-
Notifications
You must be signed in to change notification settings - Fork 9
Issues
is:issue state:open
is:issue state:open
Issue creation is restricted in this repository
Search results
Admission policy to constrain cluster workloads (privileged pods, hostPath, host namespaces, cluster RBAC)
area: security 🔒Security findings and hardeningSecurity findings and hardeningpriority: medium ⚡Medium priority - standard queueMedium priority - standard queuetype: enhancement 💅🏼New feature or requestNew feature or requestStatus: Open.#480 In nebari-dev/nebari-infrastructure-core;Ship Renovate as a foundational ArgoCD app to keep per-cluster GitOps repos current
needs: triage 🚦Someone needs to have a look at this issue and triageSomeone needs to have a look at this issue and triagetype: enhancement 💅🏼New feature or requestNew feature or requestStatus: Open.#478 In nebari-dev/nebari-infrastructure-core;- Status: Open.#477 In nebari-dev/nebari-infrastructure-core;
docs(adr-0006): clarify scope excludes conditionally-rendered GitOps manifests
architecture 🏛Architectural design concerns (patterns, boundaries, layering)Architectural design concerns (patterns, boundaries, layering)area: documentation 📖Improvements or additions to documentationImprovements or additions to documentationStatus: Open.#475 In nebari-dev/nebari-infrastructure-core;Add deployment tests
enhancementNew feature or requestNew feature or requestStatus: Open.#474 In nebari-dev/nebari-infrastructure-core;Epic: v0.9.0 security audit remediation
area: security 🔒Security findings and hardeningSecurity findings and hardeningepic 🧩Tracking issue grouping related workTracking issue grouping related workpriority: high 🔥High priority - address soonHigh priority - address soonStatus: Open.#472 In nebari-dev/nebari-infrastructure-core;Some Kubernetes reconciliation paths treat any GET error as not-found
area: security 🔒Security findings and hardeningSecurity findings and hardeningpriority: low 🌱Low priority - nice to haveLow priority - nice to havetype: bug 🐛Something isn't workingSomething isn't workingStatus: Open.#471 In nebari-dev/nebari-infrastructure-core;.env is implicitly loaded from the current working directory at startup
area: security 🔒Security findings and hardeningSecurity findings and hardeningpriority: low 🌱Low priority - nice to haveLow priority - nice to havetype: bug 🐛Something isn't workingSomething isn't workingStatus: Open.#470 In nebari-dev/nebari-infrastructure-core;Trust-bundle validation uses string markers, not X.509 parsing
area: security 🔒Security findings and hardeningSecurity findings and hardeningpriority: low 🌱Low priority - nice to haveLow priority - nice to havetype: bug 🐛Something isn't workingSomething isn't workingStatus: Open.#469 In nebari-dev/nebari-infrastructure-core;Third-party deployment inputs are version-pinned but mutable, not digest-immutable
area: security 🔒Security findings and hardeningSecurity findings and hardeningpriority: medium ⚡Medium priority - standard queueMedium priority - standard queuetype: bug 🐛Something isn't workingSomething isn't workingStatus: Open.#468 In nebari-dev/nebari-infrastructure-core;GCP provider is registered and documented but is a stub that returns success without provisioning
area: security 🔒Security findings and hardeningSecurity findings and hardeningpriority: medium ⚡Medium priority - standard queueMedium priority - standard queuetype: bug 🐛Something isn't workingSomething isn't workingStatus: Open.#467 In nebari-dev/nebari-infrastructure-core;OTel collector accepts unauthenticated plaintext OTLP and holds nodes/proxy; CLI exporter is insecure
area: security 🔒Security findings and hardeningSecurity findings and hardeningpriority: medium ⚡Medium priority - standard queueMedium priority - standard queuetype: bug 🐛Something isn't workingSomething isn't workingStatus: Open.#466 In nebari-dev/nebari-infrastructure-core;