SC settings for ApiServerSource's Receive Adapter's container/deployment #6788
Conversation
knative-prow
bot
added
do-not-merge/work-in-progress
Codecov ReportPatch coverage:
Additional details and impacted files@@ Coverage Diff @@
## main #6788 +/- ##
=======================================
Coverage 80.44% 80.45%
=======================================
Files 236 236
Lines 12206 12212 +6
=======================================
+ Hits 9819 9825 +6
Misses 1896 1896
Partials 491 491
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
matzew
changed the title
knative-prow
bot
removed
the
do-not-merge/work-in-progress
|
I tested this with 1.24 and also 1.26 -> works fine |
| SecurityContext: &corev1.SecurityContext{ | ||
| AllowPrivilegeEscalation: ptr.Bool(false), | ||
| ReadOnlyRootFilesystem: ptr.Bool(true), | ||
| RunAsNonRoot: ptr.Bool(true), | ||
| Capabilities: &corev1.Capabilities{Drop: []corev1.Capability{"ALL"}}, | ||
| }, |
There was a problem hiding this comment.
Missing SeccompProfile: &corev1.SeccompProfile{Type: corev1.SeccompProfileTypeRuntimeDefault}, ?
There was a problem hiding this comment.
yeah, forgot to push that 🙃
|
For now we just set the SC and skip the SeccompProfile If we want we can update the PR |
|
We're setting |
Signed-off-by: Matthias Wessendorf <mwessend@redhat.com>
|
yeah, it is more consistent, I've update the deployment and its test |
|
@pierDipi please take a look |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: matzew, pierDipi The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/cherry-pick release-1.9 |
|
/cherry-pick release-1.8 |
|
@matzew: new pull request created: #6792 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@matzew: new pull request created: #6793 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
…ent (knative#6788) Fixes knative#6787 <!-- Please include the 'why' behind your changes if no issue exists --> ## Proposed Changes <!-- Please categorize your changes: - 🎁 Add new feature - 🐛 Fix bug - 🧹 Update or clean up current behavior - 🗑️ Remove feature or internal logic --> - similar to our static manifests we set the required SC bits (see: knative#6533), except SeccompProfile ### Pre-review Checklist <!-- If these boxes are not checked, you will be asked to complete these requirements or explain why they do not apply to your PR. --> - [ ] **At least 80% unit test coverage** - [ ] **E2E tests** for any new behavior - [ ] **Docs PR** for any user-facing impact - [ ] **Spec PR** for any new API feature - [ ] **Conformance test** for any change to the spec **Release Note** <!-- :page_facing_up: If this change has user-visible impact, write a release note in the block below. Include the string "action required" if additional action is required of users switching to the new release, for example in case of a breaking change. Write as if you are speaking to users, not other Knative contributors. If this change has no user-visible impact, no release note is needed. --> ```release-note SecurityContext settings for ApiServerSource's Receive Adapter's container/deployment ``` **Docs** <!-- :book: If this change has user-visible impact, link to an issue or PR in https://github.com/knative/docs. --> Signed-off-by: Matthias Wessendorf <mwessend@redhat.com>
Fixes #6787
Proposed Changes
Pre-review Checklist
Release Note
Docs