-
Notifications
You must be signed in to change notification settings - Fork 39
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Pod Security Standards #266
Milestone
Comments
jmesnil
added a commit
to jmesnil/wildfly-operator
that referenced
this issue
Mar 13, 2023
Configure the statefulset's pods to run in non-root mode. It drops all security capabilities and does not allow priviledge escalation. This fixes wildfly#266 WIP add security context to statefulset Signed-off-by: Jeff Mesnil <[email protected]>
jmesnil
added a commit
to jmesnil/wildfly-operator
that referenced
this issue
Mar 13, 2023
* Add a default Security Context if the user does not specify one from the WildFlyServerSpec. * In the CSV, updates the operator's own deployment to comply with the security standards. This fixes wildfly#266 Signed-off-by: Jeff Mesnil <[email protected]>
jmesnil
added a commit
to jmesnil/wildfly-operator
that referenced
this issue
Mar 14, 2023
* Add a default Security Context if the user does not specify one from the WildFlyServerSpec. * In the CSV, updates the operator's own deployment to comply with the security standards. This fixes wildfly#266 Signed-off-by: Jeff Mesnil <[email protected]>
jmesnil
added a commit
to jmesnil/wildfly-operator
that referenced
this issue
Mar 14, 2023
* Add a default Security Context if the user does not specify one from the WildFlyServerSpec. * In the CSV, updates the operator's own deployment to comply with the security standards. This fixes wildfly#266 Signed-off-by: Jeff Mesnil <[email protected]>
jmesnil
added a commit
to jmesnil/wildfly-operator
that referenced
this issue
Mar 14, 2023
* Add a default Security Context if the user does not specify one from the WildFlyServerSpec. * In the CSV, updates the operator's own deployment to comply with the security standards. This fixes wildfly#266 Signed-off-by: Jeff Mesnil <[email protected]>
jmesnil
added a commit
to jmesnil/wildfly-operator
that referenced
this issue
Mar 14, 2023
* Add a default Security Context if the user does not specify one from the WildFlyServerSpec. * In the CSV, updates the operator's own deployment to comply with the security standards. This fixes wildfly#266 Signed-off-by: Jeff Mesnil <[email protected]>
jmesnil
added a commit
to jmesnil/wildfly-operator
that referenced
this issue
Mar 29, 2023
* Add a default Security Context if the user does not specify one from the WildFlyServerSpec. * In the CSV, updates the operator's own deployment to comply with the security standards. This fixes wildfly#266 Signed-off-by: Jeff Mesnil <[email protected]>
jmesnil
added a commit
that referenced
this issue
Mar 29, 2023
[#266] Updated Pod security standards
jmesnil
added a commit
to jmesnil/wildfly-operator
that referenced
this issue
Apr 11, 2023
* Do not specify the 185 (jboss) user by default Signed-off-by: Jeff Mesnil <[email protected]>
jmesnil
added a commit
to jmesnil/wildfly-operator
that referenced
this issue
Apr 12, 2023
* Revert the default security context Signed-off-by: Jeff Mesnil <[email protected]>
jmesnil
added a commit
that referenced
this issue
Apr 25, 2023
[#266] Updated Pod security standards
jmesnil
added a commit
to jmesnil/wildfly-operator
that referenced
this issue
May 31, 2023
Add security context settings to Kustomized resources. Signed-off-by: Jeff Mesnil <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Kubernetes Pod Security Standards are being updated (as explained in https://sdk.operatorframework.io/docs/best-practices/pod-security-standards/) and the WildFly Operator lags behind these changes.
In the
main
branch, the user can specify theSecurityContext
on the deployed Pod templates to control the behaviour (#238).However, it is missing a
seccompProfile
to comply with the security standards.In addition, we can provide a good default value for this security context and do not need to ask the user to specify it.
The text was updated successfully, but these errors were encountered: