-
Story
-
Resolution: Done
-
Normal
-
None
-
None
-
None
-
None
-
5
-
False
-
-
False
-
With this update, the `securityContext` configuration has been set to mount root filesystem as read-only by setting `readOnlyRootFilesystem: true`. This feature is available for Git, Waiter, Bundle, and ImageProcessing containers.
-
Feature
-
Proposed
-
-
-
Builds Sprint #29, Builds Sprint #30, Builds Sprint #31, Builds Sprint #32, Builds Sprint #34
-
5
Story (Required)
As a user, I want "operator" container to mount root filesystem as read-only.
Background (Required)
<Describes the context or background related to this story>
Out of scope
<Defines what is not included in this story>
Approach (Required)
Set readOnlyRootFilesystem: true in the "operator" deployment yaml.
Dependencies
<Describes what this story depends on. Dependent Stories and EPICs should be linked to the story.>
Acceptance Criteria (Mandatory)
<Describe edge cases to consider when implementing the story and defining tests>
<Provides a required and minimum list of acceptance tests for this story. More is expected as the engineer implements this story>
INVEST Checklist
Dependencies identified
Blockers noted and expected delivery timelines set
Design is implementable
Acceptance criteria agreed upon
Story estimated
Legend
Unknown
Verified
Unsatisfied
Done Checklist
- Code is completed, reviewed, documented and checked in
- Unit and integration test automation have been delivered and running cleanly in continuous integration/staging/canary environment
- Continuous Delivery pipeline(s) is able to proceed with new code included
- Customer facing documentation, API docs etc. are produced/updated, reviewed and published
- Acceptance criteria are met
- clones
-
-
- Closed
-
- is incorporated by
-
BUILD-1554 Require `readOnlyRootFilesystem: true` for build pods
-
- New
-
- links to
