-
Notifications
You must be signed in to change notification settings - Fork 33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PWX-32732 : use portworx-restricted based on IsPrivileged flag #1191
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this PR will require some more work (see below)
b4c4aec
to
df61352
Compare
Codecov ReportPatch coverage:
Additional details and impacted files@@ Coverage Diff @@
## px-rel-23.7.0 #1191 +/- ##
==============================================
Coverage 80.03% 80.03%
==============================================
Files 58 58
Lines 16580 16583 +3
==============================================
+ Hits 13269 13272 +3
Misses 2379 2379
Partials 932 932
☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good -- thanks Nikita (one question logged below)
) | ||
} | ||
|
||
return k8sutil.CreateOrUpdateClusterRole(c.k8sClient, clusterRole) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems to be a new addition... was this a mistake, or was this line required ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This method was returning k8sutil.CreateOrUpdateClusterRole , moved it to last line to add conditional statement of SCC name before creating the cluster role.
* use portworx-restricted based on IsPrivileged flag * Add UTs for install with non-privileged annotation * Add UTs for install with non-privileged annotation * remove debug logs
* PWX-32732 : use SCC based on IsPrivileged flag (#1191) * use portworx-restricted based on IsPrivileged flag * Add UTs for install with non-privileged annotation * Add UTs for install with non-privileged annotation * remove debug logs * resolve conflict * fix failing test
What this PR does / why we need it:
Do not use portworx-restricted SCC by default, use the old way and allow to enable/disable it via annotation
Which issue(s) this PR fixes (optional)
Closes # https://portworx.atlassian.net/browse/PWX-32732