kuberay: Security¶

Secrets¶

Kubernetes secrets referenced by this component. Only names and types are shown, not values.

Name	Type	Referenced By
webhook-server-cert	Opaque	deployment/kuberay-operator

SecurityContext settings on pod and container specs. These control privilege escalation, filesystem access, and user identity.

Deployment	Container	RunAsNonRoot	ReadOnlyFS	Privileged	Source
kuberay-operator	kuberay-operator	?	?	?	`ray-operator/config/default-with-webhooks/manager_webhook_patch.yaml`
kuberay-operator	kuberay-operator	?	?	?	`ray-operator/config/manager/manager.yaml`

Dockerfile patterns and base image analysis. Covers supply chain security: base images, build stages, runtime user, FIPS compliance.

Path	Base Image	Stages	User	Architectures	Issues
`apiserver/Dockerfile`	scratch	2	65532:65532		Unpinned base image: scratch
`benchmark/perf-tests/images/ray-pytorch/Dockerfile`	rayproject/ray:2.46.0	1			No USER directive found (defaults to root)
`dashboard/Dockerfile`	base	4	nextjs		Unpinned base image: base; Unpinned base image: base; Unpinned base image: base
`experimental/Dockerfile`	scratch	2			Unpinned base image: scratch; No USER directive found (defaults to root)
`proto/Dockerfile`	golang:1.24.0-bullseye	1	65532:65532
`ray-operator/Dockerfile`	gcr.io/distroless/base-debian12:nonroot	2	65532:65532
`ray-operator/Dockerfile.buildx`	gcr.io/distroless/base-debian12:nonroot	1	65532:65532	multi-arch
`ray-operator/Dockerfile.konflux`	registry.access.redhat.com/ubi9/ubi-minimal@sha256:7d4e47500f28ac3a2bff06c25eff9127ff21048538ae03ce240d57cf756acd00	2	65532:65532	multi-arch
`ray-operator/Dockerfile.rhoai`	registry.access.redhat.com/ubi9/ubi:latest	2	65532:65532		Unpinned base image: registry.access.redhat.com/ubi9/ubi:latest
`ray-operator/images/tests/Dockerfile`	golang:1.24	1			No USER directive found (defaults to root)