Uploaded image for project: 'Couchbase Kubernetes'
  1. Couchbase Kubernetes
  2. K8S-2336

Audit cleanup hardened image

    XMLWordPrintable

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • not-targeted
    • operator
    • None
    • 5

    Description

      Provide a custom binary just to do audit cleanup in a hardened image.

      This will require an extra container to be pushed to both container registries we support. Note for Red Hat this will likely need a UBI base so negates the whole "security" argument.

      I have asked for details on the criteria being used to deem it "acceptable", for now security best practices will be assumed.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          An extension to consider would be to relocate the audit log (and it's rotated older versions - check if we can just move these) to a subdirectory. We can then limit write access to just that subdirectory for the sidecar.

          patrick.stephens Patrick Stephens (Inactive) added a comment - An extension to consider would be to relocate the audit log (and it's rotated older versions - check if we can just move these) to a subdirectory. We can then limit write access to just that subdirectory for the sidecar.

          Possibly need to include other aspects too, e.g. https://github.com/goodwithtech/dockle

          patrick.stephens Patrick Stephens (Inactive) added a comment - Possibly need to include other aspects too, e.g. https://github.com/goodwithtech/dockle

          Moving to 2.3 GA rather than beta as not got firm requirements yet.

          patrick.stephens Patrick Stephens (Inactive) added a comment - Moving to 2.3 GA rather than beta as not got firm requirements yet.

          People

            roshani.sanghavi Roshani Sanghavi (Inactive)
            patrick.stephens Patrick Stephens (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty