Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] storage and db containers use core's security context #134

Closed
andrewazores opened this issue Apr 18, 2024 · 0 comments
Closed

[Bug] storage and db containers use core's security context #134

andrewazores opened this issue Apr 18, 2024 · 0 comments
Assignees
@tthvo
Labels
bug Something isn't working

Comments

@andrewazores
Copy link
Member 

          > https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container

Maybe it makes sense for us to apply a general Pod security context around everything, and then have optional container security contexts for each container within the Pod:

https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container

Except for cases like this where we seem to know that a container will not run under the general Pod context, or at least on some common and supported k8s/OCP versions it won't, then we can provide a default for that particular container.

After saying all that, I see we do have separate container security contexts:

https://github.com/cryostatio/cryostat-helm?tab=readme-ov-file#jfr-data-source-container

But the new storage and db containers don't have their own. They are mistakenly reusing the core context.

Originally posted by @andrewazores in #133 (comment)
@andrewazores andrewazores added the bug Something isn't working label Apr 18, 2024
@andrewazores andrewazores moved this to Todo in 3.0.0 release Apr 18, 2024
@tthvo tthvo self-assigned this Apr 18, 2024
@tthvo tthvo moved this from Todo to In Progress in 3.0.0 release Apr 18, 2024
@tthvo tthvo mentioned this issue Apr 18, 2024
Merged
@tthvo tthvo closed this as completed Apr 18, 2024
@github-project-automation github-project-automation bot moved this from In Progress to Done in 3.0.0 release Apr 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tthvo tthvo

Labels
bug Something isn't working
Projects
No open projects
3.0.0 release
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@andrewazores @tthvo