Skip to content

[RELEASE-1.7][BACKPORT] Allow setting seccompProfile to enable using … #91

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
openshift-merge-robot merged 2 commits into from
Dec 22, 2022
Merged

[RELEASE-1.7][BACKPORT] Allow setting seccompProfile to enable using … #91

openshift-merge-robot merged 2 commits into from
Dec 22, 2022

Conversation

@ReToCode
Copy link

@ReToCode ReToCode commented Dec 20, 2022

Cherry-pick of #9

@ReToCode ReToCode requested review from nak3 and skonto December 20, 2022 15:20
@ReToCode ReToCode mentioned this pull request Dec 20, 2022
Merged
@openshift-ci openshift-ci bot requested review from mgencur and mvinkler December 20, 2022 15:20
@skonto
Copy link

skonto commented Dec 20, 2022

/lgtm
/hold for tests

@ReToCode
Copy link
Author

ReToCode commented Dec 21, 2022

/retest

1 similar comment
@ReToCode
Copy link
Author

ReToCode commented Dec 21, 2022

/retest

@ReToCode
Copy link
Author

ReToCode commented Dec 21, 2022

/hold debugging ci

@skonto
Copy link

skonto commented Dec 21, 2022
edited
Loading

Seems activator is not being removed.

activator_test.go:133: Did not observe activator-764744bb7d-6qv2f to actually be deleted: pod "activator-764744bb7d-6qv2f" is not in desired state, got: <*>&Pod{ObjectMeta:{activator-764744bb7d-6qv2f activator-764744bb7d- knative-serving dbf1bbbe-9905-4dfd-a5fa-c0d36041a145 96663 0 2022-12-21 08:07:06 +0000 UTC 2022-12-21 09:01:50 +0000 UTC 0xc0008cb348 map[app:activator app.kubernetes.io/component:activator app.kubernetes.io/name:knative-serving app.kubernetes.io/version:v1.2.0 pod-template-hash:764744bb7d role:activator] map[cluster-autoscaler.kubernetes.io/safe-to-evict:false

@skonto
Copy link

skonto commented Dec 21, 2022
edited
Loading

Last PR on this branch that was passing is this one: #69 (8/12).
The other PR #90 is failing too.

@ReToCode
Copy link
Author

ReToCode commented Dec 21, 2022

/test 411-e2e-aws-ocp-411

skonto and others added 2 commits December 22, 2022 07:39
@skonto @evankanderson @ReToCode
[RELEASE-1.5][BACKPORT] Allow setting seccompProfile to enable using …
199f019 
…restricted security profile (#1284) (#9)

* Allow setting seccompProfile to enable using restricted security profile (knative#13401)

* fix features cm

Co-authored-by: Evan Anderson <evan.k.anderson@gmail.com>

Co-authored-by: Evan Anderson <evan.k.anderson@gmail.com>
@ReToCode
Update checksum
73c41a1
@ReToCode
Copy link
Author

ReToCode commented Dec 22, 2022

/unhold

@nak3
Copy link

nak3 commented Dec 22, 2022

/lgtm
/approve

@openshift-ci openshift-ci bot added the lgtm label Dec 22, 2022
@openshift-ci
Copy link

openshift-ci bot commented Dec 22, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: nak3, ReToCode, skonto

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-robot openshift-merge-robot merged commit 28d0934 into openshift-knative:release-v1.7 Dec 22, 2022
@ReToCode ReToCode deleted the patch-seccomp branch December 22, 2022 08:12
nak3
nak3 reviewed Dec 22, 2022
View reviewed changes
config/core/configmaps/features.yaml
# - RunAsNonRoot
# - SupplementalGroups
# - RunAsUser
# - SeccompProfile
Copy link

@nak3 nak3 Dec 22, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just leaving a note as a FYI:
This yaml file is not used but https://github.com/openshift-knative/serving/blob/release-v1.7/openshift/release/artifacts/2-serving-core.yaml#L5000-L5006 is used on 1.7 branch (release-next & main fixed).

This is a comment line change so I think we don't need to update it, though.

Copy link
Author

@ReToCode ReToCode Dec 22, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hm I see, was it used in 1.6 (https://github.com/openshift-knative/serving/pull/9/files)? Maybe @skonto just added that for completeness sake?

Copy link

@skonto skonto Mar 13, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes that was meant for completeness back then.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@skonto skonto Awaiting requested review from skonto

@mgencur mgencur Awaiting requested review from mgencur

@mvinkler mvinkler Awaiting requested review from mvinkler

1 more reviewer

@nak3 nak3 nak3 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@nak3 nak3

@skonto skonto

Labels

approved lgtm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ReToCode @skonto @nak3 @openshift-merge-robot