Loading...

XML

Word

Printable

Type: Story
Resolution: Done
Priority: Major
Fix Version/s: Pipelines 1.19
Affects Version/s: Pipelines 1.19
Component/s: OpenShift Pipelines
Labels:
- must-have

Sprint:
Pipelines Sprint Pioneers 28
Story Points:
5
Release Note Text:

Hide
* Users can now define their own securityContext under the EventListener YAML.
ex:
```
spec:
  serviceAccountName: tekton-triggers-example-sa
  resources:
    kubernetesResource:
      spec:
        template:
          spec:
            securityContext:
              runAsNonRoot: true
            containers:
              - resources:
                  requests:
                    memory: "64Mi"
                    cpu: "250m"
                  limits:
                    memory: "128Mi"
                    cpu: "500m"
                securityContext:
                  readOnlyRootFilesystem: true
```
* When el-security-context is true
    - If the user sets a custom securityContext, it is give priority and used same.
    - If not, a default securityContext is applied.

Show
* Users can now define their own securityContext under the EventListener YAML. ex: ``` spec:   serviceAccountName: tekton-triggers-example-sa   resources:     kubernetesResource:       spec:         template:           spec:             securityContext:               runAsNonRoot: true             containers:               - resources:                   requests:                     memory: "64Mi"                     cpu: "250m"                   limits:                     memory: "128Mi"                     cpu: "500m"                 securityContext:                   readOnlyRootFilesystem: true ``` * When el-security-context is true     - If the user sets a custom securityContext, it is give priority and used same.     - If not, a default securityContext is applied.
Git Pull Request:
https://github.com/openshift/openshift-docs/pull/94734

Now one can set the SCC in the definition of an event listener, notably make it run as non-root. I think this needs a new module under https://docs.redhat.com/en/documentation/red_hat_openshift_pipelines/1.18/html/securing_openshift_pipelines/securing-webhooks-with-event-listeners#op-providing-secure-connection_securing-webhooks-with-event-listeners

documents

SRVKP-6620 Enable "securityContext" to be set by end user in Openshift-Pipelines Triggers using eventlistener

Closed

links to

openshift/openshift-docs#94734: [RHDEVDOCS-6461] Configuring securityContext in EventListener definition

openshift/openshift-docs#95599: [pipelines-docs-1.19] [RHDEVDOCS-6461] Configuring securityContext in EventListener definition

Assignee:: Ondrej Chromy

Reporter:: Mikhail Ramendik

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2025/05/20 1:10 AM

Updated:: 2025/07/07 10:09 AM

Resolved:: 2025/07/07 10:09 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates