Helm: frontend should not run as root and have readonly file system #919

iainsproat · 2022-08-12T09:43:39Z

What package are you referring to?

Frontend, helm chart

Frontend runs as root and has a writeable root file system

Mount a temp volume to a known endpoint, and amend the nginx.conf to write to paths on that volume.

Update the helm chart to run frontend as a non root user and a non-writeable root file system.

iainsproat · 2022-08-15T13:49:17Z

Re-opening as the PR was reverted in #929

iainsproat · 2022-12-06T19:21:41Z

iainsproat added helm security do not use this label: please report all security vulnerabilities at [email protected] labels Aug 12, 2022

iainsproat self-assigned this Aug 12, 2022

iainsproat mentioned this issue Aug 12, 2022

feat(helm chart): add SecurityContext to pods and containers #917

Merged

gjedlicska closed this as completed in #917 Aug 15, 2022

iainsproat reopened this Aug 15, 2022

iainsproat mentioned this issue Aug 15, 2022

fix(nginx): revert nginx conf to prior to securityContext change #931

Closed

6 tasks

didimitrie added the [ devops ] label Sep 5, 2022

iainsproat mentioned this issue Jan 24, 2023

chore(frontend): use bitnami/openresty as base image for frontend Dockerfile #1335

Merged

7 tasks

iainsproat closed this as completed in #1335 Jan 25, 2023

iainsproat reopened this Jan 25, 2023

iainsproat closed this as completed Feb 7, 2023