Skip to content

fix(config): harden kubernetes workload defaults#248

Merged
Agent-Hellboy merged 1 commit into
mainfrom
config/k8s_hardening_scope
May 23, 2026
Merged

fix(config): harden kubernetes workload defaults#248
Agent-Hellboy merged 1 commit into
mainfrom
config/k8s_hardening_scope

Conversation

@Agent-Hellboy
Copy link
Copy Markdown
Owner

@Agent-Hellboy Agent-Hellboy commented May 23, 2026

Summary

  • Add default-deny NetworkPolicies for Sentinel, Traefik, registry, and operator namespaces with scoped allow rules.
  • Tighten PSS labels and document baseline enforcement where checked-in hostPath/root-init exceptions remain.
  • Harden Traefik and observability workloads with non-root/securityContext defaults, resources, probes, and read-only config mounts.
  • Tighten generated runtime namespace defaults by adding restricted audit/warn labels, resource/probe defaults, and removing broad HTTP/HTTPS egress.

Validation

  • go test ./internal/runtimeapi -count=1 from services/api
  • kubectl apply --dry-run=client for changed raw k8s manifests
  • kubectl apply --dry-run=client -k for ingress base/http/prod/dev, registry base, and manager
  • git diff --check
  • pre-commit hooks during commit: gitleaks, go fmt, staticcheck, go vet, go unit tests, generated file drift

Notes

kube-linter was not installed in the local environment, so that optional lint pass was not run.

github-advanced-security[bot]
github-advanced-security AI found potential problems May 23, 2026
View reviewed changes
Comment thread k8s/03-clickhouse.yaml Fixed
gemini-code-assist[bot]
gemini-code-assist Bot reviewed May 23, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request significantly hardens the platform's security posture by implementing default-deny NetworkPolicies across core components, applying Pod Security Admission labels to namespaces, and strengthening container security contexts through non-root execution, read-only filesystems, and seccomp profiles. Additionally, it introduces resource requests/limits and health probes for several services, and transitions Traefik to non-privileged ports. Feedback highlights a potential breaking change regarding the removal of default intra-namespace traffic in managed namespaces. Further security improvements were suggested, including port-level restrictions for Traefik and Sentinel network policies and enabling a read-only root filesystem for the registry.

Comment thread services/api/internal/runtimeapi/deployments.go
Comment thread config/ingress/base/networkpolicy.yaml
Comment thread config/registry/base/deployment.yaml Outdated
Comment thread k8s/22-networkpolicies.yaml Outdated
chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed May 23, 2026
View reviewed changes
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 8202712808

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread k8s/22-networkpolicies.yaml Outdated
@Agent-Hellboy Agent-Hellboy force-pushed the config/k8s_hardening_scope branch 6 times, most recently from 9e764f6 to 0177aaf Compare May 23, 2026 11:52
@Agent-Hellboy @claude
fix(config): harden kubernetes workload defaults
8851939 
- Add default-deny NetworkPolicies for traefik, registry, and operator
  namespaces with scoped allow rules; remove broad HTTP/HTTPS egress from
  runtime namespace policies and add scoped sentinel + registry egress
- Fix PSS labels: registry and mcp-sentinel namespaces use baseline enforce
  to accommodate hostPath/root-init exceptions; mcp-runtime uses restricted
- Harden Traefik with non-root unprivileged ports (8000/8443), read-only
  rootfs, seccomp RuntimeDefault, forwardedHeaders.insecure=false, and probes
- Harden registry deployment with seccomp, readOnlyRootFilesystem, drop ALL,
  and /tmp emptyDir volume
- Add resource defaults and TCP probes to desiredDeployment; ensure
  same-namespace ingress is always allowed in platform NetworkPolicies
- Disable trustForwardHeader on registry and sentinel forwardAuth middlewares

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@Agent-Hellboy Agent-Hellboy force-pushed the config/k8s_hardening_scope branch from 0177aaf to 8851939 Compare May 23, 2026 12:23
@Agent-Hellboy Agent-Hellboy merged commit 85cd50a into main May 23, 2026
14 of 15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

+2 more reviewers

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Agent-Hellboy @github-advanced-security