fix: tighten securityContext to comply with restricted PSS #600
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
makes argocd-image-updater compatible with restricted Pod Security Standard Signed-off-by: Takeo Sawada <myc.monad@gmail.com>
tsawada
force-pushed
the
pod-security-standard
branch
from
58ed91e
to
a9ba028
Compare
|
We've been running 0.12.2 with this securityContext for a few weeks and things seem to be okay. All other components in ArgoCD have the same securityContext since argoproj/argo-cd#9765 , and I think it is preferable for argocd-image-updater to align with them. @jannfis please let me know if I can do anything to help this getting merged. Thanks in advance! |
jwhy89
pushed a commit
to jwhy89/argocd-image-updater
that referenced
this pull request
Aug 17, 2023
…labs#600) makes argocd-image-updater compatible with restricted Pod Security Standard Signed-off-by: Takeo Sawada <myc.monad@gmail.com> Signed-off-by: Jarvis Yang <jarvis.yang@recurohealth.com>
jessebye
pushed a commit
to jessebye/argocd-image-updater
that referenced
this pull request
Sep 1, 2023
…labs#600) makes argocd-image-updater compatible with restricted Pod Security Standard Signed-off-by: Takeo Sawada <myc.monad@gmail.com> Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com>
jessebye
pushed a commit
to jessebye/argocd-image-updater
that referenced
this pull request
Sep 1, 2023
Signed-off-by: satoru <satorulogic@gmail.com> Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> docs: Fixed typo (argoproj-labs#589) Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> chore: Preallocate space for slices with known size (argoproj-labs#575) Signed-off-by: satoru <satorulogic@gmail.com> Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> ci: Fix codegen and update kustomize to post-2.0 (argoproj-labs#590) * ci: Fix codegen Signed-off-by: jannfis <jann@mistrust.net> * Fix tar call Signed-off-by: jannfis <jann@mistrust.net> --------- Signed-off-by: jannfis <jann@mistrust.net> Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> feat: Respect original parameter overrides with git write-back (argoproj-labs#573) * Fix original override not respected Signed-off-by: KS. Yim <ks.yim@linecorp.com> * Add writeOverrides unittest Signed-off-by: KS. Yim <ks.yim@linecorp.com> * Add helm override commit test Signed-off-by: KS. Yim <ks.yim@linecorp.com> * lint Signed-off-by: KS. Yim <ks.yim@linecorp.com> * fix shadowed err Signed-off-by: KS. Yim <ks.yim@linecorp.com> --------- Signed-off-by: KS. Yim <ks.yim@linecorp.com> Co-authored-by: KS. Yim <ks.yim@linecorp.com> Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> chore: Update to newer argocd version for better API compatibility (argoproj-labs#594) * fix: update go mods to use newer argocd app definition Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> * fix deps and tests Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> * fix spelling Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> --------- Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> chore(deps): upgrade dependencies for fix vulnerabilities (argoproj-labs#599) Signed-off-by: Viacheslav Sychov <viacheslav.sychov@gmail.com> Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> fix: tighten securityContext to comply with restricted PSS (argoproj-labs#600) makes argocd-image-updater compatible with restricted Pod Security Standard Signed-off-by: Takeo Sawada <myc.monad@gmail.com> Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> feat: Add possibility to specify write-back GIT repository as annotation (argoproj-labs#424) * Add possibility to specify write-back GIT repository as annotation. Signed-off-by: flozzone <flozzone@gmail.com> * Update golangci-lint to 1.52.2. Signed-off-by: flozzone <flozzone@gmail.com> * Replace deprecated golangci linters with 'unused' linter. Signed-off-by: flozzone <flozzone@gmail.com> * Fix Goimport issues. Signed-off-by: flozzone <flozzone@gmail.com> --------- Signed-off-by: flozzone <flozzone@gmail.com> Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> fix: support ocischema.DeserializedImageIndex in registry client Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> fix test Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> fix: update go mods to use newer argocd app definition Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> fix deps and tests Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> merge master Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> fix go mods Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> refactor: use shared function to reduce duplication Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> fix: update go mods to use newer argocd app definition Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> fix deps and tests Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> merge master Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> fix go mods Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> Fix after rebase Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> chore: Fix spell checking config (argoproj-labs#577) Signed-off-by: satoru <satorulogic@gmail.com> docs: Fixed typo (argoproj-labs#589) chore: Preallocate space for slices with known size (argoproj-labs#575) Signed-off-by: satoru <satorulogic@gmail.com> ci: Fix codegen and update kustomize to post-2.0 (argoproj-labs#590) * ci: Fix codegen Signed-off-by: jannfis <jann@mistrust.net> * Fix tar call Signed-off-by: jannfis <jann@mistrust.net> --------- Signed-off-by: jannfis <jann@mistrust.net> feat: Respect original parameter overrides with git write-back (argoproj-labs#573) * Fix original override not respected Signed-off-by: KS. Yim <ks.yim@linecorp.com> * Add writeOverrides unittest Signed-off-by: KS. Yim <ks.yim@linecorp.com> * Add helm override commit test Signed-off-by: KS. Yim <ks.yim@linecorp.com> * lint Signed-off-by: KS. Yim <ks.yim@linecorp.com> * fix shadowed err Signed-off-by: KS. Yim <ks.yim@linecorp.com> --------- Signed-off-by: KS. Yim <ks.yim@linecorp.com> Co-authored-by: KS. Yim <ks.yim@linecorp.com> chore: Update to newer argocd version for better API compatibility (argoproj-labs#594) * fix: update go mods to use newer argocd app definition Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> * fix deps and tests Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> * fix spelling Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> --------- Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> chore(deps): upgrade dependencies for fix vulnerabilities (argoproj-labs#599) Signed-off-by: Viacheslav Sychov <viacheslav.sychov@gmail.com> fix: tighten securityContext to comply with restricted PSS (argoproj-labs#600) makes argocd-image-updater compatible with restricted Pod Security Standard Signed-off-by: Takeo Sawada <myc.monad@gmail.com>
xescab
pushed a commit
to xescab/argocd-image-updater
that referenced
this pull request
Sep 8, 2023
…labs#600) makes argocd-image-updater compatible with restricted Pod Security Standard Signed-off-by: Takeo Sawada <myc.monad@gmail.com> Signed-off-by: Francesc Arbona <francesc.arbona@global.ntt>
dlactin
pushed a commit
to dlactin/argocd-image-updater
that referenced
this pull request
May 9, 2024
…labs#600) makes argocd-image-updater compatible with restricted Pod Security Standard Signed-off-by: Takeo Sawada <myc.monad@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
makes argocd-image-updater compatible with restricted Pod Security Standard