Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add containerSecurityContext to helm charts #1278

Closed
wants to merge 2 commits into from
Closed

Add containerSecurityContext to helm charts #1278

wants to merge 2 commits into from

Conversation

funkypenguin
Copy link
Contributor

Hi guys,

For your consideration, a PR to introduce containerSecurityContexts to the operator/console deployments.

Why?

Some security mitigations can only be applied within the context of the container spec (such as dropping capabilities, or preventing privileged mode), and without the ability to configure a container securityContext, validation / security assessment tools such as Kyverno will raise exceptions for operator/console.

Example below:

Policy Reporter UI - Policy Reporter UI 2022-09-05 12-17-25

harshavardhana
harshavardhana requested changes Sep 5, 2022
View reviewed changes
helm/operator/Chart.yaml Outdated Show resolved Hide resolved
@funkypenguin
Revert chart version bump
67537ad 
Signed-off-by: David Young <[email protected]>
@dilverse dilverse mentioned this pull request Sep 27, 2022
Merged
@dilverse
Copy link
Member

dilverse commented Oct 5, 2022

Hi @funkypenguin thanks for sending this PR! Based on our testing we identified this change breaks Kubernetes 1.21 and we have support up to Kubernetes 1.20. Many of the customers still use Kubernetes 1.21. Once Kubernetes 1.26/1.27 is out we will merge it

harshavardhana
harshavardhana requested changes Oct 5, 2022
View reviewed changes
helm/operator/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v2
description: A Helm chart for MinIO Operator
name: operator
version: 4.5.0
version: 4.4.28
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you shouldn't be changing these @funkypenguin

@LeadingMoominExpert LeadingMoominExpert mentioned this pull request Nov 17, 2022
Closed
@dvaldivia
Copy link
Collaborator

I think this PR failed due to fsGroup: 1000 not being a valid field for container SecurityContext, can you update the PR removing that from the values? perhaps that will make this work

@dilverse
Copy link
Member

Fixed in #1372. Closing this PR

@dilverse dilverse closed this Dec 22, 2022
@funkypenguin funkypenguin deleted the add-containersecuritycontext branch December 22, 2022 22:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@harshavardhana harshavardhana harshavardhana requested changes

@Alevsk Alevsk Awaiting requested review from Alevsk

@cniackz cniackz Awaiting requested review from cniackz

@dilverse dilverse Awaiting requested review from dilverse

@pjuarezd pjuarezd Awaiting requested review from pjuarezd

@reivaj05 reivaj05 Awaiting requested review from reivaj05

@dvaldivia dvaldivia Awaiting requested review from dvaldivia

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@funkypenguin @dilverse @dvaldivia @harshavardhana @Alevsk