Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

operator: Set seccomp profile to runtime default for all variants #9457

Merged
merged 8 commits into from
Jun 1, 2023
Merged

operator: Set seccomp profile to runtime default for all variants #9457

merged 8 commits into from
Jun 1, 2023

Conversation

Red-GV
Copy link
Contributor

@Red-GV Red-GV commented May 12, 2023
edited
Loading

What this PR does / why we need it:
This PR sets the seccompProfile to be the RuntimeDefault. Now that the minimum OpenShift version is 4.12 of the operator, this setting can be safely applied to allow the operator to run in a restricted Kubernetes environment.

Which issue(s) this PR fixes:

Special notes for your reviewer:

Checklist

  • Reviewed the CONTRIBUTING.md guide (required)
  • Documentation added
  • Tests updated
  • CHANGELOG.md updated
  • Changes that require user attention or interaction to upgrade are documented in docs/sources/upgrading/_index.md

@Red-GV Red-GV requested a review from a team as a code owner May 12, 2023 17:31
periklis
periklis requested changes May 15, 2023
View reviewed changes
operator/config/manager/manager.yaml Outdated Show resolved Hide resolved
@Red-GV Red-GV force-pushed the operator-sc-runtime-default branch from 4c5d77c to 311fdb8 Compare May 15, 2023 18:29
@pull-request-size pull-request-size bot added size/L and removed size/M labels May 15, 2023
@Red-GV
Copy link
Contributor Author

Red-GV commented May 15, 2023

@periklis Now only OpenShift builds should be automatically subjected to the restricted pod security policy. The RestrictedPodSecurityStandard runtime variable will be used instead of RuntimeSeccompProfile in order to enable these changes on builds.

I did leave allowPrivilegeEscalation off for all builds and containers as a default.

@Red-GV Red-GV force-pushed the operator-sc-runtime-default branch 5 times, most recently from bf9d0bf to a2a2178 Compare May 23, 2023 19:26
@Red-GV Red-GV force-pushed the operator-sc-runtime-default branch from a2a2178 to 4ca62eb Compare May 24, 2023 15:14
periklis
periklis reviewed May 24, 2023
View reviewed changes
operator/CHANGELOG.md Outdated Show resolved Hide resolved
@Red-GV Red-GV force-pushed the operator-sc-runtime-default branch 3 times, most recently from d8efa38 to 12a1eae Compare May 30, 2023 13:10
@Red-GV Red-GV force-pushed the operator-sc-runtime-default branch from 12a1eae to 243fc1c Compare June 1, 2023 14:48
@periklis periklis merged commit 7b706ee into grafana:main Jun 1, 2023
@Red-GV Red-GV deleted the operator-sc-runtime-default branch June 23, 2023 13:16
@periklis periklis mentioned this pull request Jul 31, 2023
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@periklis periklis periklis approved these changes

Assignees
No one assigned
Labels
sig/operator size/L
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Red-GV @periklis