-
Notifications
You must be signed in to change notification settings - Fork 349
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add in cluster tests + fix synk vuln SNYK-CC-K8S-8 #762
base: main
Are you sure you want to change the base?
Conversation
1977832
to
9eefd3a
Compare
Codecov Report
@@ Coverage Diff @@
## main #762 +/- ##
=======================================
Coverage 40.33% 40.33%
=======================================
Files 29 29
Lines 9318 9318
=======================================
Hits 3758 3758
Misses 5073 5073
Partials 487 487 |
f4ff064
to
a43dfe2
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since the tests seem to be passing in general, We should be good to go ahead with this after a few modifications 😄
Thanks a lot.
a43dfe2
to
0a85a7f
Compare
Hey @achrefbensaad , Thanks for taking this up. |
@nyrahul we cannot bump The latest version of |
@@ -57,6 +57,7 @@ spec: | |||
- containerPort: 32767 | |||
securityContext: | |||
privileged: true | |||
readOnlyRootFilesystem: true | |||
terminationMessagePath: /dev/termination-log |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not sure what is the termination log for, but would readonlyfilesystem impact that?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I checked, it does not impact it.
you can check in the pod by :
$ echo "random_string" >> /dev/termination-log
$ cat/dev/termination-log
should output random_string
bcb9271
to
9db4a5e
Compare
@daemon1024 can you please re-review this as if it is a new PR. I had to redo it again due to many absurd merge conflicts |
Signed-off-by: achref ben saad <[email protected]>
9db4a5e
to
d003c93
Compare
Hey @achrefbensaad what parts of this PR are still relevant?
|
What does this PR do:
Why the new in cluster tests:
already existant tests test kubearmor functionalities but not its related yaml files. In order for us to properly determine that our hardening actions wont impact kubearmor inside kubernetes environment we need to run tests in kubernetes cluster rather than as binary at the host level.
Signed-off-by: Achref ben saad [email protected]