Iain Sproat
Iain Sproat
ServiceAccounts are provided for each service. ServiceAccounts are configurable, and are enabled by default. These ServiceAccounts do not mount service account token (which allows access to the kubernetes API). As...
## What package are you referring to? Kubernetes manifests ## Is your feature request related to a problem? Please describe. To security harden running containers on kubernetes, they should have...
## What package are you referring to? Helm Chart ## Is your feature request related to a problem? Please describe. Service Accounts, implemented as part of https://github.com/specklesystems/speckle-server/issues/859, restrict the secrets...
Updates github PR template to be in default location expected by Github. ❗ squash merge this PR ❗
To reduce likelihood of CRLF characters being incorporated, we wish to configure the project to use LF only.
Speckle pods should run with minimal privileges and capabilities to function. To verify, run the following and follow the advisory guidance: ```shell helm template my-speckle-server ./utils/helm/speckle-server \ --values ../iain_speckle_dev-values.yaml \...
## What package are you referring to? Frontend, helm chart ## Describe the bug Frontend runs as root and has a writeable root file system ## Additional context https://github.com/openresty/docker-openresty/issues/119 ##...
## What package are you referring to? File import service ## Describe the bug File import service initially appears to Prometheus to be in an unknown state. This is because...
## What package are you referring to? docker-compose on Windows ## Describe the bug Reported by community member @BenHur https://speckle.community/t/local-speckle-server-importing-a-file-not-working/3382/2 ## To Reproduce ## Expected behavior ## Screenshots ## System...
## Description & motivation [Network policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) are used to deny arbitrary network egress and ingress to a pod. They effectively act as a simple 'firewall' around each service. This provides...