New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OPRUN-2995: Remove dependency on cluster policy controller in favor of hardcoding #498
OPRUN-2995: Remove dependency on cluster policy controller in favor of hardcoding #498
Conversation
Signed-off-by: Per Goncalves da Silva <pegoncal@redhat.com>
3e7f5c5
to
ddcbdc3
Compare
/test unit-olm |
@perdasilva: This pull request references OPRUN-2995 which is a valid jira issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/label qe-approved |
/label px-approved |
/label docs-approved |
/lgtm |
@perdasilva: you cannot LGTM your own PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/override verify |
@perdasilva: /override requires failed status contexts, check run or a prowjob name to operate on.
Only the following failed contexts/checkruns were expected:
If you are trying to override a checkrun that has a space in it, you must put a double quote on the context. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/override ci/prow/verify |
@perdasilva: Overrode contexts on behalf of perdasilva: ci/prow/verify In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@perdasilva: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
This is a bit of maintenance and shouldn't affect product. Therefore I've applied the px/docs/qe-approved labels myself. Also, the verify stage fails because of changes to the staging directory. These changes are downstream only and were necessary. It should be ok to override on these grounds. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems reasonable. I'm not seeing the equivalent code upstream, which is expected?
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: perdasilva, tmshort The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/lgtm |
Due to PSA changes, we had to implement another controller in the downstream to label non-payload openshift-* namespaces with CSVs to signal security team's cluster policy controller (CPC) to manage the namespace's PSA security standard label.
Our controller depends on an ignore list exported by the CPC so that we can ignore the same payload namespaces.
There are two problems with this:
It doesn't seem like there's any good solution here. For our own QoL, this PR removes the dependency and copies the list over to our project. Of course, this can lead to skew...
Having spoken to the security team, they don't think this will change particularly often. In the meantime, we should find some other way to deal with this. Maybe reach out to the security team and ask them to split that list out into its own library and use straight up go types instead of a k8s
Set