Uploaded image for project: 'OpenShift Pipelines'
  1. OpenShift Pipelines
  2. SRVKP-9252

Set readOnlyRootFilesystem as true on Tekton Operator's containers

XMLWordPrintable

    • 2
    • False
    • Hide

      None

      Show
      None
    • False
    • Hide
      Enhanced security for tkn-cli-serve by enabling readOnlyRootFilesystem and isolating writable directories through emptyDir volumes and an initContainer.
      Enhance security for the pipelines-console-plugin container by setting readOnlyRootFilesystem: true in its security context. Introduced writable emptyDir volumes for required nginx directories to ensure proper functionality with a read-only root filesystem.


      Show
      Enhanced security for tkn-cli-serve by enabling readOnlyRootFilesystem and isolating writable directories through emptyDir volumes and an initContainer. Enhance security for the pipelines-console-plugin container by setting readOnlyRootFilesystem: true in its security context. Introduced writable emptyDir volumes for required nginx directories to ensure proper functionality with a read-only root filesystem.

      Story (Required)

      SeeĀ SRVKP-7303, According to security best practice, it's recommended to set readOnlyRootFilesystem: true for all containers running on kubernetes. All operators and operands should explicitly set readOnlyRootFilesystem to true unless there are legitimate reasons for not doing so and with an explanation to why the root filesystem is not readonly.

      This task is for tekton-operator component.

      Set readOnlyRootFilesystem to true for tkn-cli-serve
      Set readOnlyRootFilesystem to true for pipelines-console-plugin

              rh-ee-abghosh Abhishek Ghosh
              rh-ee-abghosh Abhishek Ghosh
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: