protected]>
jmesnil
added a commit
to jmesnil/wildfly-operator
that referenced
this issue
Apr 12, 2023
* Revert the default security context Signed-off-by: Jeff Mesnil <[email protected]>
jmesnil
added a commit
that referenced
this issue
Apr 25, 2023
[#266] Updated Pod security standards
jmesnil
added a commit
to jmesnil/wildfly-operator
that referenced
this issue
May 31, 2023
Add security context settings to Kustomized resources. Signed-off-by: Jeff Mesnil <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Kubernetes Pod Security Standards are being updated (as explained in https://sdk.operatorframework.io/docs/best-practices/pod-security-standards/) and the WildFly Operator lags behind these changes.
In the
mainbranch, the user can specify theSecurityContexton the deployed Pod templates to control the behaviour (#238).However, it is missing a
seccompProfileto comply with the security standards.In addition, we can provide a good default value for this security context and do not need to ask the user to specify it.
The text was updated successfully, but these errors were encountered: