Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(helm): set readOnlyRootFilesystem/runAsUser/runAsGroup on ingress/egress deployments #6164

Merged
merged 3 commits into from
Mar 14, 2023
Merged

fix(helm): set readOnlyRootFilesystem/runAsUser/runAsGroup on ingress/egress deployments #6164

merged 3 commits into from
Mar 14, 2023

Conversation

michaelbeaumont
Copy link
Contributor

Use the kuma-dp user, the same one we use as default for sidecars.

Checklist prior to review

  • Link to relevant issue as well as docs and UI issues -- reintroduce kube-linter checks #6049
  • This will not break child repos: it doesn't hardcode values (.e.g "kumahq" as a image registry) and it will work on Windows, system specific functions like syscall.Mkfifo have equivalent implementation on the other OS --
  • Tests (Unit test, E2E tests, manual test on universal and k8s) --
  • Do you need to update UPGRADE.md? --
  • Does it need to be backported according to the backporting policy? --
  • Do you need to explicitly set a > Changelog: entry here or add a ci/ label to run fewer/more tests?

@michaelbeaumont michaelbeaumont added the ci/run-full-matrix PR: Runs all possible e2e test combination (expensive use carefully) label Mar 1, 2023
@michaelbeaumont michaelbeaumont requested review from a team, jakubdyszkiewicz and Automaat and removed request for a team March 1, 2023 08:33
lahabana
lahabana previously approved these changes Mar 10, 2023
View reviewed changes
Copy link
Contributor

@lahabana lahabana left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's a lot of duped code between egress and ingress would be nice to be able to factor this to a common thing...

@michaelbeaumont michaelbeaumont marked this pull request as draft March 10, 2023 12:37
@michaelbeaumont
fix(helm): set readOnlyRootFilesystem/runAsNonRoot on ingress/egress …
3c9b08f 
…deployments

Signed-off-by: Mike Beaumont <mjboamail@gmail.com>
@michaelbeaumont
chore: docs and golden files
0aa30d1 
Signed-off-by: Mike Beaumont <mjboamail@gmail.com>
@michaelbeaumont michaelbeaumont marked this pull request as ready for review March 10, 2023 14:24
@michaelbeaumont michaelbeaumont dismissed lahabana’s stale review March 10, 2023 14:24

refactored with values

@michaelbeaumont michaelbeaumont enabled auto-merge (squash) March 14, 2023 11:43
lahabana
lahabana approved these changes Mar 14, 2023
View reviewed changes
Copy link
Contributor

@lahabana lahabana left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lgtm

@michaelbeaumont michaelbeaumont merged commit 2875b62 into kumahq:master Mar 14, 2023
@michaelbeaumont michaelbeaumont deleted the fix/helm_eingress branch March 14, 2023 14:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lahabana lahabana lahabana approved these changes

@jakubdyszkiewicz jakubdyszkiewicz Awaiting requested review from jakubdyszkiewicz

@Automaat Automaat Awaiting requested review from Automaat

Assignees
No one assigned
Labels
ci/run-full-matrix PR: Runs all possible e2e test combination (expensive use carefully)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@michaelbeaumont @lahabana