You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Feed-ingress does not currently support running with the following securityContext setting, which would help to increase the security of the running container.
The first two are directories and hence an EmptyDir can be mounted for them, for example. The NGINX config and the template are individual files that live in the main /nginx directory along with other required files, hence can't be volume-mounted.
Simply using a mountable directory for the NGINX config (e.g. /nginx/conf/) might be sufficient to allow running with readOnlyRootFilesystem: true (kubesec.io docs). However, we should also check what other files feed-ingress or NGINX might write to.
The text was updated successfully, but these errors were encountered:
Feed-ingress does not currently support running with the following
securityContextsetting, which would help to increase the security of the running container.feed-ingress writes to (at least):
/var/log/nginx(or wherever--access-log-dirpoints)/tmp/nginx/nginx.conf/nginx/nginx.tmplThe first two are directories and hence an EmptyDir can be mounted for them, for example. The NGINX config and the template are individual files that live in the main
/nginxdirectory along with other required files, hence can't be volume-mounted.Simply using a mountable directory for the NGINX config (e.g.
/nginx/conf/) might be sufficient to allow running withreadOnlyRootFilesystem: true(kubesec.io docs). However, we should also check what other files feed-ingress or NGINX might write to.The text was updated successfully, but these errors were encountered: