Uploaded image for project: 'OpenShift Pipelines'
  1. OpenShift Pipelines
  2. SRVKP-9661

Require `readOnlyRootFilesystem: true` on hub db pod

XMLWordPrintable

    • Pipelines Sprint CrookShank 44

      Description of problem:

      SRVKP-7303 sets all pods in openshift-pipelines ns to readonlyrootfs, but the hub db is missing with these permissions set in the deployment and pods.

      Prerequisites (if any, like setup, operators/versions):

      1.20.2 and 1.21.0

      Steps to Reproduce

      Install OSP on any supported OCP

      for deployments in $(kubectl get po -n openshift-pipelines -o name); do
  echo "--- $deployments ---"
  kubectl get -n openshift-pipelines $deployments -o yaml | grep readOnlyRootFilesystem
done

      Actual results:

      Hub DB is not set with readonlyrootfs

      Expected results:

      Hub DB should set with readonlyrootfs

      Reproducibility (Always/Intermittent/Only Once):

      Always

      Additional info (Such as Logs, Screenshots, etc):

      --- pod/pipelines-as-code-controller-68f456448b-wwm47 ---
      readOnlyRootFilesystem: true
--- pod/pipelines-as-code-watcher-5d8d7595c5-jjw6s ---
      readOnlyRootFilesystem: true
--- pod/pipelines-as-code-webhook-6fd4795458-wf96b ---
      readOnlyRootFilesystem: true
--- pod/pipelines-console-plugin-5d74859fc7-mnbjf ---
--- pod/tekton-chains-controller-0 ---
      readOnlyRootFilesystem: true
--- pod/tekton-chains-controller-1 ---
      readOnlyRootFilesystem: true
--- pod/tekton-events-controller-f7bdff94d-5lfr2 ---
      readOnlyRootFilesystem: true
--- pod/tekton-hub-api-659694dfbf-v6ff8 ---
      readOnlyRootFilesystem: true
--- pod/tekton-hub-db-795b5db857-gwkk2 ---
--- pod/tekton-hub-db-migration-bvpn4 ---
      readOnlyRootFilesystem: true
--- pod/tekton-hub-ui-796b444bd9-fn7q7 ---
      readOnlyRootFilesystem: true
--- pod/tekton-operator-proxy-webhook-6df6cb8f6d-qt92d ---
--- pod/tekton-pipelines-controller-0 ---
      readOnlyRootFilesystem: true
--- pod/tekton-pipelines-controller-1 ---
      readOnlyRootFilesystem: true
--- pod/tekton-pipelines-remote-resolvers-0 ---
      readOnlyRootFilesystem: true
--- pod/tekton-pipelines-remote-resolvers-1 ---
      readOnlyRootFilesystem: true
--- pod/tekton-pipelines-webhook-5c56894747-q2j22 ---
      readOnlyRootFilesystem: true
--- pod/tekton-results-api-6d7dfbfc57-xc7xl ---
      readOnlyRootFilesystem: true
--- pod/tekton-results-postgres-0 ---
--- pod/tekton-results-retention-policy-agent-7576bd6bcb-gt67w ---
      readOnlyRootFilesystem: true
--- pod/tekton-results-watcher-0 ---
      readOnlyRootFilesystem: true
--- pod/tekton-results-watcher-1 ---
      readOnlyRootFilesystem: true
--- pod/tekton-triggers-controller-8d7f9767d-xvg9k ---
      readOnlyRootFilesystem: true
--- pod/tekton-triggers-core-interceptors-6576b57ffb-9xfj8 ---
      readOnlyRootFilesystem: true
--- pod/tekton-triggers-webhook-7d669f4ffb-4jv8k ---
      readOnlyRootFilesystem: true
--- pod/tkn-cli-serve-5595fc854b-9fzbg ---

       

       *

              shverma Shiv Verma
              rhn-support-sselvan Sri Vignesh Selvan
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: