Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: make zarf-registry and zarf-injector pods comply with offical restricted pod security standard #3092

Merged
merged 3 commits into from
Oct 17, 2024
Merged

feat: make zarf-registry and zarf-injector pods comply with offical restricted pod security standard #3092

merged 3 commits into from
Oct 17, 2024

Conversation

Miaoxiang-philips
Copy link
Contributor

@Miaoxiang-philips Miaoxiang-philips commented Oct 10, 2024
edited
Loading

Description

Adds security context to zarf-registry and zarf-injector to ensure compliance with Kubernetes restricted pod security standard used in high security environments.
...

Related Issue

#2932

Checklist before merging

@netlify Netlify
Copy link

netlify bot commented Oct 10, 2024
edited
Loading

Deploy Preview for zarf-docs canceled.

Name Link
🔨 Latest commit ff7eb28
🔍 Latest deploy log https://app.netlify.com/sites/zarf-docs/deploys/67107d3cc3493900085379d6

@Miaoxiang-philips
feat: add security context to zarf-registry and zarf-injector in orde…
bf8e7d3 
…r to comply with offical restricted PSS

Signed-off-by: miaoxiang.wang <miaoxiang.wang@philips.com>
@AustinAbro321
Copy link
Contributor

Hey @Miaoxiang-philips thanks for this PR! You'll have to update the testdata file expected_injection_pod to reflect the changes. You can run make test-unit to run the unit tests locally.

@Miaoxiang-philips
test: update expected injection-pod json for unit test
ff7eb28 
Signed-off-by: miaoxiang.wang <miaoxiang.wang@philips.com>
@Miaoxiang-philips
Copy link
Contributor Author

Miaoxiang-philips commented Oct 17, 2024
edited
Loading

Got it, I fixed it now @AustinAbro321

@codecov Codecov
Copy link

codecov bot commented Oct 17, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Files with missing lines Coverage Δ
src/pkg/cluster/injector.go 73.12% <100.00%> (+1.64%) ⬆️

schristoff
schristoff approved these changes Oct 17, 2024
View reviewed changes
Copy link
Contributor

@schristoff schristoff left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for this contribution :)

@schristoff schristoff added this pull request to the merge queue Oct 17, 2024
Merged via the queue into zarf-dev:main with commit f15ed55 Oct 17, 2024
26 checks passed
mjnagel pushed a commit to mjnagel/zarf that referenced this pull request Oct 21, 2024
@Miaoxiang-philips @AustinAbro321 @mjnagel
feat: make zarf-registry and zarf-injector pods comply with offical r…
b0707e7 
…estricted pod security standard (zarf-dev#3092)

Signed-off-by: miaoxiang.wang <miaoxiang.wang@philips.com>
Co-authored-by: Austin Abro <37223396+AustinAbro321@users.noreply.github.com>
Signed-off-by: Micah Nagel <micah.nagel@defenseunicorns.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@schristoff schristoff schristoff approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Miaoxiang-philips @AustinAbro321 @schristoff