Skip to content

Navigation Menu

Explore
By company size
By use case
By industry
View all solutions
Topics
- AI
- DevOps
- Security
- Software Development
- View all
Explore
- GitHub Sponsors
  Fund open source developers
- The ReadME Project
  GitHub community articles
Repositories
- Enterprise platform
  AI-powered developer platform
Available add-ons
Pricing

Search code, repositories, users, issues, pull requests...

Search

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

FlowFuse / helm Public

Notifications You must be signed in to change notification settings
Fork 14
Star 5

Code
Issues 12
Pull requests 5
Actions
Projects
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Actions
Projects
Security
Insights

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add `containerSecurityContext` for each container #289

Merged

hardillb merged 3 commits into main from feat-container-security-context

Jan 31, 2024

Merged

feat: Add `containerSecurityContext` for each container #289

hardillb merged 3 commits into main from feat-container-security-context

Jan 31, 2024

Conversation 13 Commits 3 Checks 37 Files changed

Conversation

Copy link

Contributor

ppawlowski commented Jan 28, 2024

Description

This PR adds the possibility to configure containerSecurityContext for each container created by our helm chart.

Related Issue(s)

Checklist

I have read the contribution guidelines
Suitable unit/system level tests have been added and they pass
Documentation has been updated
- Upgrade instructions
- Configuration details
- Concepts
Changes flowforge.yml?
- Issue/PR raised on FlowFuse/helm to update ConfigMap Template
- Issue/PR raised on FlowFuse/CloudProject to update values for Staging/Production

Labels

Backport needed? -> add the backport label
Includes a DB migration? -> add the area:migration label

Sorry, something went wrong.

All reactions


          Add container security context for core application, broker, and file…

c5be981

… storage containers

Copy link

github-actions bot commented Jan 28, 2024 •

edited

Loading

node-red:3.1.x-main-linux-amd64 scan results

3 tests ±0 0 ✅ ±0 0s ⏱️ ±0s
2 suites ±0 0 💤 ±0
1 files ±0 3 ❌ ±0

For more details on these failures, see this check.

Results for commit 0641700. ± Comparison against base commit e2cc6dc.

♻️ This comment has been updated with latest results.

All reactions

Sorry, something went wrong.

Copy link

github-actions bot commented Jan 28, 2024 •

edited

Loading

node-red:3.0.2-main-linux-amd64 scan results

1 files ±0 4 suites ±0 0s ⏱️ ±0s
4 tests ±0 0 ✅ ±0 0 💤 ±0 4 ❌ ±0
5 runs ±0 0 ✅ ±0 0 💤 ±0 5 ❌ ±0

For more details on these failures, see this check.

Results for commit 0641700. ± Comparison against base commit e2cc6dc.

♻️ This comment has been updated with latest results.

All reactions

Sorry, something went wrong.

Copy link

github-actions bot commented Jan 28, 2024 •

edited

Loading

node-red:2.2.3-main-linux-amd64 scan results

26 tests ±0 0 ✅ ±0 0s ⏱️ ±0s
4 suites ±0 0 💤 ±0
1 files ±0 26 ❌ ±0

For more details on these failures, see this check.

Results for commit 0641700. ± Comparison against base commit e2cc6dc.

♻️ This comment has been updated with latest results.

All reactions

Sorry, something went wrong.

Copy link

github-actions bot commented Jan 28, 2024 •

edited

Loading

node-red:3.0.2-main-linux-arm64 scan results

1 files ±0 4 suites ±0 0s ⏱️ ±0s
4 tests ±0 0 ✅ ±0 0 💤 ±0 4 ❌ ±0
5 runs ±0 0 ✅ ±0 0 💤 ±0 5 ❌ ±0

For more details on these failures, see this check.

Results for commit 0641700. ± Comparison against base commit e2cc6dc.

♻️ This comment has been updated with latest results.

All reactions

Sorry, something went wrong.

Copy link

github-actions bot commented Jan 28, 2024 •

edited

Loading

file-server:main-linux-amd64 scan results

1 tests ±0 0 ✅ ±0 0s ⏱️ ±0s
4 suites ±0 0 💤 ±0
1 files ±0 1 ❌ ±0

For more details on these failures, see this check.

Results for commit 0641700. ± Comparison against base commit e2cc6dc.

♻️ This comment has been updated with latest results.

All reactions

Sorry, something went wrong.

Copy link

github-actions bot commented Jan 28, 2024 •

edited

Loading

forge-k8s:main-linux-amd64 scan results

1 tests ±0 0 ✅ ±0 0s ⏱️ ±0s
4 suites ±0 0 💤 ±0
1 files ±0 1 ❌ ±0

For more details on these failures, see this check.

