Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

controller: mark all volume mounts readOnly=true #250

Closed
mathetake opened this issue Jan 31, 2025 · 0 comments · Fixed by #252
Closed

controller: mark all volume mounts readOnly=true #250

mathetake opened this issue Jan 31, 2025 · 0 comments · Fixed by #252
Labels
enhancement New feature or request good first issue Good for newcomers

Comments

@mathetake
Copy link
Member

Description:

The AI Gateway ExtProc deployment/containers mount some secrets/configmaps. However, it only needs to read the contents, and so the write permission is unnecessary.

[optional Relevant Links:]

I would like the corev1.VolumeMount's ReadOnly flag to always true in https://github.com/envoyproxy/ai-gateway/blob/main/internal/controller/sink.go
@mathetake mathetake added enhancement New feature or request good first issue Good for newcomers labels Jan 31, 2025
@daixiang0 daixiang0 mentioned this issue Jan 31, 2025
Merged
mathetake added a commit that referenced this issue Feb 4, 2025
@daixiang0 @mathetake
controller: mark all volume mounts ReadOnly=true (#252)
c1d6831 
**Commit Message**

Mark all volume mounts readonly to ensure security.


**Related Issues/PRs (if applicable)**

Fix #250

---------

Signed-off-by: Loong <[email protected]>
Co-authored-by: Takeshi Yoneda <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

controller: mark all volume mounts ReadOnly=true daixiang0/ai-gateway
1 participant
@mathetake