Skip to content

Commit

Permalink
Merge branch 'master' into feature-slicegw-lb
Browse files Browse the repository at this point in the history
Signed-off-by: Md Imran <[email protected]>
  • Loading branch information
narmidm committed Oct 10, 2023
2 parents d10473d + 602b5cf commit eefed4c
Show file tree
Hide file tree
Showing 3 changed files with 91 additions and 1 deletion.
37 changes: 37 additions & 0 deletions .github/workflows/trivy.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
name: trivy
on:
push:
branches: [ "master" ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ "master" ]
schedule:
- cron: '29 19 * * 6'
permissions:
contents: read

jobs:
build:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
name: Build
runs-on: ubuntu-20.04
steps:
- name: Checkout code
uses: actions/checkout@v3

- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@master
with:
scan-type: 'repo'
ignore-unfixed: true
format: 'sarif'
output: 'trivy-results.sarif'
severity: 'CRITICAL'

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'
51 changes: 51 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
# Security Policy

Thank you for your interest in the security of the KubeSlice Worker Operator project. We take security seriously, and we appreciate your assistance in identifying and disclosing security vulnerabilities responsibly.

## Reporting a Security Vulnerability

If you discover a security vulnerability in the KubeSlice Worker Operator project, please follow these steps to report it:

1. **Privately** disclose the vulnerability to the project maintainers. You have two options:
- Email us at [[email protected]](mailto:[email protected]).
- Create a new security advisory on the [Security Advisories](https://github.com/kubeslice/worker-operator/security/advisories) page.

2. Provide a detailed description of the vulnerability, including information about the affected versions of the project.

3. We will acknowledge your report within 48 hours, and we will work with you to verify and address the issue promptly.

4. Once the vulnerability is confirmed and mitigated, we will work on releasing a fix. We will credit you for your responsible disclosure if you desire.

## Security Advisories

To view the latest security advisories for the KubeSlice Worker Operator project, please visit the [Security Advisories](https://github.com/kubeslice/worker-operator/security/advisories) page.

## Supported Versions

The KubeSlice Worker Operator project is actively maintained, and we typically provide security updates for the latest release and the previous release. Users are encouraged to keep their installations up to date with the latest releases to ensure they are protected against known vulnerabilities.

## Security Best Practices

While we strive to maintain a secure codebase, users and contributors can help by following these security best practices:

- **Regularly Update**: Keep your KubeSlice Worker Operator installation and its dependencies up to date to benefit from the latest security fixes.

- **Implement Access Controls**: Limit access to the operator and its resources only to authorized personnel and entities. Employ Kubernetes RBAC (Role-Based Access Control) and other access control mechanisms.

- **Scan for Vulnerabilities**: Use security scanning tools to regularly scan your Kubernetes clusters and the operator for potential vulnerabilities.

- **Audit Logs**: Enable and regularly review logs for the operator and your Kubernetes environment to identify any suspicious activities.

- **Third-party Dependencies**: Be cautious when using third-party libraries or tools in your deployment and keep them updated as well.

- **Educate Team Members**: Ensure that your team is educated about security best practices and follows them when working with KubeSlice Worker Operator.

## Attribution

We would like to thank the security researchers and contributors who have helped improve the security of the KubeSlice Worker Operator project by responsibly disclosing security vulnerabilities.

## Contact Us

If you have any questions or concerns regarding this security policy or the security of the KubeSlice Worker Operator project, please contact us at [[email protected]](mailto:[email protected]).

This security policy is subject to change as the project evolves. Please check back regularly for updates and revisions.
4 changes: 3 additions & 1 deletion pkg/hub/controllers/cluster/reconciler.go
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,8 @@ const (
GCP string = "gcp"
AWS string = "aws"
AZURE string = "azure"
LINODE string = "linode"
AKAMAI string = "akamai"
MAX_CLUSTER_DEREGISTRATION_ATTEMPTS = 3
)

Expand Down Expand Up @@ -311,7 +313,7 @@ func (r *Reconciler) updateClusterCloudProviderInfo(ctx context.Context, cr *hub
}
cloudProvider := clusterInfo.ClusterProperty.GeoLocation.CloudProvider
cloudRegion := clusterInfo.ClusterProperty.GeoLocation.CloudRegion
if cloudProvider == GCP || cloudProvider == AWS || cloudProvider == AZURE {
if cloudProvider == GCP || cloudProvider == AWS || cloudProvider == AZURE || cloudProvider == LINODE || cloudProvider == AKAMAI {
// compare the current cloud region and provider with values stored in cluster spec, if not same then update
if cloudRegion != cr.Spec.ClusterProperty.GeoLocation.CloudRegion || cloudProvider != cr.Spec.ClusterProperty.GeoLocation.CloudProvider {
log.Info("updating Cluster's cloud info", "cloudProvider", cloudProvider, "cloudRegion", cloudRegion)
Expand Down

0 comments on commit eefed4c

Please sign in to comment.