Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove mounting the /var/run path from host to agent #1386

Open
anubhabMajumdar opened this issue Feb 25, 2025 · 0 comments
Open

Remove mounting the /var/run path from host to agent #1386

anubhabMajumdar opened this issue Feb 25, 2025 · 0 comments

Comments

@anubhabMajumdar
Copy link
Contributor

anubhabMajumdar commented Feb 25, 2025
edited
Loading

Describe the bug

retina-agent mounts /var/run from host directory. This can have potential issue as it can overwrite data in the directory.

Fixes:

  • Restrict access to only /var/run/cilium directory for retina-agent
  • Investigate if we can use DirectoryOrCreate and remove pkg/ciliumfs/setup.go .

Platform (please complete the following information):

  • OS: Linux
  • Kubernetes Version: All versions
  • Host: AKS
  • Retina Version:
@anubhabMajumdar anubhabMajumdar changed the title Remove mounting Remove mounting the /var/run path from host to agent Feb 25, 2025
@alexcastilio alexcastilio mentioned this issue Feb 26, 2025
Merged
7 tasks
github-merge-queue bot pushed a commit that referenced this issue Mar 14, 2025
@alexcastilio
fix: change mounting path in retina-agent from /var/run to /var/run/c…
579105e 
…ilium (#1389)

# Description

Changes:
* Change mounting path in retina-agent from /var/run to /var/run/cilium
* Hard-code volumes and volumeMounts in agent's yaml file. This does not
need to be configurable through helm chart `values.yaml` file
* Remove volumeMounts from helm chart `values.yaml` file 

## Related Issue

#1386 

## Checklist

- [ ] I have read the [contributing
documentation](https://retina.sh/docs/Contributing/overview).
- [ ] I signed and signed-off the commits (`git commit -S -s ...`). See
[this
documentation](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification)
on signing commits.
- [ ] I have correctly attributed the author(s) of the code.
- [ ] I have tested the changes locally.
- [ ] I have followed the project's style guidelines.
- [ ] I have updated the documentation, if necessary.
- [ ] I have added tests, if applicable.

## Screenshots (if applicable) or Testing Completed

Flows:

![image](https://github.com/user-attachments/assets/3eab6c62-9772-4749-b709-99d9058a3def)

## Additional Notes

Add any additional notes or context about the pull request here.

---

Please refer to the [CONTRIBUTING.md](../CONTRIBUTING.md) file for more
information on how to contribute to this project.

---------

Signed-off-by: Alex Castilio dos Santos <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Retina Triage Board
Status: No status
Milestone
No milestone
Development

No branches or pull requests
1 participant
@anubhabMajumdar