Skip to content

feat: improve infrastructure security #75

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Kuruyia merged 8 commits into from
Feb 24, 2024
Merged

feat: improve infrastructure security #75

Kuruyia merged 8 commits into from
Feb 24, 2024

Conversation

@Kuruyia
Copy link
Collaborator

@Kuruyia Kuruyia commented Feb 24, 2024

This improves the overall security of the project by doing the following:

  • Sign the container images that are pushed to GHCR via the CI
  • Add an image signature verification policy in Kubernetes
  • Run the microservices as a non-root user in the containers
  • Drop privileges in the Kubernetes deployments
  • Configure resource limits for the containers in Kubernetes
  • Configure network policies in Kubernetes

Other changes

The dorny/paths-filter action in the CI has been updated to v3.

@Kuruyia Kuruyia added the enhancement New feature or request label Feb 24, 2024
@Kuruyia Kuruyia self-assigned this Feb 24, 2024
@Kuruyia Kuruyia changed the title feat: improve security feat: improve infrastructure security Feb 24, 2024
@Kuruyia Kuruyia merged commit 5c576d5 into main Feb 24, 2024
@Kuruyia Kuruyia deleted the feat/improve-security branch February 24, 2024 23:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thomas-mauran thomas-mauran thomas-mauran approved these changes

Assignees

@Kuruyia Kuruyia

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Kuruyia @thomas-mauran