Open maxsmythe opened 1 month ago
Looks like there may be a bug in the Rego side... I'll take a look in a bit
Rego fixed ... pod-level security context retrieval did not take into account that it was a child of spec
@maxsmythe do we want to update the policy version to 1.1.0
since we are updating rego and adding cel as well?
@JaydipGabani SGTM. Is there anything special we need to do for that? Or just update the annotation?
@JaydipGabani SGTM. Is there anything special we need to do for that? Or just update the annotation?
@maxsmythe Updating annotations and running make generate-all
should work. It will generate files for artifact-hub as well.
bumped minor version
Fixes #541
I'm guessing the k8s tests are failing because securityContext.appArmorProfile only exists as of k8s 1.30?
@maxsmythe we are running tests with kind: 0.17.0 and that seems to have k8s 1.25.3. So I agree, I think that would be the reason as well.
For context... here is how the applicable apparmor profile is derived:
https://github.com/kubernetes/kubernetes/blob/master/pkg/security/apparmor/helpers.go#L55-L76