-
Notifications
You must be signed in to change notification settings - Fork 173
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: make zarf-agent pods comply with offical restricted pod security standard #3036
Conversation
✅ Deploy Preview for zarf-docs canceled.
|
Made an non-impactful change to fix my commit not being verified as seen in commit #2 |
@Ansible-man thanks for making this. Could you also fix the dco error by following these instructions |
Codecov ReportAll modified and coverable lines are covered by tests ✅ |
@AustinAbro321 I should be able to do that tomorrow at some point. Thank you and happy to help where I can! |
Hi @AustinAbro321 It seems that the DCO problem has not been solved, do you need help? |
Is there still something I need to do here?
…On Thu, Oct 10, 2024, 12:54 AM Miaoxiang ***@***.***> wrote:
@AustinAbro321 <https://github.com/AustinAbro321> I should be able to do
that tomorrow at some point. Thank you and happy to help where I can!
Hi @AustinAbro321 <https://github.com/AustinAbro321> It seems that the
DCO problem has not been solved, do you need help?
—
Reply to this email directly, view it on GitHub
<#3036 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AWHLQRSPVOUNACN5EAYI5ELZ2YJB3AVCNFSM6AAAAABO4A5AKCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMBUGA4TMOJUGU>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
@Ansible-man could you resolve DCO? |
Part of #2757 |
@Ansible-man You can follow the prompts to execute the commands |
Hey @Ansible-man - we really appreciate this PR. If you could follow the steps outlined above we can get this merged. If you're unable to do that within the next week, we will have to close this and merge this with a signed DCO under someone else. Thanks! |
I will look into this tomorrow afternoon
…On Thu, Oct 17, 2024, 12:45 PM schristoff ***@***.***> wrote:
Hey @Ansible-man <https://github.com/Ansible-man> - we really appreciate
this PR. If you could follow the steps outlined above we can get this
merged. If you're unable to do that within the next week, we will have to
close this and merge this with a signed DCO under someone else.
Thanks!
—
Reply to this email directly, view it on GitHub
<#3036 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AWHLQRVJF44EMZTD5OJGRNTZ37ZSJAVCNFSM6AAAAABO4A5AKCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMRQGEZTKMZZG4>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
…stricted PSS Signed-off-by: Cade Thomas <[email protected]>
…stricted PSS Signed-off-by: Cade Thomas <[email protected]>
Signed-off-by: schristoff <[email protected]> Signed-off-by: Cade Thomas <[email protected]>
Sorry that took so long @schristoff . I just got around to reading everything. If that did not fix it let me know and I will get right back on it. Looking forward to helping out more in the future |
@Ansible-man could you rebase? |
I followed the instructions highlighted and the DCO errors seem to be gone.
What else do I need to do?
…On Tue, Oct 22, 2024, 4:26 AM Philip Laine ***@***.***> wrote:
@Ansible-man <https://github.com/Ansible-man> could you rebase?
—
Reply to this email directly, view it on GitHub
<#3036 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AWHLQRT6AXZ73NPVWJLPNSTZ4YR7HAVCNFSM6AAAAABO4A5AKCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMRYHEYDANJVGY>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
@Ansible-man there is a conflict with a change done in main which needs to be resolved before we can merge. |
Okay, I will be back home Thursday and I will resolve.
…On Wed, Oct 23, 2024, 3:50 AM Philip Laine ***@***.***> wrote:
@Ansible-man <https://github.com/Ansible-man> there is a conflict with a
change done in main which needs to be resolved before we can merge.
—
Reply to this email directly, view it on GitHub
<#3036 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AWHLQRQMAER3NFT5KN6JZRTZ45WO7AVCNFSM6AAAAABO4A5AKCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMZRGU2TMOBVGQ>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Let me know if that resolved it |
src/test/nightly/ecr_publish_test.go
Outdated
@@ -61,6 +61,8 @@ func TestECRPublishing(t *testing.T) { | |||
// Ensure we get a warning when trying to inspect the online published package | |||
stdOut, stdErr, err = e2e.Zarf(t, "package", "inspect", upstreamPackageURL, keyFlag, "--sbom-out", tmpDir, "--skip-signature-validation") | |||
require.NoError(t, err, stdOut, stdErr) | |||
require.Contains(t, stdErr, "Validating SBOM checksums") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is this being added to the test? Can we remove this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah I will rebase again and remove it. Not sure how it got in there.
…1.20.5 (zarf-dev#3143) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Cade Thomas <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Cade Thomas <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Cade Thomas <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Cade Thomas <[email protected]>
zarf-dev#3144) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Cade Thomas <[email protected]>
Signed-off-by: Cade Thomas <[email protected]>
Signed-off-by: Cade Thomas <[email protected]>
Signed-off-by: Cade Thomas <[email protected]>
5th time a charm? |
…y standard (zarf-dev#3036) Signed-off-by: Cade Thomas <[email protected]> Signed-off-by: schristoff <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Cade Thomas <[email protected]> Co-authored-by: schristoff <[email protected]> Co-authored-by: Austin Abro <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Comply with k8s restricted pod security standard
Description
Adds security context to zarf-agent to ensure compliance with Kubernetes restricted pod security standard used in high security environments.
...
Related Issue
Fixes #2932
Relates to #
Checklist before merging