Results for commit 0641700. ± Comparison against base commit e2cc6dc.

♻️ This comment has been updated with latest results.

All reactions

Sorry, something went wrong.

Copy link

github-actions bot commented Jan 28, 2024 •

edited

Loading

node-red:2.2.3-main-linux-arm64 scan results

26 tests ±0 0 ✅ ±0 0s ⏱️ ±0s
4 suites ±0 0 💤 ±0
1 files ±0 26 ❌ ±0

For more details on these failures, see this check.

Results for commit 0641700. ± Comparison against base commit e2cc6dc.

♻️ This comment has been updated with latest results.

All reactions

Sorry, something went wrong.

Copy link

github-actions bot commented Jan 28, 2024 •

edited

Loading

node-red:3.1.x-main-linux-arm64 scan results

3 tests ±0 0 ✅ ±0 0s ⏱️ ±0s
2 suites ±0 0 💤 ±0
1 files ±0 3 ❌ ±0

For more details on these failures, see this check.

Results for commit 0641700. ± Comparison against base commit e2cc6dc.

♻️ This comment has been updated with latest results.

All reactions

Sorry, something went wrong.

Copy link

github-actions bot commented Jan 28, 2024 •

edited

Loading

file-server:main-linux-arm64 scan results

1 tests ±0 0 ✅ ±0 0s ⏱️ ±0s
4 suites ±0 0 💤 ±0
1 files ±0 1 ❌ ±0

For more details on these failures, see this check.

Results for commit 0641700. ± Comparison against base commit e2cc6dc.

♻️ This comment has been updated with latest results.

All reactions

Sorry, something went wrong.

Copy link

github-actions bot commented Jan 28, 2024 •

edited

Loading

forge-k8s:main-linux-arm64 scan results

1 tests ±0 0 ✅ ±0 0s ⏱️ ±0s
4 suites ±0 0 💤 ±0
1 files ±0 1 ❌ ±0

For more details on these failures, see this check.

Results for commit 0641700. ± Comparison against base commit e2cc6dc.

♻️ This comment has been updated with latest results.

All reactions

Sorry, something went wrong.

ppawlowski requested a review from hardillb

January 30, 2024 11:07

Copy link

Contributor

hardillb commented Jan 30, 2024

Are we missing a entry in the values.yml for the file-store?

All reactions

Sorry, something went wrong.

hardillb reviewed

View reviewed changes

helm/flowforge/templates/file-storage.yml Outdated

-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        readOnlyRootFilesystem: true
+                      securityContext: {{- toYaml .Values.forge.broker.containerSecurityContext | nindent 10 }}

Copy link

Contributor

hardillb Jan 30, 2024

There was a problem hiding this comment.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is using the broker settings

Suggested change

      
                    securityContext: {{- toYaml .Values.forge.broker.containerSecurityContext | nindent 10 }}
          
                    securityContext: {{- toYaml .Values.forge.fileStore.containerSecurityContext | nindent 10 }}

Sorry, something went wrong.

All reactions

hardillb requested changes

View reviewed changes

Copy link

Contributor

hardillb left a comment

There was a problem hiding this comment.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Spotted 2 things

Sorry, something went wrong.

All reactions

ppawlowski added 2 commits

January 31, 2024 10:48


          Update security context for file storage container

c354a23


          Add missing containerSecurityContext vakues for fileStore

ppawlowski requested a review from hardillb

January 31, 2024 09:50

hardillb approved these changes

View reviewed changes

hardillb merged commit d0321eb into main

37 checks passed

hardillb deleted the feat-container-security-context branch

January 31, 2024 10:23

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

hardillb hardillb approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

Add this suggestion to a batch that can be applied as a single commit. This suggestion is invalid because no changes were made to the code. Suggestions cannot be applied while the pull request is closed. Suggestions cannot be applied while viewing a subset of changes. Only one suggestion per line can be applied in a batch. Add this suggestion to a batch that can be applied as a single commit. Applying suggestions on deleted lines is not supported. You must change the existing code in this line in order to create a valid suggestion. Outdated suggestions cannot be applied. This suggestion has been applied or marked resolved. Suggestions cannot be applied from pending reviews. Suggestions cannot be applied on multi-line comments. Suggestions cannot be applied while the pull request is queued to merge. Suggestion cannot be applied right now. Please check back later.

Footer

© 2024 GitHub, Inc.

Footer navigation

Terms
Privacy
Security
Status
Docs
Contact

You can’t perform that action at this time.