Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(helm): do not mix ignore and podSecurity labels #2451

Merged
merged 3 commits into from
Dec 14, 2022
Merged

fix(helm): do not mix ignore and podSecurity labels #2451

merged 3 commits into from
Dec 14, 2022

Conversation

sathieu
Copy link
Contributor

@sathieu sathieu commented Dec 12, 2022
edited
Loading

What this PR does / why we need it:

As a result, using postInstall.labelNamespace.extraNamespaces will set restricted PodSecurity on those namespaces. This will most probably render the cluster unusable when it contains kube-system.

To fix this, we add another job.

@codecov-commenter
Copy link

codecov-commenter commented Dec 12, 2022
edited
Loading

Codecov Report

Base: 53.68% // Head: 53.59% // Decreases project coverage by -0.08% ⚠️

Coverage data is based on head (f01d3c1) compared to base (0fdd27e).
Patch has no changes to coverable lines.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #2451      +/-   ##
==========================================
- Coverage   53.68%   53.59%   -0.09%     
==========================================
  Files         117      117              
  Lines       10292    10292              
==========================================
- Hits         5525     5516       -9     
- Misses       4346     4352       +6     
- Partials      421      424       +3
Flag Coverage Δ
unittests 53.59% <ø> (-0.09%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
...onstrainttemplate/constrainttemplate_controller.go 55.74% <0.00%> (-1.44%) ⬇️
pkg/readiness/object_tracker.go 82.91% <0.00%> (-1.07%) ⬇️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

@sozercan
Copy link
Member

sozercan commented Dec 12, 2022
edited
Loading

good catch! I think we'll need to address this for post-upgrade too?

should we add a new container to the existing job instead of a new job?

@sathieu
fix(helm): do not mix ignore and podSecurity labels
f01d3c1 
Signed-off-by: Mathieu Parent <mathieu.parent@insee.fr>
@sathieu
Copy link
Contributor Author

sathieu commented Dec 14, 2022

good catch! I think we'll need to address this for post-upgrade too?

Yes. Done.

should we add a new container to the existing job instead of a new job?

No preferred method, I've changed to single-job.

sozercan
sozercan approved these changes Dec 14, 2022
View reviewed changes
Copy link
Member

@sozercan sozercan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! LGTM

@sozercan sozercan requested a review from maxsmythe December 14, 2022 19:28
@sozercan sozercan added this to the v3.11.0 milestone Dec 14, 2022
maxsmythe
maxsmythe approved these changes Dec 14, 2022
View reviewed changes
Copy link
Contributor

@maxsmythe maxsmythe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thank you for the fix!

@sozercan sozercan merged commit a7997e7 into open-policy-agent:master Dec 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sozercan sozercan sozercan approved these changes

@maxsmythe maxsmythe maxsmythe approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v3.11.0
Development

Successfully merging this pull request may close these issues.
4 participants
@sathieu @codecov-commenter @sozercan @maxsmythe