search

openshift / sandboxed-containers-operator

An operator to enhance an Openshift/Kubernetes cluster to support running sandboxed containers
Apache License 2.0
37 stars 41 forks source link

podvm: allow setting custom agent-policy #434

Closed snir911 closed 3 months ago

snir911 commented 3 months ago

by having custom.rego file set as agent policy CM

kubectl create configmap agent-policy --from-file=<path/to/custom.rego> -n openshift-sandboxed-containers-operator

also use relative links is it essential when passed to packer

do not merge

I failed to test yet due to (probably) unaltered issues

bpradipt commented 3 months ago

Tested this successfully by building a new image

oc exec -it hello-b -- sh
error: Internal error occurred: error executing command in container: cannot enter container 6d9c0d50f7640003baed372f0804ada60e8f04ce8222a0de8ab6b6f48de6411c, with err rpc error: code = PermissionDenied desc = "ExecProcessRequest is blocked by policy: ": unknown
openshift-ci[bot] commented 3 months ago

@snir911: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/check 63fa0f9df5a37231497f3b4f6cb392daf9e05bfb link false /test check

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).