-
Notifications
You must be signed in to change notification settings - Fork 228
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: tighten securityContext to comply with restricted PSS #600
Conversation
makes argocd-image-updater compatible with restricted Pod Security Standard Signed-off-by: Takeo Sawada <myc.monad@gmail.com>
58ed91e
to
a9ba028
Compare
We've been running 0.12.2 with this securityContext for a few weeks and things seem to be okay. All other components in ArgoCD have the same securityContext since argoproj/argo-cd#9765 , and I think it is preferable for argocd-image-updater to align with them. @jannfis please let me know if I can do anything to help this getting merged. Thanks in advance! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Thanks a lot!
…labs#600) makes argocd-image-updater compatible with restricted Pod Security Standard Signed-off-by: Takeo Sawada <myc.monad@gmail.com> Signed-off-by: Jarvis Yang <jarvis.yang@recurohealth.com>
…labs#600) makes argocd-image-updater compatible with restricted Pod Security Standard Signed-off-by: Takeo Sawada <myc.monad@gmail.com> Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com>
Signed-off-by: satoru <satorulogic@gmail.com> Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> docs: Fixed typo (argoproj-labs#589) Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> chore: Preallocate space for slices with known size (argoproj-labs#575) Signed-off-by: satoru <satorulogic@gmail.com> Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> ci: Fix codegen and update kustomize to post-2.0 (argoproj-labs#590) * ci: Fix codegen Signed-off-by: jannfis <jann@mistrust.net> * Fix tar call Signed-off-by: jannfis <jann@mistrust.net> --------- Signed-off-by: jannfis <jann@mistrust.net> Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> feat: Respect original parameter overrides with git write-back (argoproj-labs#573) * Fix original override not respected Signed-off-by: KS. Yim <ks.yim@linecorp.com> * Add writeOverrides unittest Signed-off-by: KS. Yim <ks.yim@linecorp.com> * Add helm override commit test Signed-off-by: KS. Yim <ks.yim@linecorp.com> * lint Signed-off-by: KS. Yim <ks.yim@linecorp.com> * fix shadowed err Signed-off-by: KS. Yim <ks.yim@linecorp.com> --------- Signed-off-by: KS. Yim <ks.yim@linecorp.com> Co-authored-by: KS. Yim <ks.yim@linecorp.com> Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> chore: Update to newer argocd version for better API compatibility (argoproj-labs#594) * fix: update go mods to use newer argocd app definition Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> * fix deps and tests Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> * fix spelling Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> --------- Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> chore(deps): upgrade dependencies for fix vulnerabilities (argoproj-labs#599) Signed-off-by: Viacheslav Sychov <viacheslav.sychov@gmail.com> Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> fix: tighten securityContext to comply with restricted PSS (argoproj-labs#600) makes argocd-image-updater compatible with restricted Pod Security Standard Signed-off-by: Takeo Sawada <myc.monad@gmail.com> Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> feat: Add possibility to specify write-back GIT repository as annotation (argoproj-labs#424) * Add possibility to specify write-back GIT repository as annotation. Signed-off-by: flozzone <flozzone@gmail.com> * Update golangci-lint to 1.52.2. Signed-off-by: flozzone <flozzone@gmail.com> * Replace deprecated golangci linters with 'unused' linter. Signed-off-by: flozzone <flozzone@gmail.com> * Fix Goimport issues. Signed-off-by: flozzone <flozzone@gmail.com> --------- Signed-off-by: flozzone <flozzone@gmail.com> Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> fix: support ocischema.DeserializedImageIndex in registry client Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> fix test Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> fix: update go mods to use newer argocd app definition Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> fix deps and tests Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> merge master Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> fix go mods Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> refactor: use shared function to reduce duplication Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> fix: update go mods to use newer argocd app definition Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> fix deps and tests Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> merge master Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> fix go mods Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> Fix after rebase Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> chore: Fix spell checking config (argoproj-labs#577) Signed-off-by: satoru <satorulogic@gmail.com> docs: Fixed typo (argoproj-labs#589) chore: Preallocate space for slices with known size (argoproj-labs#575) Signed-off-by: satoru <satorulogic@gmail.com> ci: Fix codegen and update kustomize to post-2.0 (argoproj-labs#590) * ci: Fix codegen Signed-off-by: jannfis <jann@mistrust.net> * Fix tar call Signed-off-by: jannfis <jann@mistrust.net> --------- Signed-off-by: jannfis <jann@mistrust.net> feat: Respect original parameter overrides with git write-back (argoproj-labs#573) * Fix original override not respected Signed-off-by: KS. Yim <ks.yim@linecorp.com> * Add writeOverrides unittest Signed-off-by: KS. Yim <ks.yim@linecorp.com> * Add helm override commit test Signed-off-by: KS. Yim <ks.yim@linecorp.com> * lint Signed-off-by: KS. Yim <ks.yim@linecorp.com> * fix shadowed err Signed-off-by: KS. Yim <ks.yim@linecorp.com> --------- Signed-off-by: KS. Yim <ks.yim@linecorp.com> Co-authored-by: KS. Yim <ks.yim@linecorp.com> chore: Update to newer argocd version for better API compatibility (argoproj-labs#594) * fix: update go mods to use newer argocd app definition Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> * fix deps and tests Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> * fix spelling Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> --------- Signed-off-by: Jesse Bye <8467862+jessebye@users.noreply.github.com> chore(deps): upgrade dependencies for fix vulnerabilities (argoproj-labs#599) Signed-off-by: Viacheslav Sychov <viacheslav.sychov@gmail.com> fix: tighten securityContext to comply with restricted PSS (argoproj-labs#600) makes argocd-image-updater compatible with restricted Pod Security Standard Signed-off-by: Takeo Sawada <myc.monad@gmail.com>
…labs#600) makes argocd-image-updater compatible with restricted Pod Security Standard Signed-off-by: Takeo Sawada <myc.monad@gmail.com> Signed-off-by: Francesc Arbona <francesc.arbona@global.ntt>
…labs#600) makes argocd-image-updater compatible with restricted Pod Security Standard Signed-off-by: Takeo Sawada <myc.monad@gmail.com>
makes argocd-image-updater compatible with restricted Pod Security Standard