Skip to content

Enhance Cryostat to support strict Kubernetes security contexts #1080

New issue
New issue
Open
Open
Enhance Cryostat to support strict Kubernetes security contexts#1080
Labels
featNew feature or requestneeds-triageNeeds thorough attention from code reviewers
@Prasunamadasu

Description

@Prasunamadasu
Prasunamadasu
opened on Mar 18, 2025

Describe the feature

We are using cryostat-v3.0, and it currently faces compatibility issues with strict Kubernetes security policies, specifically:

  1. readOnlyRootFilesystem: true
  2. Custom runAsGroup values

This makes it difficult to use Cryostat in environments that require strong security measures.

Feature Requests:

1. Support readOnlyRootFilesystem: true

  • Identify all writable paths required by Cryostat components.
  • Provide configuration options to mount these paths as writable volumes.

2. Enable Compatibility with Custom runAsGroup Values

  • Ensure all Cryostat processes can run with non-default group IDs.
  • Document any specific group ID requirements, if necessary.

Use Case

This feature will allow Cryostat to be deployed in high-security Kubernetes environments that enforce strict security contexts.

Anything other information?

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    featNew feature or requestneeds-triageNeeds thorough attention from code reviewers

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions