New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merge upstream #249
Merge upstream #249
Conversation
Signed-off-by: Zhou Hao <zhouhao@fujitsu.com>
The limit was designed to avoid glitches when too many hosts DHCP or boot from PXE. Virtual media requires neither, and with a pre-built ISO is actually quite efficient.
run_local_ironic.sh: add proxy setting
Exclude hosts with virtual media from PROVISIONING_LIMIT
🌱 Bump golang to v1.18
After following the process described in our community documents[1], there were no objections to adding Kashif as an approver. [1]: https://github.com/metal3-io/metal3-docs/tree/master/maintainers
🌱 Add SECURITY_CONTACTS file
🌱 build: introduce support for FROM overrides
Add Kashif Khan as approver
No idea why the CI does not complain, but the local build fails with: pkg/provisioner/ironic/testserver/ironic.go:135: File is not `gofmt`-ed with `-s` (gofmt)
Run make fmt to fix issues
Apt doesn't have stable CLI interface and it gives out warnings about it during build. Change apt to apt-get. Add apt-get clean to minimize image size. Change DEBIAN_FRONTEND from ENV to ARG to limit it to build time.
Using "ubuntu" baseimage means image build takes whatever ubuntu image is the latest. This is great for building on the latest stuff, but it also means you get distro upgrades "unexpectedly", and also, if you check out older commit, it'll build against incorrect base OS, leading to incorrectly rebuilt images.
🌱 Dockerfile: use apt-get instead of apt
…ze-components 🌱 Ironic-deployment: Use kustomize components
🐛 Uplift to go.etcd.io/etcd/v3
🌱 Fix mac address for demo and fixture provisioners
mdl 0.12 moves unordered list indentation from 2 spaces to 3 spaces due Kramdown requirements. Pin markdownlint image to 0.12 (with SHA), and fix all markdown comply with mdl 0.12.
🌱markdown: pin mdl to 0.12 and fix complaints
…ttings-no-requeue 🐛 Fix endless requeue of HostFirmwareSettings
Detaching a host doesn't change the provisioning status (only the orthogonal operational status), so remove the graph edge suggesting that the host transitions to Deleting, which it does not.
🐛 uplift x/net to 0.4.0
🐛 docs: Remove erroneous state transition
…5:45:40.674Z". The original format is badly readable. Refine the devLog flag.
kubeval is not maintained anymore, and suggest moving to kubeconform. Change manifestlint.sh to use kubeconform. Pin kubeconform image with a version and a digest.
…-to-kubeconform 🌱 manifestlint: move from kubeval to kubeconform
🌱 Refine ironic provisioner log data format
Set top-level permission to read. Pin actions to a sha.
🐛 .github: secure github actions
Uplift and pin golang 1.19.4 with digest.
Use docker.io consistently as image registry, and pin more checks by a version and digest.
…lang 🌱 pin golang:1.19.4 with digest
…sistently-and-pin-checks 🌱 use docker.io consistently, and pin more checks
It is always good to not rely on the defaults, but be explicit. Set explicit, secure securityContext for the BMO controller manager deployment and containers. CAPI has the same starting from upcoming v1.4.0 and cert-manager etc has them already. Setting explicit securityContext has its downsides as well, for tilt. Tilt's live update cannot handle securityContext which sets the user as non-root, as it requires root to deploy the binaries on rebuild. To workaround this, strip function is added to Tiltfile to handle BMO securityContexts.
…ritycontexts ✨ add explicit securitycontexts to controller
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: honza The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest |
@honza: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
/lgtm |
@@ -0,0 +1,15 @@ | |||
# Reporting a security vulnerability |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should exclude this file to avoid confusion.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Addressed in #253
k8s.io/api v0.24.2 | ||
k8s.io/apimachinery v0.24.2 | ||
sigs.k8s.io/controller-runtime v0.12.3 | ||
k8s.io/api v0.25.0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ugh, this conflicts with the CVE fix :( Isn't it a bit too early to pull 0.25 bits?
No description provided.