This is an automated email from the ASF dual-hosted git repository.
shukitchan pushed a commit to branch master
in repository
https://gitbox.apache.org/repos/asf/trafficserver-ingress-controller.git
The following commit(s) were added to refs/heads/master by this push:
new a2f6527 Add SECURITY.md and AGENTS.md for security-model
discoverability (#364)
a2f6527 is described below
commit a2f6527b523e060a25fe514ba268f9cd88de40a6
Author: Jarek Potiuk <[email protected]>
AuthorDate: Thu May 21 05:55:08 2026 +0100
Add SECURITY.md and AGENTS.md for security-model discoverability (#364)
* Add SECURITY.md with umbrella reference + K8s-specific trust surfaces
* Add AGENTS.md bridging to SECURITY.md for security-model discoverability
---
AGENTS.md | 11 +++++++++++
SECURITY.md | 20 ++++++++++++++++++++
2 files changed, 31 insertions(+)
diff --git a/AGENTS.md b/AGENTS.md
new file mode 100644
index 0000000..8aeb46f
--- /dev/null
+++ b/AGENTS.md
@@ -0,0 +1,11 @@
+# AGENTS.md
+
+This file provides guidance to coding agents working with this repository.
+
+## Project Overview
+
+Apache Traffic Server Ingress Controller is a Kubernetes ingress controller
for Apache Traffic Server (ATS). It watches `Ingress` / `Service` / `Endpoints`
resources and translates them into ATS `remap.config` / `plugin.config`
configuration; an admission webhook validates Ingress resources before the API
server admits them.
+
+## Security model
+
+For security scans, vulnerability triage, security reviews, and any change
touching the admission webhook, ingress-to-`remap.config` translation, RBAC, or
how Kubernetes API objects cross the trust boundary, read
[`SECURITY.md`](./SECURITY.md) first. The repo-specific surfaces (admission
webhook, ingress routing) are documented there in addition to the umbrella
model at
[apache/trafficserver/SECURITY.md](https://github.com/apache/trafficserver/blob/master/SECURITY.md).
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..d3b0c1c
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,20 @@
+# Security Policy
+
+This is a project of the [Apache Software Foundation](https://apache.org/) and
follows the ASF [vulnerability handling
process](https://apache.org/security/#vulnerability-handling).
+
+We strongly encourage folks to report such problems to our private security
mailing list first, before disclosing them publicly.
+
+# Reporting a Vulnerability
+
+To report a new vulnerability you have discovered please follow the ASF
[vulnerability reporting
process](https://apache.org/security/#reporting-a-vulnerability).
+
+# Security Model
+
+The Apache Traffic Server PMC's umbrella security model lives at
[apache/trafficserver/SECURITY.md](https://github.com/apache/trafficserver/blob/master/SECURITY.md)
and is the canonical reference for the trust boundaries that apply to the C++
core (administrative users trusted, binaries / scripts / configuration trusted,
plugins in scope including `plugins/experimental/`).
+
+This repository (`apache/trafficserver-ingress-controller`) adds the
Kubernetes ingress integration on top of that core, with two additional trust
surfaces that the umbrella model does not cover directly:
+
+- **Kubernetes admission webhook.** The controller exposes a validating
admission webhook to the API server. Webhook requests originate from the
Kubernetes control plane and are authenticated by the API server's TLS
bearer-token bootstrap; webhook bodies (the proposed `Ingress`, `Service`,
`Endpoints`, and `ConfigMap` payloads) are treated as adversary-controlled
input on the wire — admission decisions and parsing of those payloads must not
crash, leak, or allow injection.
+- **Ingress routing.** Resolved `Ingress` resources are translated into
Traffic Server `remap.config` / `plugin.config` directives that route HTTP
traffic to upstream `Service`s. Cluster users with `Ingress` create/update
privileges can influence the routing table and therefore the proxy's outbound
destinations; the trust boundary is the RBAC scope on those resource kinds in
the namespace.
+
+Reports that fall under either of those surfaces — admission-webhook handling,
or ingress-to-`remap.config` translation — should be reported via the same ASF
reporting process above. The C++ core surface (proxy data plane, plugins,
configuration loading) remains governed by the umbrella model linked above.
