Skip to content
This repository was archived by the owner on Apr 17, 2025. It is now read-only.

Add security context #187

Merged
merged 1 commit into from
Apr 20, 2022
Merged

Add security context #187

merged 1 commit into from
Apr 20, 2022

Conversation

rgherta
Copy link
Contributor

@rgherta rgherta commented Apr 5, 2022
edited
Loading

Fixes #181
Tested: test-smoke, test-e2e

go clean --testcache
go test -v -timeout 0 ./test/e2e/... -args --ginkgo.focus "Quickstart"
=== RUN   TestE2e
Running Suite: HNC Suite
========================
Random Seed: 1650309465
Will run 5 of 36 specs

SSSSSSSSSSSSSSSSSS
------------------------------
• [SLOW TEST:30.375 seconds]
Quickstart
/home/romang/Documents/hierarchical-namespaces/test/e2e/quickstart_test.go:11
  Should test basic functionalities in quickstart
  /home/romang/Documents/hierarchical-namespaces/test/e2e/quickstart_test.go:33
------------------------------
• [SLOW TEST:30.292 seconds]
Quickstart
/home/romang/Documents/hierarchical-namespaces/test/e2e/quickstart_test.go:11
  Should propagate different types
  /home/romang/Documents/hierarchical-namespaces/test/e2e/quickstart_test.go:81
------------------------------

S [SKIPPING] [67.745 seconds]
Quickstart
/home/romang/Documents/hierarchical-namespaces/test/e2e/quickstart_test.go:11
  Should integrate hierarchical network policy [It]
  /home/romang/Documents/hierarchical-namespaces/test/e2e/quickstart_test.go:105

  Basic network policies don't appear to be working; skipping the netpol quickstart

  /home/romang/Documents/hierarchical-namespaces/test/e2e/quickstart_test.go:165
------------------------------
• [SLOW TEST:62.344 seconds]
Quickstart
/home/romang/Documents/hierarchical-namespaces/test/e2e/quickstart_test.go:11
  Should create and delete subnamespaces
  /home/romang/Documents/hierarchical-namespaces/test/e2e/quickstart_test.go:194
------------------------------


• [SLOW TEST:22.588 seconds]
Quickstart
/home/romang/Documents/hierarchical-namespaces/test/e2e/quickstart_test.go:11
  Should demonstrate exceptions
  /home/romang/Documents/hierarchical-namespaces/test/e2e/quickstart_test.go:253
------------------------------
SSSSSSSSSSSSS

Ran 4 of 36 Specs in 213.345 seconds
SUCCESS! -- 4 Passed | 0 Failed | 0 Pending | 32 Skipped

@k8s-ci-robot k8s-ci-robot added do-not-merge/invalid-commit-message Indicates that a PR should not merge because it has an invalid commit message. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Apr 5, 2022
@k8s-ci-robot
Copy link
Contributor

Hi @rgherta. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Apr 5, 2022
@k8s-ci-robot k8s-ci-robot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Apr 5, 2022
@rgherta rgherta changed the title Update manager.yaml #181 Update manager.yaml Apr 5, 2022
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/invalid-commit-message Indicates that a PR should not merge because it has an invalid commit message. label Apr 5, 2022
@tashimi
Copy link

tashimi commented Apr 6, 2022

ping @adrianludwin @rjbez17

/unassign @tashimi

@adrianludwin
Copy link
Contributor

Hey @rgherta , thanks for this! Before I approve, can you please make a few changes?

  • The tests you ran didn't exercise your changes - the test/e2e would have tested them, but they take about 15-30m to run. To run those tests, point your kubectl at a cluster, run make deploy to deploy HNC onto that cluster, then run make test-smoke (this runs a subset of the e2e tests and should only take about 5min). Can you please run those?
  • Can you please give the commit a more descriptive name? E.g. "Add pod security contexts" or whatever the correct name of this feature is. Please also include the details about why you're making this change, any other details that might be useful, plus what testing you did in the commit, not the PR description. A good example is 75a2052.
    • For this change, the "Tested:" paragraph might just be Tested: make smoke-test passes

Thanks!

@adrianludwin
Copy link
Contributor

BTW you can update the commit message just by git commit --amend and then force-push it to your branch, probably something like git push origin -f, you don't need to close this PR and file a new one.

@adrianludwin
Copy link
Contributor

Hey @rgherta , do you need a hand on this? Is everything clear?

@rgherta
Copy link
Contributor Author

rgherta commented Apr 13, 2022

Hey @rgherta , do you need a hand on this? Is everything clear?

all clear, sorry for thr delay

@adrianludwin
Copy link
Contributor

No worries! LMK if you have any questions about running the tests.

@rgherta
Add pod security contexts
285500f 
Enforces Pod Security Standards v1.23
Ensures HNC container process will comply with latest security rules, process isolation etc
https://kubernetes.io/docs/concepts/security/pod-security-standards/

Tested: make test-e2e ran successful
--- PASS: TestE2e (541.48s)
PASS
ok      sigs.k8s.io/hierarchical-namespaces/test/e2e    541.484s
@rgherta rgherta changed the title Update manager.yaml Add security context Apr 18, 2022
@adrianludwin
Copy link
Contributor

lgtm but I wouldn't mind if Ryan could have look as well. Thanks for making this change!

/approve
/lgtm
/hold
/assign @rjbez17

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Apr 19, 2022
@adrianludwin
Copy link
Contributor

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. lgtm "Looks good to me", indicates that a PR is ready to be merged. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Apr 19, 2022
@adrianludwin adrianludwin added this to the release-v1.1 milestone Apr 19, 2022
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: adrianludwin, rgherta

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 19, 2022
@rjbez17
Copy link
Contributor

rjbez17 commented Apr 20, 2022

/lgtm
/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Apr 20, 2022
@k8s-ci-robot k8s-ci-robot merged commit d3b5968 into kubernetes-retired:master Apr 20, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@adrianludwin adrianludwin Awaiting requested review from adrianludwin

@rjbez17 rjbez17 Awaiting requested review from rjbez17

Assignees

@rjbez17 rjbez17

@adrianludwin adrianludwin

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
release-v1.1
Development

Successfully merging this pull request may close these issues.

Security Context
5 participants
@rgherta @k8s-ci-robot @tashimi @adrianludwin @rjbez17