New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: runs msi-adapter as privileged on openshift #920
Conversation
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
Codecov Report
@@ Coverage Diff @@
## master #920 +/- ##
=======================================
Coverage 62.15% 62.15%
=======================================
Files 9 9
Lines 909 909
=======================================
Hits 565 565
Misses 311 311
Partials 33 33 |
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
/azp run pr-e2e-azure |
Azure Pipelines successfully started running 1 pipeline(s). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
Pending validation with openshift cluster
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@nilekhc could you open a separate PR to fix CVE-2022-28948
with gopkg.in/yaml.v3
? That way the PR gate is unblocked and also this PR won't be a scope creep
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
@aramase I was successfully able to test changes on ARO cluster. |
Signed-off-by: Nilekh Chaudhari 1626598+nilekhc@users.noreply.github.com
Reason for Change:
MSI-Adapter container needs to run as privileged when deploying Arc extension on openshift. Similar guidance we follow for provider pods as well.
Requirements
Issue Fixed:
fixes: #921
Does this change contain code from or inspired by another project?
If "Yes," did you notify that project's maintainers and provide attribution?
Special Notes for Reviewers: