Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Capture security concerns about pipeline-controller #25

Closed
yiannistri opened this issue Sep 16, 2022 · 6 comments
Closed

Capture security concerns about pipeline-controller #25

yiannistri opened this issue Sep 16, 2022 · 6 comments
Assignees
@enekofb
Labels
area/pipelines spike team/wild-watermelon

Comments

@yiannistri
Copy link
Collaborator

yiannistri commented Sep 16, 2022
edited
Loading

Currently the pipeline-controller allows for cross-namespace references for applications and environments. We should capture any security concerns in this area.
@yiannistri yiannistri transferred this issue from weaveworks/weave-gitops-enterprise Sep 16, 2022
@enekofb enekofb self-assigned this Sep 21, 2022
@enekofb
Copy link
Contributor

enekofb commented Sep 21, 2022

pairing with @sympatheticmoose

@enekofb enekofb mentioned this issue Sep 21, 2022
Closed
@enekofb
Copy link
Contributor

enekofb commented Sep 21, 2022

working in the branch

weaveworks/weave-gitops-private#77 and

https://miro.com/app/board/uXjVPdlWbO0=/?share_link_id=150662081250

@lasomethingsomething
Copy link

@enekofb Do we know if this is still true? @squaremo

@squaremo
Copy link
Contributor

Yep still true, and still a concern. https://github.com/weaveworks/pipeline-controller/blob/main/api/v1alpha1/pipeline_types.go#L218

@lasomethingsomething
Copy link

lasomethingsomething commented Jul 24, 2023
edited
Loading

Two concerns:

  • you need secrets (large blast radius)
  • cross-name references sprinkled willy-nilly, problem in K8s

We should do something about this if we want Pipeline Controller to be GA.

Also part of Pipelines initiative.

@lasomethingsomething
Copy link

Closing--docs here. We should do something about this if we want Pipeline Controller to be GA. Also part of Pipelines initiative.”: Talk to Michael about feasibility.). Follow-up work to be captured in new issues:

  • TODO: Remove the current cross-namespace reference we have
  • “you need secrets (large blast radius). We should do something about this if we want Pipeline Controller to be GA. Also part of Pipelines initiative.”: Talk to @squaremo about feasibility.

Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@enekofb enekofb

Labels
area/pipelines spike team/wild-watermelon
Projects
None yet
Milestone
No milestone
5 participants
@squaremo @yitsushi @lasomethingsomething @yiannistri @enekofb