Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added PSS to contrib/baseline and contrib/restricted as kustomize components #2757

Merged
merged 5 commits into from
Jun 24, 2024
Merged

Added PSS to contrib/baseline and contrib/restricted as kustomize components #2757

merged 5 commits into from
Jun 24, 2024

Conversation

biswajit-9776
Copy link
Contributor

Pull Request Template for Kubeflow manifests Issues

  • Please include a summary of changes and the related issue.
  • List any dependencies that are required for this change.
  • Please delete the options that are not relevant.
  • The following checklist will help you to satisfy the requirements.

✏️ A brief description of the changes

I enabled pod security standards to namespaces.

📦 List any dependencies that are required for this change

My PR depends on #

🐛 If this PR is related to an issue, please put the link of the issue here.

The following issues are related, because ...

✅ Unit Test Checklist

  • 🛠️ Make sure you have installed kustomize == 5.2.1+
  • ✍️ Have you written new tests for your core changes, as applicable?
  • 🔄 Have you successfully run existing tests with your changes ?
  • 🚀 Have you successfully run existing and new tests with your changes ?

✅ Contributor checklist

You can join the CNCF Slack and access our meetings at the Kubeflow Community website. Our channel on the CNCF Slack is here #kubeflow-platform.

@biswajit-9776
Added PSS to contrib/baseline and restricted as kustomize components
ceaacaf 
Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>
@biswajit-9776
Copy link
Contributor Author

I would be pushing more commits and still open to suggestions mid-way.

juliusvonkohout
juliusvonkohout reviewed Jun 24, 2024
View reviewed changes
contrib/security/PSS/static/baseline/kustomization.yaml Outdated
kind: Component

resources:
- ../../../../../common/kubeflow-namespace/base
Copy link
Member

@juliusvonkohout juliusvonkohout Jun 24, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The two resources here are already in example.yaml. Why do you list them here as well?

You should add this component here commented out to example.yaml instead as planned in the Google document.

juliusvonkohout
juliusvonkohout reviewed Jun 24, 2024
View reviewed changes
contrib/security/PSS/static/restricted/kustomization.yaml Outdated

resources:
- ../../../../../common/kubeflow-namespace/base
- ../../../../../common/istio-1-22/istio-namespace/base
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The two resources here are already in example.yaml. Why do you list them here as well?

You should add this component here commented out to example.yaml instead as planned in the Google document.

@biswajit-9776
Added kustomize PSS components to example
dde8820 
Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>
juliusvonkohout
juliusvonkohout reviewed Jun 24, 2024
View reviewed changes
example/kustomization.yaml Outdated
@@ -88,3 +88,9 @@ resources:
# KServe
- ../contrib/kserve/kserve
- ../contrib/kserve/models-web-app/overlays/kubeflow

#Pod Security Standarards enabled
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please check the spelling

@biswajit-9776
Fixed spelling
d8e18a7 
Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>
@biswajit-9776
Copy link
Contributor Author

Should be have PSS for other namespaces like auth, cert-manager, etc?

juliusvonkohout
juliusvonkohout reviewed Jun 24, 2024
View reviewed changes
example/kustomization.yaml Outdated
@@ -89,7 +89,7 @@ resources:
- ../contrib/kserve/kserve
- ../contrib/kserve/models-web-app/overlays/kubeflow

#Pod Security Standarards enabled
#Pod Security Standards
Copy link
Member

@juliusvonkohout juliusvonkohout Jun 24, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lets maybe link to the documentation in the comment https://kubernetes.io/docs/concepts/security/pod-security-standards/ and check that you match the style and indenting of the other parts in the document.

@biswajit-9776
Added link to PSS official documentation
7c19f4f 
Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>
@biswajit-9776
Fixed indentation
8c845a5 
Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>
@juliusvonkohout juliusvonkohout self-assigned this Jun 24, 2024
@juliusvonkohout
Copy link
Member

/lgtm
/approve

@google-oss-prow google-oss-prow bot added the lgtm label Jun 24, 2024
@google-oss-prow Google OSS Prow
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: juliusvonkohout

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@google-oss-prow google-oss-prow bot merged commit 7a7079b into kubeflow:master Jun 24, 2024
3 checks passed
@biswajit-9776 biswajit-9776 deleted the PSS branch June 25, 2024 19:31
@hansinikarunarathne hansinikarunarathne mentioned this pull request Jul 7, 2024
Merged
@juliusvonkohout juliusvonkohout linked an issue Aug 12, 2024 that may be closed by this pull request
Rootless Kubeflow #2528
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@juliusvonkohout juliusvonkohout juliusvonkohout left review comments

@kimwnasptd kimwnasptd Awaiting requested review from kimwnasptd

Assignees

@juliusvonkohout juliusvonkohout

Labels
approved lgtm size/M
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Rootless Kubeflow
2 participants
@biswajit-9776 @juliusvonkohout