Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

e2e: add podsecurity labels #405

Merged
merged 1 commit into from
Aug 2, 2022
Merged

e2e: add podsecurity labels #405

merged 1 commit into from
Aug 2, 2022

Conversation

ffromani
Copy link
Contributor

@ffromani ffromani commented Jul 28, 2022
edited
Loading

OCP >= 4.12 wants to have stricter podsecurity rules.
In our e2e tests we do a bunch of stuff, including running privileged pods. We just annotate the test namespace(s) to signal we need top privileges. Since e2e tests run in very controlled envs (CI mostly), and since test namespace should be gone anyway once the e2e tests are finished, this is still fair game.

Signed-off-by: Francesco Romani fromani@redhat.com

@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 28, 2022
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 28, 2022
@openshift-merge-robot openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 28, 2022
@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 28, 2022
@ffromani ffromani mentioned this pull request Aug 1, 2022
Merged
@ffromani
e2e: add podsecurity labels
7865bd0 
OCP >= 4.12 wants to have stricter podsecurity rules.
In our e2e tests we do a bunch of stuff, including running privileged
pods. We just annotate the test namespace(s) to signal we need top
privileges. Since e2e tests run in very controlled envs (CI mostly),
and since test namespace should be gone anyway once the e2e tests
are finished, this is still fair game.

Signed-off-by: Francesco Romani <fromani@redhat.com>
@ffromani ffromani changed the title WIP: DNM: silly change to check PSP e2e: add podsecurity labels Aug 1, 2022
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Aug 1, 2022
@ffromani
Copy link
Contributor Author

ffromani commented Aug 1, 2022

/cc @MarSik @yanirq

@openshift-ci openshift-ci bot requested review from MarSik and yanirq August 1, 2022 11:22
MarSik
MarSik approved these changes Aug 1, 2022
View reviewed changes
Copy link
Contributor

@MarSik MarSik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Aug 1, 2022
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Aug 1, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: fromanirh, MarSik

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci-robot
Copy link
Contributor

/retest-required

Remaining retests: 2 against base HEAD 2b8674b and 8 for PR HEAD 7865bd0 in total

@openshift-ci-robot
Copy link
Contributor

/retest-required

Remaining retests: 1 against base HEAD 2b8674b and 7 for PR HEAD 7865bd0 in total

@openshift-ci-robot
Copy link
Contributor

/retest-required

Remaining retests: 0 against base HEAD 2b8674b and 6 for PR HEAD 7865bd0 in total

@ffromani
Copy link
Contributor Author

ffromani commented Aug 2, 2022

/retest-required

@yanirq
Copy link
Contributor

yanirq commented Aug 2, 2022

/lgtm

@ffromani
Copy link
Contributor Author

ffromani commented Aug 2, 2022

likely same issue as #408 (comment)

@openshift-ci-robot
Copy link
Contributor

/retest-required

Remaining retests: 2 against base HEAD 285eec9 and 5 for PR HEAD 7865bd0 in total

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Aug 2, 2022

@fromanirh: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@openshift-merge-robot openshift-merge-robot merged commit 57c5347 into openshift:master Aug 2, 2022
@ffromani ffromani mentioned this pull request Aug 19, 2022
Closed
@ffromani ffromani deleted the pao-check-psp branch September 5, 2022 07:51
@ffromani
Copy link
Contributor Author

ffromani commented Sep 5, 2022

/cherry-pick release-4.11

@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Sep 5, 2022
Closed
@openshift-cherrypick-robot
Copy link

@fromanirh: new pull request created: #457

In response to this:

/cherry-pick release-4.11

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

IlyaTyomkin pushed a commit to IlyaTyomkin/cluster-node-tuning-operator that referenced this pull request May 23, 2023
@ffromani @IlyaTyomkin
e2e: add podsecurity labels (openshift#405)
aff4bc6 
OCP >= 4.12 wants to have stricter podsecurity rules.
In our e2e tests we do a bunch of stuff, including running privileged
pods. We just annotate the test namespace(s) to signal we need top
privileges. Since e2e tests run in very controlled envs (CI mostly),
and since test namespace should be gone anyway once the e2e tests
are finished, this is still fair game.

Signed-off-by: Francesco Romani <fromani@redhat.com>
IlyaTyomkin pushed a commit to IlyaTyomkin/cluster-node-tuning-operator that referenced this pull request Jun 13, 2023
@ffromani @IlyaTyomkin
e2e: add podsecurity labels (openshift#405)
b619f75 
OCP >= 4.12 wants to have stricter podsecurity rules.
In our e2e tests we do a bunch of stuff, including running privileged
pods. We just annotate the test namespace(s) to signal we need top
privileges. Since e2e tests run in very controlled envs (CI mostly),
and since test namespace should be gone anyway once the e2e tests
are finished, this is still fair game.

Signed-off-by: Francesco Romani <fromani@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MarSik MarSik MarSik approved these changes

@yanirq yanirq Awaiting requested review from yanirq

Assignees

@MarSik MarSik

@yanirq yanirq

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@ffromani @openshift-ci-robot @yanirq @openshift-cherrypick-robot @MarSik @openshift-merge-robot