Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[agent] Add support for running unprivileged #46

Merged
merged 39 commits into from
Sep 21, 2022
Merged

[agent] Add support for running unprivileged #46

merged 39 commits into from
Sep 21, 2022

Conversation

jawnsy
Copy link
Contributor

@jawnsy jawnsy commented Sep 20, 2022

Run as a non-root user with a read-only filesystem, mounting an emptyDir volume for temporary state files. This also prevents privilege escalation by default.

@jamiezieziula
initial
c41591e
@jamiezieziula
adding rbac
6403248
@jamiezieziula
Merge branch 'main' of github.com:PrefectHQ/prefect-helm into chart-o…
df08aab 
…verhaul
@jamiezieziula
added q & removed unneeded values
403c64a
@jamiezieziula
additional resources
ba8c5fb
@jamiezieziula
rename
9836318
@jamiezieziula
update workspace var
edf9a58
@jamiezieziula
test extra arg
bc8c872
@jamiezieziula
testing @param
124104f
@jamiezieziula
added descriptions
4f0587c
@jamiezieziula
remove unneeded comment
8be56a7
@jamiezieziula
testing lint workflow
ebecd9a
@jamiezieziula
test with real key
23624f7
@jamiezieziula
undu helper
b909139
@jamiezieziula
add namespace to secret creation
b8c0024
@jamiezieziula
passing ns arguement
7683822
@jamiezieziula
update ns & remove default value
0538a78
@jamiezieziula
introduce better logic for api url determination
bbc2827
@jamiezieziula
different ns
aae1888
@jamiezieziula
minor adjustments
66f794d
@jamiezieziula
switching order within action
52194d6
@jamiezieziula
testing different qorkqueue name
40d02ec
@jamiezieziula
testing inline
13af691
@jamiezieziula
cli flag
fbe5e12
@jamiezieziula
updating wq name
ed15531
@jamiezieziula
fix pathing
4312f44
@jamiezieziula
other values
90ab3f7
@jamiezieziula
testing specific linter
b58fe85
@jamiezieziula
release label config
b816b64
@jamiezieziula
remove if for kind cluster
109f4d2
jamiezieziula and others added 4 commits September 19, 2022 13:59
@jamiezieziula
adding orion test
41f4d06
@jamiezieziula
rmeove duplicate quote
e7a3d55
@jamiezieziula
removing containersecurity & adding default name
1d29ad5
@jawnsy
Add support for running unprivileged
cc37a8c 
Run as a non-root user with a read-only filesystem, mounting an
emptyDir volume for temporary state files. This also prevents
privilege escalation by default.
@jawnsy jawnsy self-assigned this Sep 20, 2022
@jawnsy jawnsy marked this pull request as ready for review September 20, 2022 03:35
@jawnsy jawnsy requested review from gabcoyne, zanieb and a team as code owners September 20, 2022 03:35
jamiezieziula
jamiezieziula previously approved these changes Sep 20, 2022
View reviewed changes
Copy link
Contributor

@jamiezieziula jamiezieziula left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeehaw this is awesome 🤠

@jawnsy
Copy link
Contributor Author

jawnsy commented Sep 20, 2022

@jamiezieziula I'll wait until you merge yours, then will merge this to main 🥳

In the meantime, I'll just leave this in draft

@jawnsy jawnsy marked this pull request as draft September 20, 2022 16:06
Base automatically changed from chart-overhaul to main September 21, 2022 21:28
@jamiezieziula jamiezieziula marked this pull request as ready for review September 21, 2022 21:29
jamiezieziula
jamiezieziula previously approved these changes Sep 21, 2022
View reviewed changes
@jamiezieziula jamiezieziula added the enhancement An improvement of an existing feature label Sep 21, 2022
@jamiezieziula jamiezieziula changed the title Add support for running unprivileged [agent] Add support for running unprivileged Sep 21, 2022
@jawnsy jawnsy merged commit 6dc61c9 into main Sep 21, 2022
@jawnsy jawnsy deleted the jawnsy/add-readonly-support branch September 21, 2022 22:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jamiezieziula jamiezieziula jamiezieziula approved these changes

@gabcoyne gabcoyne Awaiting requested review from gabcoyne

@zanieb zanieb Awaiting requested review from zanieb

Assignees

@jawnsy jawnsy

Labels
enhancement An improvement of an existing feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jawnsy @jamiezieziula