Skip to content

Commit

Permalink
Set readOnlyRootFilesystem as true in Controller and Webhook
Browse files Browse the repository at this point in the history 
Setting Controller's Deployment security context readOnlyRootFilesystem
to true to increase the security and to avoid being flagged by the security scanner.
  • Loading branch information
@khrm @tekton-robot
khrm authored and tekton-robot committed Jul 3, 2024
1 parent 9bc3dd0 commit dd5ea60
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 0 deletions.
1 change: 1 addition & 0 deletions config/controller.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,7 @@ spec:
value: config-leader-election-triggers-controllers
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- "ALL"
Expand Down
1 change: 1 addition & 0 deletions config/webhook.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ spec:
containerPort: 8443
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
# User 65532 is the distroless nonroot user ID
runAsUser: 65532
runAsGroup: 65532
Expand Down

0 comments on commit dd5ea60

Please sign in to comment.