[SURE-8270] Gitjob controller security context

Open manno opened this issue 1 year ago • 0 comments

The fleet-controller and fleet-agent dissallow privilege escalation and use a read only filesystem. Gitjob controller should do the same.

https://github.com/rancher/fleet/blob/main/charts/fleet/templates/deployment.yaml#L172-L178
https://github.com/rancher/fleet/blob/main/charts/fleet-agent/templates/deployment.yaml#L30-L36

See https://github.com/rancher/fleet/blob/main/charts/fleet/templates/deployment_gitjob.yaml We will need to add empty dirs for the writablel directories.

These must be disabled in debug mode, so we can attach debuggers and profilers.

Apr 23 '24 11:04 manno