Merge upstream #249
Merged
Merge upstream #249
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Zhou Hao <zhouhao@fujitsu.com>
The limit was designed to avoid glitches when too many hosts DHCP or boot from PXE. Virtual media requires neither, and with a pre-built ISO is actually quite efficient.
run_local_ironic.sh: add proxy setting
Exclude hosts with virtual media from PROVISIONING_LIMIT
🌱 Bump golang to v1.18
After following the process described in our community documents[1], there were no objections to adding Kashif as an approver. [1]: https://github.com/metal3-io/metal3-docs/tree/master/maintainers
🌱 Add SECURITY_CONTACTS file
🌱 build: introduce support for FROM overrides
Add Kashif Khan as approver
No idea why the CI does not complain, but the local build fails with: pkg/provisioner/ironic/testserver/ironic.go:135: File is not `gofmt`-ed with `-s` (gofmt)
Run make fmt to fix issues
Apt doesn't have stable CLI interface and it gives out warnings about it during build. Change apt to apt-get. Add apt-get clean to minimize image size. Change DEBIAN_FRONTEND from ENV to ARG to limit it to build time.
Using "ubuntu" baseimage means image build takes whatever ubuntu image is the latest. This is great for building on the latest stuff, but it also means you get distro upgrades "unexpectedly", and also, if you check out older commit, it'll build against incorrect base OS, leading to incorrectly rebuilt images.
🌱 Dockerfile: use apt-get instead of apt
…ze-components 🌱 Ironic-deployment: Use kustomize components
🐛 Uplift to go.etcd.io/etcd/v3
🌱 Fix mac address for demo and fixture provisioners
mdl 0.12 moves unordered list indentation from 2 spaces to 3 spaces due Kramdown requirements. Pin markdownlint image to 0.12 (with SHA), and fix all markdown comply with mdl 0.12.
🌱markdown: pin mdl to 0.12 and fix complaints
…ttings-no-requeue 🐛 Fix endless requeue of HostFirmwareSettings
Detaching a host doesn't change the provisioning status (only the orthogonal operational status), so remove the graph edge suggesting that the host transitions to Deleting, which it does not.
🐛 uplift x/net to 0.4.0
🐛 docs: Remove erroneous state transition
…5:45:40.674Z". The original format is badly readable. Refine the devLog flag.
kubeval is not maintained anymore, and suggest moving to kubeconform. Change manifestlint.sh to use kubeconform. Pin kubeconform image with a version and a digest.
…-to-kubeconform 🌱 manifestlint: move from kubeval to kubeconform
🌱 Refine ironic provisioner log data format
Set top-level permission to read. Pin actions to a sha.
🐛 .github: secure github actions
Uplift and pin golang 1.19.4 with digest.
Use docker.io consistently as image registry, and pin more checks by a version and digest.
…lang 🌱 pin golang:1.19.4 with digest
…sistently-and-pin-checks 🌱 use docker.io consistently, and pin more checks
It is always good to not rely on the defaults, but be explicit. Set explicit, secure securityContext for the BMO controller manager deployment and containers. CAPI has the same starting from upcoming v1.4.0 and cert-manager etc has them already. Setting explicit securityContext has its downsides as well, for tilt. Tilt's live update cannot handle securityContext which sets the user as non-root, as it requires root to deploy the binaries on rebuild. To workaround this, strip function is added to Tiltfile to handle BMO securityContexts.
…ritycontexts ✨ add explicit securitycontexts to controller
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: honza The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
/retest |
|
@honza: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/lgtm |
dtantsur
reviewed
Jan 23, 2023
| @@ -0,0 +1,15 @@ | |||
| # Reporting a security vulnerability | |||
There was a problem hiding this comment.
We should exclude this file to avoid confusion.
dtantsur
reviewed
Jan 23, 2023
| k8s.io/api v0.24.2 | ||
| k8s.io/apimachinery v0.24.2 | ||
| sigs.k8s.io/controller-runtime v0.12.3 | ||
| k8s.io/api v0.25.0 |
There was a problem hiding this comment.
Ugh, this conflicts with the CVE fix :( Isn't it a bit too early to pull 0.25 bits?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.