Skip to content
This repository has been archived by the owner on May 28, 2024. It is now read-only.

Fix securityContext settings - allows running the controller in a restricted #534

Merged
merged 1 commit into from
Sep 13, 2023
Merged

Fix securityContext settings - allows running the controller in a restricted #534

merged 1 commit into from
Sep 13, 2023

Conversation

dprotaso
Copy link
Contributor

@dprotaso dprotaso commented Sep 13, 2023
edited
Loading

Changes

  • Set drop capabilitiy constant to ALL
  • Set the seccompProfile type to RuntimeDefault

/kind

Details: https://kubernetes.io/docs/concepts/security/pod-security-standards/

Release Note

Controller and webhooks now have a seccompProfile.type set to RuntimeDefault

Docs

@knative-prow
Copy link

knative-prow bot commented Sep 13, 2023

@dprotaso: The label(s) kind/<kind> cannot be applied, because the repository doesn't have them.

In response to this:

Changes

  • Set drop capabilitiy constant to ALL
  • Set the seccompProfile type to RuntimeDefault

/kind

Details: https://kubernetes.io/docs/concepts/security/pod-security-standards/

Release Note

Set the seccompProfile.type to RuntimeDefault

Docs

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@knative-prow knative-prow bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Sep 13, 2023
@knative-prow
Copy link

knative-prow bot commented Sep 13, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dprotaso

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@knative-prow knative-prow bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 13, 2023
@dprotaso
Copy link
Contributor Author

/assign @KauzClay
/cherry-pick release-1.11

@knative-prow-robot
Copy link

@dprotaso: once the present PR merges, I will cherry-pick it on top of release-1.11 in a new PR and assign it to you.

In response to this:

/assign @KauzClay
/cherry-pick release-1.11

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@codecov
Copy link

codecov bot commented Sep 13, 2023

Codecov Report

Merging #534 (5972fcd) into main (e69b0ef) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #534   +/-   ##
=======================================
  Coverage   91.47%   91.47%           
=======================================
  Files           5        5           
  Lines         305      305           
=======================================
  Hits          279      279           
  Misses         14       14           
  Partials       12       12

@KauzClay
Copy link

/lgtm

@knative-prow knative-prow bot added the lgtm Indicates that a PR is ready to be merged. label Sep 13, 2023
@knative-prow knative-prow bot merged commit 6fdfdef into knative-extensions:main Sep 13, 2023
19 checks passed
@knative-prow-robot
Copy link

@dprotaso: new pull request created: #535

In response to this:

/assign @KauzClay
/cherry-pick release-1.11

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@knative-prow-robot knative-prow-robot mentioned this pull request Sep 13, 2023
Merged
@dprotaso dprotaso deleted the add-seccompProfile branch September 13, 2023 18:23
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@krsna-m krsna-m Awaiting requested review from krsna-m

@skonto skonto Awaiting requested review from skonto

Assignees

@KauzClay KauzClay

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dprotaso @knative-prow-robot @KauzClay