feat: make zarf-agent pods comply with offical restricted pod security standard #3036
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
✅ Deploy Preview for zarf-docs canceled.
|
|
Made an non-impactful change to fix my commit not being verified as seen in commit #2 |
|
@Ansible-man thanks for making this. Could you also fix the dco error by following these instructions |
Codecov ReportAll modified and coverable lines are covered by tests ✅ |
AustinAbro321
changed the title
AustinAbro321
changed the title
AustinAbro321
previously approved these changes
Sep 26, 2024
|
@AustinAbro321 I should be able to do that tomorrow at some point. Thank you and happy to help where I can! |
Hi @AustinAbro321 It seems that the DCO problem has not been solved, do you need help? |
|
Is there still something I need to do here?
…On Thu, Oct 10, 2024, 12:54 AM Miaoxiang ***@***.***> wrote:
@AustinAbro321 <https://github.com/AustinAbro321> I should be able to do
that tomorrow at some point. Thank you and happy to help where I can!
Hi @AustinAbro321 <https://github.com/AustinAbro321> It seems that the
DCO problem has not been solved, do you need help?
—
Reply to this email directly, view it on GitHub
<#3036 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AWHLQRSPVOUNACN5EAYI5ELZ2YJB3AVCNFSM6AAAAABO4A5AKCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMBUGA4TMOJUGU>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
@Ansible-man could you resolve DCO? |
|
Part of #2757 |
@Ansible-man You can follow the prompts to execute the commands
|
|
Hey @Ansible-man - we really appreciate this PR. If you could follow the steps outlined above we can get this merged. If you're unable to do that within the next week, we will have to close this and merge this with a signed DCO under someone else. Thanks! |
|
I will look into this tomorrow afternoon
…On Thu, Oct 17, 2024, 12:45 PM schristoff ***@***.***> wrote:
Hey @Ansible-man <https://github.com/Ansible-man> - we really appreciate
this PR. If you could follow the steps outlined above we can get this
merged. If you're unable to do that within the next week, we will have to
close this and merge this with a signed DCO under someone else.
Thanks!
—
Reply to this email directly, view it on GitHub
<#3036 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AWHLQRVJF44EMZTD5OJGRNTZ37ZSJAVCNFSM6AAAAABO4A5AKCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMRQGEZTKMZZG4>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
…stricted PSS Signed-off-by: Cade Thomas <[email protected]>
…stricted PSS Signed-off-by: Cade Thomas <[email protected]>
Signed-off-by: schristoff <[email protected]> Signed-off-by: Cade Thomas <[email protected]>
|
Sorry that took so long @schristoff . I just got around to reading everything. If that did not fix it let me know and I will get right back on it. Looking forward to helping out more in the future |
|
@Ansible-man could you rebase? |
|
I followed the instructions highlighted and the DCO errors seem to be gone.
What else do I need to do?
…On Tue, Oct 22, 2024, 4:26 AM Philip Laine ***@***.***> wrote:
@Ansible-man <https://github.com/Ansible-man> could you rebase?
—
Reply to this email directly, view it on GitHub
<#3036 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AWHLQRT6AXZ73NPVWJLPNSTZ4YR7HAVCNFSM6AAAAABO4A5AKCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMRYHEYDANJVGY>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
@Ansible-man there is a conflict with a change done in main which needs to be resolved before we can merge. |
|
Okay, I will be back home Thursday and I will resolve.
…On Wed, Oct 23, 2024, 3:50 AM Philip Laine ***@***.***> wrote:
@Ansible-man <https://github.com/Ansible-man> there is a conflict with a
change done in main which needs to be resolved before we can merge.
—
Reply to this email directly, view it on GitHub
<#3036 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AWHLQRQMAER3NFT5KN6JZRTZ45WO7AVCNFSM6AAAAABO4A5AKCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMZRGU2TMOBVGQ>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
Let me know if that resolved it |
phillebaba
reviewed
Oct 25, 2024
src/test/nightly/ecr_publish_test.go
Outdated
| @@ -61,6 +61,8 @@ func TestECRPublishing(t *testing.T) { | |||
| // Ensure we get a warning when trying to inspect the online published package | |||
| stdOut, stdErr, err = e2e.Zarf(t, "package", "inspect", upstreamPackageURL, keyFlag, "--sbom-out", tmpDir, "--skip-signature-validation") | |||
| require.NoError(t, err, stdOut, stdErr) | |||
| require.Contains(t, stdErr, "Validating SBOM checksums") | |||
There was a problem hiding this comment.
Why is this being added to the test? Can we remove this.
There was a problem hiding this comment.
Yeah I will rebase again and remove it. Not sure how it got in there.
…1.20.5 (zarf-dev#3143) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Cade Thomas <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Cade Thomas <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Cade Thomas <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Cade Thomas <[email protected]>
zarf-dev#3144) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Cade Thomas <[email protected]>
Signed-off-by: Cade Thomas <[email protected]>
Signed-off-by: Cade Thomas <[email protected]>
Signed-off-by: Cade Thomas <[email protected]>
|
5th time a charm? |
phillebaba
approved these changes
Nov 1, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Comply with k8s restricted pod security standard
Description
Adds security context to zarf-agent to ensure compliance with Kubernetes restricted pod security standard used in high security environments.
...
Related Issue
Fixes #2932
Relates to #
Checklist before merging