Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add securityContext to controller pod #346

Merged
merged 1 commit into from
Jan 27, 2022
Merged

Add securityContext to controller pod #346

merged 1 commit into from
Jan 27, 2022

Conversation

concaf
Copy link
Contributor

@concaf concaf commented Jan 21, 2022

This commit adds securityContext to the controller pod which has been
missing till now. This is in line with securityContext in other Tekton
components like pipeline and triggers.

There are a few reasons why securityContext is important to add to the
controller:

  • the securityContext specifies the user and group as 65532 which is
    what is used by the distroless nonroot image that ko uses in the
    controller image.
  • securityContext is also useful in distributions like OpenShift which
    assign a random user while running a pod. If securityContext is not
    set, the controller fails with permission denied errors like in Error uploading signature and attestation #320

@concaf
Add securityContext to controller pod
b5031b7 
This commit adds securityContext to the controller pod which has been
missing till now. This is in line with securityContext in other Tekton
components like pipeline and triggers.

There are a few reasons why securityContext is important to add to the
controller:
- the securityContext specifies the user and group as 65532 which is
  what is used by the distroless nonroot image that ko uses in the
  controller image.
- securityContext is also useful in distributions like OpenShift which
  assign a random user while running a pod. If securityContext is not
  set, the controller fails with permission denied errors like in tektoncd#320
@tekton-robot tekton-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Jan 21, 2022
vdemeester
vdemeester reviewed Jan 21, 2022
View reviewed changes
Copy link
Member

@vdemeester vdemeester left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+:100: for consistency with the rest of the component controller's deployment

@tekton-robot tekton-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 21, 2022
priyawadhwa
priyawadhwa approved these changes Jan 27, 2022
View reviewed changes
Copy link
Contributor

@priyawadhwa priyawadhwa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for fixing this!

@tekton-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mattmoor, priyawadhwa

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [mattmoor,priyawadhwa]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@priyawadhwa
Copy link
Contributor

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Jan 27, 2022
@priyawadhwa priyawadhwa mentioned this pull request Jan 27, 2022
Closed
@tekton-robot tekton-robot merged commit 727ff49 into tektoncd:main Jan 27, 2022
@concaf concaf mentioned this pull request Feb 8, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vdemeester vdemeester vdemeester left review comments

@priyawadhwa priyawadhwa priyawadhwa approved these changes

@mattmoor mattmoor mattmoor approved these changes

@mpeters mpeters Awaiting requested review from mpeters

Assignees

@priyawadhwa priyawadhwa

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@concaf @tekton-robot @priyawadhwa @vdemeester @mattmoor