New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 1807659: no need to run CCO as privileged pod #189
Bug 1807659: no need to run CCO as privileged pod #189
Conversation
Remove the label that was running CCO as a privileged pod. It is unnecessary for the kinds of operations that CCO needs to perform in cluster. Removing the label makes the file copy of any provided certificate bundles fail (used for things like global proxy settings). Fix up the permissions at container build time to allow the Pod startup to continue to be able to copy over any certificate bundle mounted into the pod. The label appears to have no effect when CCO is running on the bootstrap node, so there is no need to maintain a Namespace definition for use only during bootstrap (like we must do for the bootstrap-only Pod definition).
|
@openshift-cherrypick-robot: Not creating new clone for Bugzilla bug 1806892 as Bugzilla bug 1807659 has been detected as a clone for the correct target release of this cherrypick. Running refresh: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@openshift-ci-robot: This pull request references Bugzilla bug 1806892, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/retitle Bug 1807659: no need to run CCO as privileged pod |
|
@openshift-cherrypick-robot: This pull request references Bugzilla bug 1807659, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 6 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@joelddiaz Can you confirm there were no other fixes required for this backport? lgtm and approve as you see fit. |
|
/approve |
|
/test e2e-aws |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: joelddiaz, openshift-cherrypick-robot The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@openshift-cherrypick-robot: All pull requests linked via external trackers have merged: openshift/cloud-credential-operator#189. Bugzilla bug 1807659 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This is an automated cherry-pick of #159
/assign sdodson