Skip to content

Verify pod securityContext/uid behavior on OKD #3537

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 14 commits into from
Oct 26, 2022
Merged

Verify pod securityContext/uid behavior on OKD #3537

merged 14 commits into from
Oct 26, 2022

Conversation

maggiehe00
Copy link
Contributor

@maggiehe00 maggiehe00 commented Oct 21, 2022
edited
Loading

Test scenario:

  • Create a WebLogic domain using WLST in a persistent volume.
    *
    • Start a WebLogic domain with
    • (a) JMS File store with custom directory assigned to WLS cluster
    • e.g. /shared/domain-ns/domains/domain-uid/JmsFileStores
    • (b) WLDF system resource assigned to WLS cluster
    • (c) JDBC system resource assigned to WLS cluster
    • Print out UID, GID and SELinux label of pods in the domain namespace
    • Send 100 persistent messages to JMS Destination on managed server(2)
    • Stop/Start the managed server(2) by scaling the cluster
    • Print out UID, GID and SELinux label of pods in the domain namespace
    • Make sure all 100 persistent messages are recovered form managed server(2)

Test passed at OKD: https://build.weblogick8s.org:8443/job/wko34-okd/24/
From https://build.weblogick8s.org:8443/job/wko34-okd/24/console, using "got uid" we can see in the domain namespace, all the pods have the same UID, GID and SELinux label at initial domain startup and after managed server 2 was restarted.

<Initial domain startup, got uid recovery-dpv-admin-server runAsUser: 1000780000 fsGroup: 1000780000 seLinuxOptions: s0:c28,c12 for pod recovery-dpv-admin-server in the namespace ns-xcpbmn>

<Initial domain startup, got uid recovery-dpv-managed-1 runAsUser: 1000780000 fsGroup: 1000780000 seLinuxOptions: s0:c28,c12 for pod recovery-dpv-managed-1 in the namespace ns-xcpbmn>

<Initial domain startup, got uid recovery-dpv-managed-2 runAsUser: 1000780000 fsGroup: 1000780000 seLinuxOptions: s0:c28,c12 for pod recovery-dpv-managed-2 in the namespace ns-xcpbmn>

<After managed Server2 was restarted, got uid recovery-dpv-admin-server runAsUser: 1000780000 fsGroup: 1000780000 seLinuxOptions: s0:c28,c12 for pod recovery-dpv-admin-server in the namespace ns-xcpbmn>

<After managed Server2 was restarted, got uid recovery-dpv-managed-1 runAsUser: 1000780000 fsGroup: 1000780000 seLinuxOptions: s0:c28,c12 for pod recovery-dpv-managed-1 in the namespace ns-xcpbmn>

<After managed Server2 was restarted, got uid recovery-dpv-managed-2 runAsUser: 1000780000 fsGroup: 1000780000 seLinuxOptions: s0:c28,c12 for pod recovery-dpv-managed-2 in the namespace ns-xcpbmn>

@oracle-contributor-agreement oracle-contributor-agreement bot added the OCA Verified All contributors have signed the Oracle Contributor Agreement. label Oct 21, 2022
@maggiehe00 maggiehe00 changed the title Verify pod securityContext/uid on OKD Verify pod securityContext/uid behavior on OKD Oct 21, 2022
@maggiehe00 maggiehe00 marked this pull request as ready for review October 24, 2022 18:48
@jshum2479 jshum2479 mentioned this pull request Oct 24, 2022
Closed
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

jshum2479
jshum2479 approved these changes Oct 25, 2022
View reviewed changes
Copy link
Member

@jshum2479 jshum2479 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, will this be also used in open shift certification?

@maggiehe00
Copy link
Contributor Author

LGTM, will this be also used in open shift certification?

@jshum2479 Yes. Once this PR is merged I will backport it to release/3.4. Also we are going to work on OKD support on main branch. As an initial step I added OKD profiles into main branch using this PR.

@rjeberhard rjeberhard merged commit bd3fda8 into main Oct 26, 2022
@rjeberhard rjeberhard deleted the dpv-recovery branch October 26, 2022 12:07
rjeberhard pushed a commit to rjeberhard/weblogic-kubernetes-operator that referenced this pull request Apr 14, 2023
@maggiehe00 @anpanigr
Verify pod securityContext/uid behavior on OKD (oracle#3537)
aeb1518 
* Verify pod securityContext/uid behavior on OKD

Co-authored-by: Antaryami Panigrahi <antaryami.panigrahi@oracle.com>
robertpatrick pushed a commit that referenced this pull request Apr 26, 2023
@maggiehe00 @anpanigr
Verify pod securityContext/uid behavior on OKD (#3537)
08f73ce 
* Verify pod securityContext/uid behavior on OKD

Co-authored-by: Antaryami Panigrahi <antaryami.panigrahi@oracle.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sankarpn sankarpn Awaiting requested review from sankarpn

@rjeberhard rjeberhard Awaiting requested review from rjeberhard

2 more reviewers

@jshum2479 jshum2479 jshum2479 approved these changes

@anpanigr anpanigr anpanigr approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
OCA Verified All contributors have signed the Oracle Contributor Agreement.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@maggiehe00 @jshum2479 @anpanigr @rjeberhard