Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛Fix PodSecurity Warnings #250

Merged
merged 1 commit into from
Aug 17, 2023
Merged

🐛Fix PodSecurity Warnings #250

merged 1 commit into from
Aug 17, 2023

Conversation

zhiweiyin318
Copy link
Member

Summary

Related issue(s)

Fixes #
fix the securityContext warning when apply deployments.

Warning: would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "klusterlet" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "klusterlet" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "klusterlet" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "klusterlet" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")

@zhiweiyin318
Fix PodSecurity Warnings
f1435e3 
Signed-off-by: Zhiwei Yin <zyin@redhat.com>
@openshift-ci openshift-ci bot requested review from deads2k and jnpacker August 15, 2023 14:19
@codecov
Copy link

codecov bot commented Aug 15, 2023

Codecov Report

Patch and project coverage have no change.

Comparison is base (fb6ce75) 60.44% compared to head (f1435e3) 60.44%.
Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #250   +/-   ##
=======================================
  Coverage   60.44%   60.44%           
=======================================
  Files         132      132           
  Lines       13669    13669           
=======================================
  Hits         8262     8262           
+ Misses       4651     4650    -1     
- Partials      756      757    +1
Flag Coverage Δ
unit 60.44% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

see 1 file with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

zhujian7
zhujian7 reviewed Aug 15, 2023
View reviewed changes
Makefile
operatorsdk_gen_dir:=$(dir $(OPERATOR_SDK))
# CSV_VERSION is used to generate new CSV manifests
CSV_VERSION?=0.12.0

OPERATOR_SDK_ARCHOS:=x86_64-linux-gnu
OPERATOR_SDK_ARCHOS:=linux_amd64
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why change this?

Copy link
Member Author

@zhiweiyin318 zhiweiyin318 Aug 15, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

upgrade operate-sdk to v1.28.0, the binary name is changed to this.

@zhiweiyin318
Copy link
Member Author

/assign @qiujian16

@zhiweiyin318
Copy link
Member Author

/hold

@zhiweiyin318
Copy link
Member Author

/unhold

@qiujian16
Copy link
Member

/approve

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Aug 17, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: qiujian16, zhiweiyin318

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@zhiweiyin318
Copy link
Member Author

/hold

@zhiweiyin318
Copy link
Member Author

/unhold

@elgnay
Copy link
Contributor

elgnay commented Aug 17, 2023

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Aug 17, 2023
@openshift-merge-robot openshift-merge-robot merged commit ecc541d into open-cluster-management-io:main Aug 17, 2023
@zhiweiyin318 zhiweiyin318 deleted the fix-scc branch August 17, 2023 08:38
zhiweiyin318 added a commit to zhiweiyin318/ocm that referenced this pull request Aug 21, 2023
@zhiweiyin318
Revert "Fix PodSecurity Warnings (open-cluster-management-io#250)"
1727ebc 
This reverts commit ecc541d.
zhiweiyin318 added a commit to zhiweiyin318/ocm that referenced this pull request Aug 21, 2023
@zhiweiyin318
Revert "Fix PodSecurity Warnings (open-cluster-management-io#250)"
d4ec48c 
This reverts commit ecc541d.

Signed-off-by: Zhiwei Yin <zyin@redhat.com>
openshift-merge-robot pushed a commit that referenced this pull request Aug 21, 2023
@zhiweiyin318
Revert "Fix PodSecurity Warnings (#250)" (#252)
4227c8f 
This reverts commit ecc541d.

Signed-off-by: Zhiwei Yin <zyin@redhat.com>
@zhiweiyin318 zhiweiyin318 mentioned this pull request Sep 29, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zhujian7 zhujian7 zhujian7 left review comments

@deads2k deads2k Awaiting requested review from deads2k

@jnpacker jnpacker Awaiting requested review from jnpacker

Assignees

@qiujian16 qiujian16

@elgnay elgnay

Labels
approved lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@zhiweiyin318 @qiujian16 @elgnay @zhujian7 @openshift-merge-robot