manifests/*: comply to restricted pod security level #299
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…onfigurations Signed-off-by: timflannagan <timflannagan@gmail.com>
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: timflannagan The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
/retest-required |
1 similar comment
|
/retest-required |
|
/lgtm |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
2 similar comments
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
Waiting for fixes to the e2e/upgrade checks. /hold |
openshift-ci
bot
added
the
do-not-merge/hold
|
/retest-required |
s-urbaniak
reviewed
May 9, 2022
| spec: | ||
| securityContext: | ||
| runAsNonRoot: true | ||
| runAsUser: 65534 |
There was a problem hiding this comment.
it turns out collect-profiles only has permissions to use the restricted SCC, hence we have to remove this line, the UID will be picked automatically from a safe range by SCC admission). The e2e failure is:
Error creating: pods "collect-profiles-27529095-" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, spec.containers[0].securityContext.runAsUser: Invalid value: 65534: must be in the ranges: [1000380000, 1000389999], provider "restricted": Forbidden: not usable by user or serviceaccount, provider "nonroot-v2": Forbidden: not usable by user or serviceaccount, provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "hostnetwork-v2": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount] for Job.batch/v1/collect-profiles-27529095 -n openshift-operator-lifecycle-manager happened 5 times
s-urbaniak
reviewed
May 9, 2022
scripts/generate_crds_manifests.sh
Outdated
| spec: | ||
| securityContext: | ||
| runAsNonRoot: true | ||
| runAsUser: 65534 |
There was a problem hiding this comment.
…ect-profiles CronJob Signed-off-by: timflannagan <timflannagan@gmail.com>
|
/lgtm |
|
/retest-required |
1 similar comment
|
/retest-required |
|
@timflannagan: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/hold cancel |
openshift-ci
bot
removed
the
do-not-merge/hold
tmshort
pushed a commit
to tmshort/operator-framework-olm
that referenced
this pull request
Oct 12, 2023
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.17.0. - [Commits](golang/net@v0.10.0...v0.17.0) Upstream-repository: api Upstream-commit: d52e6b24617a980e471dbfde1ec1780de9d23f35 --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
awgreene
pushed a commit
to awgreene/operator-framework-olm
that referenced
this pull request
Oct 16, 2023
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.17.0. - [Commits](golang/net@v0.10.0...v0.17.0) Upstream-repository: api Upstream-commit: d52e6b24617a980e471dbfde1ec1780de9d23f35 --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
awgreene
pushed a commit
to awgreene/operator-framework-olm
that referenced
this pull request
Oct 16, 2023
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.17.0. - [Commits](golang/net@v0.10.0...v0.17.0) Upstream-repository: api Upstream-commit: d52e6b24617a980e471dbfde1ec1780de9d23f35 --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
awgreene
pushed a commit
to awgreene/operator-framework-olm
that referenced
this pull request
Oct 16, 2023
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.17.0. - [Commits](httpts://github.com/golang/net/compare/v0.10.0...v0.17.0) Upstream-repository: api Upstream-commit: d52e6b24617a980e471dbfde1ec1780de9d23f35 --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
awgreene
pushed a commit
to awgreene/operator-framework-olm
that referenced
this pull request
Oct 16, 2023
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.17.0. - [Commits](golang/net@v0.10.0...v0.17.0) Upstream-repository: api Upstream-commit: d52e6b24617a980e471dbfde1ec1780de9d23f35 --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
awgreene
pushed a commit
to awgreene/operator-framework-olm
that referenced
this pull request
Oct 16, 2023
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.17.0. - [Commits](golang/net@v0.10.0...v0.17.0) Upstream-repository: api Upstream-commit: d52e6b24617a980e471dbfde1ec1780de9d23f35 --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
stevekuznetsov
pushed a commit
to stevekuznetsov/operator-framework-olm
that referenced
this pull request
Oct 18, 2023
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.17.0. - [Commits](golang/net@v0.10.0...v0.17.0) Upstream-repository: api Upstream-commit: d52e6b24617a980e471dbfde1ec1780de9d23f35 --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
stevekuznetsov
pushed a commit
to stevekuznetsov/operator-framework-olm
that referenced
this pull request
Oct 18, 2023
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.17.0. - [Commits](golang/net@v0.10.0...v0.17.0) Upstream-repository: api Upstream-commit: d52e6b24617a980e471dbfde1ec1780de9d23f35 --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
awgreene
pushed a commit
to awgreene/operator-framework-olm
that referenced
this pull request
Oct 19, 2023
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.17.0. - [Commits](golang/net@v0.10.0...v0.17.0) Upstream-repository: api Upstream-commit: d52e6b24617a980e471dbfde1ec1780de9d23f35 --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
awgreene
pushed a commit
to awgreene/operator-framework-olm
that referenced
this pull request
Oct 19, 2023
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.17.0. - [Commits](httpts://github.com/golang/net/compare/v0.10.0...v0.17.0) Upstream-repository: api Upstream-commit: d52e6b24617a980e471dbfde1ec1780de9d23f35 --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
awgreene
pushed a commit
to awgreene/operator-framework-olm
that referenced
this pull request
Oct 19, 2023
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.17.0. - [Commits](golang/net@v0.10.0...v0.17.0) Upstream-repository: api Upstream-commit: d52e6b24617a980e471dbfde1ec1780de9d23f35 --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
awgreene
pushed a commit
to awgreene/operator-framework-olm
that referenced
this pull request
Oct 19, 2023
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.17.0. - [Commits](golang/net@v0.10.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Upstream-repository: api Upstream-commit: d52e6b24617a980e471dbfde1ec1780de9d23f35
awgreene
pushed a commit
to awgreene/operator-framework-olm
that referenced
this pull request
Oct 19, 2023
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.17.0. - [Commits](golang/net@v0.10.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Upstream-repository: api Upstream-commit: d52e6b24617a980e471dbfde1ec1780de9d23f35
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Follow-up to #295 which has additional scripts/* changes.