oshoval
commented
1 year ago What about bumping kubevirtci (to take https://github.com/kubevirt/kubevirtci/pull/915) and setting KUBEVIRT_PSA ?
Closed AlonaKaplan closed 1 year ago
oshoval
commented
1 year ago What about bumping kubevirtci (to take https://github.com/kubevirt/kubevirtci/pull/915) and setting KUBEVIRT_PSA ?
AlonaKaplan
commented
1 year ago What about bumping kubevirtci (to take https://github.com/kubevirt/kubevirtci/pull/915) and setting KUBEVIRT_PSA ?
Will be done in a follow up.
oshoval
commented
1 year ago What about bumping kubevirtci (to take kubevirt/kubevirtci#915) and setting KUBEVIRT_PSA ?
Will be done in a follow up.
Why not in this PR ? It is related as it really test the changes, and a small change
oshoval
commented
1 year ago Please notify kubevirtci maintainers about the kubevirtci bug you found that the PSA is enabled even when it is false I suspect that the fact there is this line, make it restrictive even if KUBEVIRT_PSA is disabled (when the file is empty)
oshoval
commented
1 year ago AlonaKaplan
commented
1 year ago /approve
kubevirt-bot
commented
1 year ago [APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: AlonaKaplan
The full list of commands accepted by this bot can be found here.
The pull request process is described here
oshoval
commented
1 year ago Can you please issue a new tag ? need for CNAO / HCO, so it will be PSA ready
What this PR does / why we need it: Make secondary-dns deployment PSA ready
Can be tested by -
kubectl label --dry-run=server --overwrite ns secondary pod-security.kubernetes.io/enforce=restrictedWithout this PR, those kind of warnings are returned -
https://kubernetes.io/docs/concepts/security/pod-security-admission/
Special notes for your reviewer:
Release note: