-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable security features by default #11819
Conversation
✅ Deploy Preview for kubernetes-ingress-nginx canceled.
|
3de00d7
to
df1a115
Compare
@aojea: The label(s) In response to this: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
dc9222b
to
427baf8
Compare
427baf8
to
771614f
Compare
/priority critical-urgent for context kubernetes/kubernetes#126744 and The proliferation of annotations and the complexity to sanitize the inputs is causing a lot of damage to the security reputation of the project. We should aim for a secure by default setup that does not put on risk the non-advanced users |
Actually there might be more to enable by default, like strict path type checking. I'm currently on vacation, but I'll try to contribute here in the next days. |
/triage accepted |
/assign @kubernetes/ingress-nginx-maintainers |
I did enabled the strict path already :)
…On Tue, 20 Aug 2024 at 13:40 Antonio Ojea ***@***.***> wrote:
/assign @kubernetes/ingress-nginx-maintainers
<https://github.com/orgs/kubernetes/teams/ingress-nginx-maintainers>
—
Reply to this email directly, view it on GitHub
<#11819 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABWZQBNKMUBYXWDHFZ77CHTZSNWP7AVCNFSM6AAAAABMWTGKVKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEOJZGI4TGOBVHA>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: longwuyuan, rikatz The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
The changes in the chart in conjunction with those in the controller effectively break the flag. Before you could opt-in for annotation validation by enabling the flag in the chart, now, if you disable it, nothing happens as we do not pass I'll create a follow-up PR to fix this. |
Also we forgot to update the help text in |
What this PR does / why we need it:
This PR:
Also makes validation enabled by default
Types of changes