Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SYS.1.6.A14 #14

Closed
sluetze opened this issue Nov 7, 2023 · 2 comments
Closed

SYS.1.6.A14 #14

sluetze opened this issue Nov 7, 2023 · 2 comments
Assignees
@lichtblaugue
Labels
not-checkable Requirement can not be checked with Compliance Operator org-only This Requirement of BSI is ONLY an organizational Requirement

Comments

@sluetze
Copy link

sluetze commented Nov 7, 2023

No description provided.

@sluetze
Copy link
Author

sluetze commented Jul 17, 2024

When creating the concept for patch and change management in accordance with OPS.1.1.3 Patch and change management, it SHOULD be decided when and how the updates to the images or the software or service operated will be rolled out.

This requirement must be solved organizationally.

Note: Best practices use multiple environments (either separate clusters or multiple namespaces on a cluster) to support this process and enable automated testing (e.g. via OpenShift Pipelines or Jenkins ).

For persistent containers, it SHOULD be checked whether, in exceptional cases, an update of the respective container is more suitable than completely re-provisioning the container.

Note: “Persistent” containers contradict the cloud native principle and do not represent “good practice”. There is also a contradiction with APP.4.4.A21 “Regular restart of pods”. Accordingly, OpenShift does not support updates at the container level. Changes to the container image always result in the pod stopping and a new pod being restarted. With the recommended use of GitOps, this is a reprovisioning of the changed elements and also documents the status of the application at a given point in time. Due to the high level of automation, this usually does not represent any increased effort.

@sluetze sluetze added org-only This Requirement of BSI is ONLY an organizational Requirement not-checkable Requirement can not be checked with Compliance Operator labels Jul 31, 2024
@lichtblaugue lichtblaugue self-assigned this Sep 6, 2024
@sluetze
Copy link
Author

sluetze commented Dec 2, 2024

ComplianceAsCode#12441 merged upstream

@sluetze sluetze closed this as completed Dec 2, 2024
@github-project-automation github-project-automation bot moved this from Upstream PR to Done in sig-bsi-grundschutz tracking Dec 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lichtblaugue lichtblaugue

Labels
not-checkable Requirement can not be checked with Compliance Operator org-only This Requirement of BSI is ONLY an organizational Requirement
Projects
sig-bsi-grundschutz tracking
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sluetze @lichtblaugue