🤖 Generated by the Daily AI Assistant
Part of #1932 — found while implementing Phase A (#2486/#2488); blocks Phase B (the swap), feeds the pilot's parity check (#2487).
Problem
The live ascoachingogvaner skeleton's Flux Kustomization (k8s/bases/apps/ascoachingogvaner/flux-kustomization.yaml) carries a spec.patches block hardening the app Deployment to readOnlyRootFilesystem: true with writable emptyDirs (Kubescape C-0017, landed via #2455). The Tenant RGD's Kustomization templates have no patches field and the Tenant schema has no way to express it — so the skeleton→CR swap would silently drop the hardening and regress the C-0017 posture.
Proposed direction (decide one before Phase B)
- Move the hardening into the tenant's own artifact (ascoachingogvaner repo deploy/ manifests set the securityContext + volumes directly) — keeps the RGD lean; platform-side patch was chosen originally because the OCI artifact is env-agnostic, but a universal security control arguably belongs in the app spec itself.
- Add an optional
kustomizationPatches passthrough to the Tenant schema — preserves platform-side control; grows the RGD API surface (KRO schema supports string/structural passthrough awkwardly — needs a spike).
Rough size: S–M once decided (either a tenant-repo PR + skeleton cleanup, or an RGD schema increment + pilot re-validation).
Part of #1932 — found while implementing Phase A (#2486/#2488); blocks Phase B (the swap), feeds the pilot's parity check (#2487).
Problem
The live ascoachingogvaner skeleton's Flux Kustomization (
k8s/bases/apps/ascoachingogvaner/flux-kustomization.yaml) carries aspec.patchesblock hardening the app Deployment toreadOnlyRootFilesystem: truewith writable emptyDirs (Kubescape C-0017, landed via #2455). The Tenant RGD's Kustomization templates have nopatchesfield and theTenantschema has no way to express it — so the skeleton→CR swap would silently drop the hardening and regress the C-0017 posture.Proposed direction (decide one before Phase B)
kustomizationPatchespassthrough to the Tenant schema — preserves platform-side control; grows the RGD API surface (KRO schema supports string/structural passthrough awkwardly — needs a spike).Rough size: S–M once decided (either a tenant-repo PR + skeleton cleanup, or an RGD schema increment + pilot re-validation).