Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update for k8s 1.30.1 #131

Merged
merged 23 commits into from
Jun 6, 2024
Merged

update for k8s 1.30.1 #131

merged 23 commits into from
Jun 6, 2024

Conversation

takara9
Copy link
Contributor

@takara9 takara9 commented May 17, 2024

No description provided.

@takara9 takara9 self-assigned this May 17, 2024
@takara9 takara9 requested a review from zoetrope May 17, 2024 08:54
@takara9 takara9 marked this pull request as draft May 17, 2024 08:54
@takara9 takara9 marked this pull request as ready for review May 20, 2024 01:06
zoetrope
zoetrope requested changes May 21, 2024
View reviewed changes
hooks/mutate_pod.go Outdated Show resolved Hide resolved
@zoetrope
Copy link
Member

Please make sure PSA complies with Pod Security Standard.
https://kubernetes.io/docs/concepts/security/pod-security-standards/

zoetrope
zoetrope requested changes Jun 4, 2024
View reviewed changes
hooks/mutate_pod.go Outdated Show resolved Hide resolved
@takara9 takara9 requested a review from zoetrope June 4, 2024 09:26
zoetrope
zoetrope requested changes Jun 5, 2024
View reviewed changes
hooks/validators/deny_unsafe_apparmor.go Outdated Show resolved Hide resolved
hooks/validators/deny_unsafe_apparmor.go Outdated Show resolved Hide resolved
hooks/validators/deny_unsafe_apparmor.go
errs = append(errs, field.Forbidden(p.Index(i), fmt.Sprintf("%v is not an allowed AppArmor profile", co.SecurityContext.AppArmorProfile.Type)))
}
}
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You should also check ephemeral containers.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reinforce a test case for ephemeral containers.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@takara9
Need to implement validation, not testing

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@zoetrope
I put error test case for ephemeral containers inseted of prvious test case.
and add the validation code.

hooks/validate_pod.go Outdated Show resolved Hide resolved
@zoetrope
Copy link
Member

zoetrope commented Jun 5, 2024

Please describe the supported Pod Security Standards versions in README.md.

@takara9
Copy link
Contributor Author

takara9 commented Jun 5, 2024
edited
Loading

Please describe the supported Pod Security Standards versions in README.md.

I replace existing link to v1.30 link, plus add v1.30 after "Pod Security Standard".

@takara9 takara9 requested a review from zoetrope June 5, 2024 08:10
zoetrope
zoetrope requested changes Jun 5, 2024
View reviewed changes
Copy link
Member

@zoetrope zoetrope left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please check this comment.
https://github.com/cybozu-go/pod-security-admission/pull/131/files#r1626842165

@takara9 takara9 requested a review from zoetrope June 6, 2024 01:00
zoetrope
zoetrope approved these changes Jun 6, 2024
View reviewed changes
Copy link
Member

@zoetrope zoetrope left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@takara9 takara9 merged commit a5783ff into main Jun 6, 2024
2 checks passed
@takara9 takara9 deleted the latest-k8s branch June 6, 2024 05:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zoetrope zoetrope zoetrope approved these changes

Assignees

@takara9 takara9

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@takara9 @zoetrope