Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add securityContext.seccompProfile.type: RuntimeDefault to manager deployment to meet restricted Pod security profile #358

Merged
merged 1 commit into from
Dec 10, 2024
Merged

Add securityContext.seccompProfile.type: RuntimeDefault to manager deployment to meet restricted Pod security profile #358

merged 1 commit into from
Dec 10, 2024

Conversation

rybnico
Copy link
Contributor

@rybnico rybnico commented Dec 9, 2024

Description of changes:

The current securityContext of the manager deployment doesn't meet the Pod Security Profile "restricted", which makes it impossible to run in "restricted" namespaces.

The cluster-api deployments also set this value, for example here

Testing performed:

With this change implemented, a deployment to a 'restricted' namespace will be successful. It shouldn't change the current behaviour for non-restricted namespaces.

@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 9, 2024

🚀 e2e tests run

We add labels to the PRs to control the e2e test runs by running specific tests and skipping some test contexts,
please follow this guide:

Label Behaviour
none Run Generic tests
e2e/none skip all e2e tests (documentation etc) - overrides all e2e/* labels Do not run any tests (overrides all e2e/ flags)
e2e/flatcar run Flatcar e2e tests Add Flatcar tests to the run

ℹ️ Ask a Member to add the requested labels if you don't have enough permissions.

@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Dec 9, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
82.4% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@wikkyk wikkyk merged commit 44826ba into ionos-cloud:main Dec 10, 2024
10 checks passed
rybnico added a commit to rybnico/cluster-api-provider-proxmox that referenced this pull request Dec 18, 2024
@rybnico
Add securityContext.seccompProfile.type: RuntimeDefault to manager De…
145a929 
…ployment (ionos-cloud#358)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wikkyk wikkyk wikkyk approved these changes

@65278 65278 Awaiting requested review from 65278 65278 is a code owner

@avorima avorima Awaiting requested review from avorima avorima is a code owner

@pborn-ionos pborn-ionos Awaiting requested review from pborn-ionos pborn-ionos is a code owner

@mcbenjemaa mcbenjemaa Awaiting requested review from mcbenjemaa mcbenjemaa is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rybnico @wikkyk