Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] chore: Update curl container securityContext settings #101

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[WIP] chore: Update curl container securityContext settings #101

wants to merge 1 commit into from

Conversation

coreydaley
Copy link
Member

@coreydaley coreydaley commented Feb 13, 2025
edited
Loading

Description of the change

Set secure defaults for the securityContext on the curl container.

Existing or Associated Issue(s)

https://issues.redhat.com/browse/RHIDP-6005

Additional Information

Checklist

  • Chart version bumped in Chart.yaml according to semver.
  • Variables are documented in the values.yaml and added to the README.md. The pre-commit utility can be used to generate the necessary content. Use pre-commit run -a to apply changes.
  • JSON Schema template updated and re-generated the raw schema via pre-commit hook.
  • List tests pass for Chart using the Chart Testing tool and the ct lint command.

@openshift-ci openshift-ci bot requested review from gazarenkov and tumido February 13, 2025 02:20
@coreydaley coreydaley force-pushed the 2025-02-12-curl-pod-security-context-fix branch from 6a1ff25 to 9bf75a3 Compare February 13, 2025 02:20
@coreydaley coreydaley changed the title chore: Update curl container securityContext settings [WIP] chore: Update curl container securityContext settings Feb 13, 2025
@coreydaley
Copy link
Member Author

I am working on finding a solution for the non-numeric user id, whether that is getting CURL to fix their image, finding another one that works, or building our own

@coreydaley coreydaley force-pushed the 2025-02-12-curl-pod-security-context-fix branch 6 times, most recently from 9a048d1 to 3c45687 Compare February 13, 2025 20:48
@coreydaley coreydaley closed this Feb 13, 2025
@coreydaley coreydaley reopened this Feb 13, 2025
@coreydaley coreydaley force-pushed the 2025-02-12-curl-pod-security-context-fix branch from d899540 to df7d26b Compare February 14, 2025 16:29
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

rm3l
rm3l reviewed Feb 14, 2025
View reviewed changes
charts/backstage/ci/with-custom-image-for-test-pod-values.yaml
@@ -10,5 +10,5 @@ upstream:
test:
image:
registry: quay.io
repository: curl/curl-base
tag: 8.11.1
repository: rhdh-community/curl
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The point of this file is to test an image other than what we have in the default values.yaml, to make sure that it is possible to configure the image.
Is it possible to use a different image (just for CI) that would meet the new security requirements?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rm3l rm3l rm3l left review comments

@gazarenkov gazarenkov Awaiting requested review from gazarenkov

@tumido tumido Awaiting requested review from tumido

Assignees
No one assigned
Labels
do-not-merge/work-in-progress
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@coreydaley @rm3l