Iain Sproat

feat(helm chart): serviceAccounts are provided for each service

2

ServiceAccounts are provided for each service. ServiceAccounts are configurable, and are enabled by default. These ServiceAccounts do not mount service account token (which allows access to the kubernetes API). As...

## What package are you referring to? Kubernetes manifests ## Is your feature request related to a problem? Please describe. To security harden running containers on kubernetes, they should have...

## What package are you referring to? Helm Chart ## Is your feature request related to a problem? Please describe. Service Accounts, implemented as part of https://github.com/specklesystems/speckle-server/issues/859, restrict the secrets...

GitHub template update

1

Updates github PR template to be in default location expected by Github. ❗ squash merge this PR ❗

style(vscode workspace): set EOL character to line feed (LF) symbol

1

To reduce likelihood of CRLF characters being incorporated, we wish to configure the project to use LF only.

feat(helm chart): add SecurityContext to pods and containers

2

Speckle pods should run with minimal privileges and capabilities to function. To verify, run the following and follow the advisory guidance: ```shell helm template my-speckle-server ./utils/helm/speckle-server \ --values ../iain_speckle_dev-values.yaml \...

Helm: frontend should not run as root and have readonly file system

1

## What package are you referring to? Frontend, helm chart ## Describe the bug Frontend runs as root and has a writeable root file system ## Additional context https://github.com/openresty/docker-openresty/issues/119 ##...

Bug(metrics): fileimport service does not produce metrics until after a file is imported

1

## What package are you referring to? File import service ## Describe the bug File import service initially appears to Prometheus to be in an unknown state. This is because...

## What package are you referring to? docker-compose on Windows ## Describe the bug Reported by community member @BenHur https://speckle.community/t/local-speckle-server-importing-a-file-not-working/3382/2 ## To Reproduce ## Expected behavior ## Screenshots ## System...

feat(helm chart): network policies are provided for all services

6

## Description & motivation [Network policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) are used to deny arbitrary network egress and ingress to a pod. They effectively act as a simple 'firewall' around each service. This provides...