DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Jail/chroot nginx process inside controller container (#8337)

Browse source 
* Initial work on chrooting nginx process

* More improvements in chroot

* Fix charts and some file locations

* Fix symlink on non chrooted container

* fix psp test

* Add e2e tests to chroot image

* Fix logger

* Add internal logger in controller

* Fix overlay for chrooted tests

* Fix tests

* fix boilerplates

* Fix unittest to point to the right pid

* Fix PR review
This commit is contained in:
Ricardo Katz 2022-04-09 01:48:04 -03:00 committed by GitHub
parent 83ce21b4dd
commit 3def835a6a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
41 changed files with 456 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

3
charts/ingress-nginx/values.yaml
View file

@ -16,6 +16,8 @@ commonLabels: {}
controller:
name: controller
image:
## Keep false as default for now!
chroot: false
registry: k8s.gcr.io
image: ingress-nginx/controller
## for backwards compatibility consider setting the full image url via the repository value below
@ -23,6 +25,7 @@ controller:
## repository:
tag: "v1.1.3"
digest: sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2
# digestChroot: "" # TODO: Fill when we have it
pullPolicy: IfNotPresent
# www-data -> uid 101
runAsUser: 101