Skip to content

Set ReadOnlyRootFilesystem and AllowPrivilegeEscalation to false#3498

Merged
thisisnotashwin merged 1 commit intomainfrom
lkysow/read-only-root
Jan 24, 2024
Merged

Set ReadOnlyRootFilesystem and AllowPrivilegeEscalation to false#3498
thisisnotashwin merged 1 commit intomainfrom
lkysow/read-only-root

Conversation

@lkysow
Copy link
Copy Markdown
Contributor

@lkysow lkysow commented Jan 22, 2024
edited
Loading

Tighten up privileges for consul-dataplane and connect-init containers
when CNI is enabled.

@thisisnotashwin thisisnotashwin added pr/no-changelog PR does not need a corresponding .changelog entry pr/no-backport signals that a PR will not contain a backport label labels Jan 22, 2024
@lkysow
Copy link
Copy Markdown
Contributor Author

lkysow commented Jan 22, 2024

Also need to add to meshwebhookv2

@lkysow
Set ReadOnlyRootFilesystem and AllowPrivilegeEscalation to false
3077563 
Tighten up privileges for consul-dataplane and connect-init containers
when CNI is enabled.
@lkysow lkysow force-pushed the lkysow/read-only-root branch from 9a5eafb to 3077563 Compare January 24, 2024 20:02
@lkysow lkysow marked this pull request as ready for review January 24, 2024 20:21
@thisisnotashwin thisisnotashwin added backport/1.1.x Backport to release/1.1.x branch backport/1.2.x This release branch is no longer active. backport/1.3.x This release branch is no longer active. and removed pr/no-backport signals that a PR will not contain a backport label labels Jan 24, 2024
thisisnotashwin
thisisnotashwin approved these changes Jan 24, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@thisisnotashwin thisisnotashwin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TYSM

@thisisnotashwin thisisnotashwin merged commit 89f30a6 into main Jan 24, 2024
@thisisnotashwin thisisnotashwin deleted the lkysow/read-only-root branch January 24, 2024 21:38
This was referenced Jan 24, 2024
Closed
Closed
Merged
thisisnotashwin pushed a commit that referenced this pull request Jan 24, 2024
@lkysow @thisisnotashwin
Set ReadOnlyRootFilesystem and AllowPrivilegeEscalation to false (#3498)
8e188ad 
Tighten up privileges for consul-dataplane and connect-init containers when CNI is enabled.
thisisnotashwin pushed a commit that referenced this pull request Jan 24, 2024
@lkysow @thisisnotashwin
Set ReadOnlyRootFilesystem and AllowPrivilegeEscalation to false (#3498)
f5d4ba5 
Tighten up privileges for consul-dataplane and connect-init containers when CNI is enabled.
lkysow added a commit that referenced this pull request Jan 24, 2024
@lkysow
Changelog for #3498
9dd57eb
thisisnotashwin pushed a commit that referenced this pull request Jan 24, 2024
@lkysow
Set ReadOnlyRootFilesystem and AllowPrivilegeEscalation to false (#3498
9ffee90 
…) (#3511)

Tighten up privileges for consul-dataplane and connect-init containers when CNI is enabled.

Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
thisisnotashwin pushed a commit that referenced this pull request Jan 24, 2024
@lkysow
Set ReadOnlyRootFilesystem and AllowPrivilegeEscalation to false (#3498
f09382f 
…) (#3512)

Tighten up privileges for consul-dataplane and connect-init containers when CNI is enabled.

Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
thisisnotashwin pushed a commit that referenced this pull request Jan 24, 2024
@lkysow
Set ReadOnlyRootFilesystem and AllowPrivilegeEscalation to false (#3498
bedb41a 
…) (#3513)

Tighten up privileges for consul-dataplane and connect-init containers when CNI is enabled.

Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
thisisnotashwin pushed a commit that referenced this pull request Jan 24, 2024
@lkysow
Set ReadOnlyRootFilesystem and AllowPrivilegeEscalation to false (#3498
986a1d5 
…) (#3514)

Tighten up privileges for consul-dataplane and connect-init containers when CNI is enabled.

Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
thisisnotashwin pushed a commit that referenced this pull request Jan 26, 2024
@lkysow
Changelog for #3498 (#3515)
901caf3
david-yu pushed a commit that referenced this pull request Jan 26, 2024
@hc-github-team-consul-core @lkysow
Backport of Changelog for #3498 into release/1.2.x (#3524)
bf679c1 
backport of commit 9dd57eb

Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
david-yu pushed a commit that referenced this pull request Jan 26, 2024
@hc-github-team-consul-core @lkysow
Backport of Changelog for #3498 into release/1.3.x (#3525)
87e0c70 
backport of commit 9dd57eb

Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
david-yu pushed a commit that referenced this pull request Jan 26, 2024
@hc-github-team-consul-core @lkysow
Backport of Changelog for #3498 into release/1.1.x (#3523)
bd9720f 
backport of commit 9dd57eb

Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@thisisnotashwin thisisnotashwin thisisnotashwin approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

backport/1.1.x Backport to release/1.1.x branch backport/1.2.x This release branch is no longer active. backport/1.3.x This release branch is no longer active. pr/no-changelog PR does not need a corresponding .changelog entry

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lkysow @thisisnotashwin