Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Delete controllers package #270

Merged
merged 14 commits into from
Apr 27, 2020
Merged

Delete controllers package #270

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
ad4a68a
rename root fs check
rbren Mar 30, 2020
1a3b864
speed up docker build
rbren Mar 30, 2020
0f38d84
refactor webhook to be more generic
rbren Mar 30, 2020
1eec31d
delete controllers pkg
rbren Mar 30, 2020
727ef41
revert deploy
rbren Mar 30, 2020
2dd26a9
fix example config
rbren Mar 30, 2020
cd9c519
remove controllersToScan config
rbren Mar 30, 2020
073d3fa
fix lint error
rbren Mar 30, 2020
1c4048e
fix webhook name
rbren Mar 30, 2020
c03ce93
FileSystem -> Filesystem
rbren Apr 10, 2020
71be455
update deps
rbren Apr 24, 2020
d9ca8c9
skip node owners
rbren Apr 24, 2020
15de959
clean up meta tracking
rbren Apr 27, 2020
c203cb6
Merge branch 'master' into rb/refactor
rbren Apr 27, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
FileSystem -> Filesystem
  • Loading branch information
@rbren
rbren committed Apr 24, 2020
commit c03ce9323f9ee905361f98196cabf80d1396f632
6 changes: 3 additions & 3 deletions deploy/dashboard.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ data:
# security
hostIPCSet: error
hostPIDSet: error
notReadOnlyRootFileSystem: warning
notReadOnlyRootFilesystem: warning
privilegeEscalationAllowed: error
runAsRootAllowed: warning
runAsPrivileged: error
Expand Down Expand Up @@ -100,7 +100,7 @@ data:
- tiller
- kube2iam
rules:
- notReadOnlyRootFileSystem
- notReadOnlyRootFilesystem
- controllerNames:
- cert-manager
- dns-controller
Expand Down Expand Up @@ -128,7 +128,7 @@ data:
- goldilocks
- insights-agent-goldilocks-vpa-install
rules:
- notReadOnlyRootFileSystem
- notReadOnlyRootFilesystem
- controllerNames:
- insights-agent-goldilocks-controller
rules:
Expand Down
6 changes: 3 additions & 3 deletions deploy/webhook.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ data:
# security
hostIPCSet: error
hostPIDSet: error
notReadOnlyRootFileSystem: warning
notReadOnlyRootFilesystem: warning
privilegeEscalationAllowed: error
runAsRootAllowed: warning
runAsPrivileged: error
Expand Down Expand Up @@ -113,7 +113,7 @@ data:
- tiller
- kube2iam
rules:
- notReadOnlyRootFileSystem
- notReadOnlyRootFilesystem
- controllerNames:
- cert-manager
- dns-controller
Expand Down Expand Up @@ -141,7 +141,7 @@ data:
- goldilocks
- insights-agent-goldilocks-vpa-install
rules:
- notReadOnlyRootFileSystem
- notReadOnlyRootFilesystem
- controllerNames:
- insights-agent-goldilocks-controller
rules:
Expand Down
2 changes: 1 addition & 1 deletion docs/check-documentation/security.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ key | default | description
----|---------|------------
`security.hostIPCSet` | `error` | Fails when `hostIPC` attribute is configured.
`security.hostPIDSet` | `error` | Fails when `hostPID` attribute is configured.
`security.notReadOnlyRootFileSystem` | `warning` | Fails when `securityContext.readOnlyRootFilesystem` is not true.
`security.notReadOnlyRootFilesystem` | `warning` | Fails when `securityContext.readOnlyRootFilesystem` is not true.
`security.privilegeEscalationAllowed` | `error` | Fails when `securityContext.allowPrivilegeEscalation` is true.
`security.runAsRootAllowed` | `error` | Fails when `securityContext.runAsNonRoot` is not true.
`security.runAsPrivileged` | `error` | Fails when `securityContext.privileged` is true.
Expand Down