Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: [NPM] Updated NPM to Not Share Host's UTS Namespace + Image/Configmap Alignment with Prod #2589

Merged
merged 19 commits into from Feb 16, 2024
Merged

chore: [NPM] Updated NPM to Not Share Host's UTS Namespace + Image/Configmap Alignment with Prod #2589

merged 19 commits into from Feb 16, 2024

Conversation

rayaisaiah
Copy link
Contributor

@rayaisaiah rayaisaiah commented Feb 14, 2024
edited by rbtr

Reason for Change:

Addresses NPM Linux vulnerabilities from security scan by customer.

Issue Fixed:

  • Do not share the host's UTS namespace
    • set pod.spec.hostUsers=false
  • The npm/azure-npm.yaml to have the prod image (v1.4.45.3) and config map seen in a managed npm cluster.
  • Kind version, k8s version, and images to the latest versions to resolve unknown field validation error with cyclonus tests with new pod spec "hostUsers"

Requirements:

@rayaisaiah rayaisaiah added npm Related to NPM. linux labels Feb 14, 2024
@rayaisaiah rayaisaiah requested a review from a team as a code owner February 14, 2024 18:10
@rayaisaiah rayaisaiah changed the title chore: [NPM] Experiment with File System chore: [NPM] Updated NPM to Not Share Host's UTS Namespace + Image/Configmap Alignment with Prod Feb 14, 2024
huntergregory
huntergregory reviewed Feb 14, 2024
View reviewed changes
npm/azure-npm.yaml Outdated Show resolved Hide resolved
huntergregory
huntergregory previously approved these changes Feb 14, 2024
View reviewed changes
@rayaisaiah rayaisaiah requested a review from a team as a code owner February 15, 2024 00:06
@rayaisaiah rayaisaiah requested a review from a team as a code owner February 15, 2024 00:29
matmerr
matmerr approved these changes Feb 15, 2024
View reviewed changes
Copy link
Member

@matmerr matmerr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pretty wild that we're still running kind k8s v1.19, thanks for bumping that 🚀

@rayaisaiah rayaisaiah added this pull request to the merge queue Feb 15, 2024
Merged via the queue into master with commit 8d68e75 Feb 16, 2024
25 of 33 checks passed
@rayaisaiah rayaisaiah deleted the fixNPMVulnerabilites branch February 16, 2024 01:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matmerr matmerr matmerr approved these changes

@vakalapa vakalapa vakalapa approved these changes

@huntergregory huntergregory huntergregory approved these changes

Assignees
No one assigned
Labels
linux npm Related to NPM.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@rayaisaiah @matmerr @vakalapa @huntergregory