Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release-1.11] sync with upstream to include CVE patches #472

Merged
merged 5 commits into from
Oct 16, 2023
Merged

[release-1.11] sync with upstream to include CVE patches #472

merged 5 commits into from
Oct 16, 2023

Conversation

ReToCode
Copy link

What this PR does / why we need it:

  • sync with upstream to include CVE patches
  • includes openshift/patches/010-secure-pod-defaults.patch from main branch

Which issue(s) this PR fixes:

JIRA: https://issues.redhat.com/browse/SRVKS-1159

knative-prow-robot and others added 5 commits September 14, 2023 20:03
@knative-prow-robot @KauzClay
[release-1.11] fix securityContext for Knative Service Pod (user-cont…
f60eb32 
…ainer and queue-proxy) (knative#14378)

* add seccompProfile to queue container security context

* run as non root by default

* update tests to expect new default run as nonroot

---------

Co-authored-by: Clay Kauzlaric <ckauzlaric@vmware.com>
@ReToCode
Leave a comment which will trigger a new dot release (knative#14500)
fb9129c
@nak3
[release-1.11] bump x/net to v0.17 (knative#14516)
4ff7168 
* [release-1.11] bump x/net to v1.17

* Re-generate test/config/tls/cert-secret.yaml (knative#14324)

* Run hack/update-codegen.sh --upgrade --release 1.11
@ReToCode
Merge remote-tracking branch 'upstream/release-1.11' into upstream-sync
0295b6b
@ReToCode
Update secure-pod-defaults patch
fcea3e1
@openshift-ci openshift-ci bot requested review from alanfx and skonto October 12, 2023 08:22
@skonto
Copy link

skonto commented Oct 12, 2023
edited
Loading

Error:

  Conditions:
    Last Transition Time:  2023-10-12T08:58:59Z
    Status:                True
    Type:                  DependenciesInstalled
    Last Transition Time:  2023-10-12T08:59:33Z
    Message:               Waiting on deployments: net-kourier-controller, 3scale-kourier-gateway
    Reason:                NotReady
    Status:                False
    Type:                  DeploymentsAvailable
    Last Transition Time:  2023-10-12T08:58:59Z
    Status:                True
    Type:                  InstallSucceeded
    Last Transition Time:  2023-10-12T08:59:33Z
    Message:               Waiting on deployments: net-kourier-controller, 3scale-kourier-gateway
    Reason:                NotReady
    Status:                False
    Type:                  Ready
    Last Transition Time:  2023-10-12T08:58:44Z
    Status:                True
    Type:                  VersionMigrationEligible

@skonto
Copy link

skonto commented Oct 12, 2023
edited
Loading

Warning Unhealthy 6m7s (x61 over 16m) kubelet Liveness probe errored: missing probe handler for net-kourier-controller-5664778ddd-zcc2x_knative-serving-ingress(b360c213-de7c-432e-99c8-a0a2ba28f0db):controller
Warning Unhealthy 67s (x106 over 16m) kubelet Readiness probe errored: missing probe handler for net-kourier-controller-5664778ddd-zcc2x_knative-serving-ingress(b360c213-de7c-432e-99c8-a0a2ba28f0db):controller

@skonto
Copy link

skonto commented Oct 12, 2023

/test 410-test-e2e-aws-ocp-410

@ReToCode
Copy link
Author

/hold

wait for openshift-knative/serverless-operator#2310 to be in and S-O builds to be stable again.

@skonto
Copy link

skonto commented Oct 12, 2023

I will debug this on 4.10 seems suspicious.

@ReToCode
Copy link
Author

/retest

@ReToCode
Copy link
Author

Ah we also need openshift/release#44332 first

@openshift-ci
Copy link

openshift-ci bot commented Oct 13, 2023

@ReToCode: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/410-test-e2e-tls-aws-ocp-410 fcea3e1 link true /test 410-test-e2e-tls-aws-ocp-410
ci/prow/410-test-e2e-aws-ocp-410 fcea3e1 link true /test 410-test-e2e-aws-ocp-410

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@ReToCode
Copy link
Author

/unhold

@skonto , @nak3 please review.

@nak3
Copy link

nak3 commented Oct 16, 2023

/lgtm
/approve

@openshift-ci openshift-ci bot added the lgtm label Oct 16, 2023
@openshift-ci
Copy link

openshift-ci bot commented Oct 16, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: nak3, ReToCode

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot merged commit daa44ca into openshift-knative:release-v1.11 Oct 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alanfx alanfx Awaiting requested review from alanfx

@skonto skonto Awaiting requested review from skonto

Assignees

@nak3 nak3

@skonto skonto

Labels
approved lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ReToCode @skonto @nak3 @knative-prow-robot