[infinispan-issues] [JBoss JIRA] (ISPN-12063) Infinispan Operator should not use busybox in initcontainer

Ramon Gordillo Gutierrez (Jira) issues at jboss.org
Mon Jun 29 12:58:42 EDT 2020 

     [ https://issues.redhat.com/browse/ISPN-12063?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ramon Gordillo Gutierrez updated ISPN-12063:
--------------------------------------------
    Description: 
Currently, Infinispan Operator sets up an initContainer to fix possible permission issues on the storage used by the container. This initContainer uses busybox:latest :

[https://github.com/infinispan/infinispan-operator/blob/master/pkg/controller/infinispan/infinispan_controller.go#L1270]

This is a security issue. It can also create an exception if someone by mistake breaks the busybox shell.

It will be needed that an ubi8 image is used, like in the infinispan base image. Better if the same infinispan image (that also has a shell) can be used, so only one is downloaded.

 

  was:
Currently, Infinispan Operator sets up an initContainer to fix possible permission issues on the storage used by the continer. This initContainer uses busybox:latest :

[https://github.com/infinispan/infinispan-operator/blob/master/pkg/controller/infinispan/infinispan_controller.go#L1270]

This is a security issue. It can also create an exception if someone by mistake breaks the busybox shell.

It will be needed that an ubi8 image is used, like in the infinispan base image. Better if the same infinispan image (that also has a shell) can be used, so only one is downloaded.

 



> Infinispan Operator should not use busybox in initcontainer
> -----------------------------------------------------------
>
>                 Key: ISPN-12063
>                 URL: https://issues.redhat.com/browse/ISPN-12063
>             Project: Infinispan
>          Issue Type: Feature Request
>          Components: Operator
>    Affects Versions: 11.0.0.Final
>            Reporter: Ramon Gordillo Gutierrez
>            Assignee: Vittorio Rigamonti
>            Priority: Major
>
> Currently, Infinispan Operator sets up an initContainer to fix possible permission issues on the storage used by the container. This initContainer uses busybox:latest :
> [https://github.com/infinispan/infinispan-operator/blob/master/pkg/controller/infinispan/infinispan_controller.go#L1270]
> This is a security issue. It can also create an exception if someone by mistake breaks the busybox shell.
> It will be needed that an ubi8 image is used, like in the infinispan base image. Better if the same infinispan image (that also has a shell) can be used, so only one is downloaded.
>  



--
This message was sent by Atlassian Jira
(v7.13.8#713008)

More information about the infinispan-issues mailing list