-
Notifications
You must be signed in to change notification settings - Fork 149
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Revert "[release-1.8] Enable PSA FG on Kubevirt (#2093)" #2135
Revert "[release-1.8] Enable PSA FG on Kubevirt (#2093)" #2135
Conversation
This reverts commit 4731026. Signed-off-by: Simone Tiraboschi <stirabos@redhat.com>
/hold |
/override-bot |
hco-e2e-image-index-aws succeeded hco-e2e-image-index-sno-aws succeeded hco-e2e-upgrade-index-aws succeeded hco-e2e-upgrade-index-sno-aws |
@tiraboschi: Overrode contexts on behalf of tiraboschi: ci/prow/hco-e2e-image-index-azure In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
hco-e2e-image-index-sno-aws succeeded hco-e2e-upgrade-index-aws succeeded hco-e2e-upgrade-index-sno-aws |
@tiraboschi: Overrode contexts on behalf of tiraboschi: ci/prow/hco-e2e-image-index-sno-azure, ci/prow/hco-e2e-upgrade-index-azure, ci/prow/hco-e2e-upgrade-index-sno-azure In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/test hco-e2e-kv-smoke-gcp |
@tiraboschi: The specified target(s) for
Use
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/retest |
brutal workaround to bypass SCC -> PSA on OCP >= 4.12 remove ASAP!!! Signed-off-by: Simone Tiraboschi <stirabos@redhat.com>
5039d86
to
3ccdf83
Compare
Kudos, SonarCloud Quality Gate passed! |
@tiraboschi: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
hco-e2e-image-index-aws succeeded: hco-e2e-image-index-sno-aws succeeded: hco-e2e-kv-smoke-gcp succeeded: hco-e2e-upgrade-index-aws succeeded: hco-e2e-upgrade-index-sno-aws succeeded: |
@tiraboschi: Overrode contexts on behalf of tiraboschi: ci/prow/hco-e2e-image-index-azure, ci/prow/hco-e2e-image-index-gcp, ci/prow/hco-e2e-image-index-sno-azure, ci/prow/hco-e2e-kv-smoke-azure, ci/prow/hco-e2e-upgrade-index-azure, ci/prow/hco-e2e-upgrade-index-sno-azure In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Avoid opting out from OCP/OKD podSecurityLabelSync This was done there because the virt-controller auto labelling mechanism is overlapping and fighting with the Openshift Pod Security Admission Autolabeling. So we were setting that at test suite level assuming that the Kubevirt PSA FG was always on when deploying on Openshift. Now we revisited that decision and so HCO is not going to enable the PSA FG on Kubevirt, see: kubevirt/hyperconverged-cluster-operator#2136 kubevirt/hyperconverged-cluster-operator#2135 kubevirt/hyperconverged-cluster-operator#2134 kubevirt/hyperconverged-cluster-operator#2133 but at this point, if PSA is enabled on the cluster, on Openshift we should rely on its default Pod Security Admission Autolabeling, and so always blindly setting "security.openshift.io/scc.podSecurityLabelSync": "false" at testsuite level appears as a bad idea. Set also pod-security.kubernetes.io/warn=privileged on the namespaces where we set pod-security.kubernetes.io/enforce=privileged to get rid of warnings from those namespaces. Signed-off-by: Simone Tiraboschi <stirabos@redhat.com>
/unhold |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/approve
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: orenc1 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
This reverts commit 4731026.
Signed-off-by: Simone Tiraboschi stirabos@redhat.com
Reviewer Checklist
Release note: