Open Srihari1192 opened 12 months ago
Downstream tests with cluster FIPS enabled mode looks good https://opendatascience-jenkins-csb-rhods.apps.ocp-c1.prod.psi.redhat.com/job/distributed-workloads/job/rhods-dw-smoke/22/
While running upstream tests against the cluster in codeflare operator with FIPS Enabled mode Noticed below warnings
mnist_raycluster_sdk_test.go:70: Created ConfigMap test-ns-mdmdq/mnist-raycluster-sdk successfully
W1011 14:41:01.398608 41981 warnings.go:70] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "test" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "test" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "test" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "test" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
mnist_raycluster_sdk_test.go:205: Created Job test-ns-mdmdq/sdk successfully
Static scanning for operator images check-payload is done and no Errors/warnings noticed
Created the PR for fixing the test TestMNISTRayClusterSDK to avoid pod security warning https://github.com/project-codeflare/codeflare-operator/pull/360
Investigate and implement the FIPS compliance testing for the Distributed Workloads stack, ensuring that it adheres to the required security standards mandated by FIPS .
References: https://docs.openshift.com/container-platform/4.12/installing/installing-fips.html