Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AUTH-482: set required-scc for openshift workloads #5310

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

kramaranya
Copy link

What this PR does / why we need it:
This PR pins privileged SCC for the kubevirt-csi-node in the openshift-cluster-csi-drivers namespace. Pinning ensures the workload explicitly uses the required SCC and prevents unintended security vulnerabilities.

This is part of the ongoing task to ensure SCC pinning for all workloads in platform namespaces .

Which issue(s) this PR fixes:
Fixes AUTH-482 and sippy test

Checklist

  • Subject and description added to both, commit and PR.
  • Relevant issues have been referenced.
  • This change includes docs.
  • This change includes unit tests.

Signed-off-by: kramaranya <kramaranya15@gmail.com>
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Dec 17, 2024
@openshift-ci-robot
Copy link

openshift-ci-robot commented Dec 17, 2024

@kramaranya: This pull request references AUTH-482 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target either version "4.19." or "openshift-4.19.", but it targets "openshift-4.16" instead.

In response to this:

What this PR does / why we need it:
This PR pins privileged SCC for the kubevirt-csi-node in the openshift-cluster-csi-drivers namespace. Pinning ensures the workload explicitly uses the required SCC and prevents unintended security vulnerabilities.

This is part of the ongoing task to ensure SCC pinning for all workloads in platform namespaces .

Which issue(s) this PR fixes:
Fixes AUTH-482 and sippy test

Checklist

  • Subject and description added to both, commit and PR.
  • Relevant issues have been referenced.
  • This change includes docs.
  • This change includes unit tests.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot requested review from davidvossel and nirarg December 17, 2024 13:09
@openshift-ci openshift-ci bot added area/control-plane-operator Indicates the PR includes changes for the control plane operator - in an OCP release and removed do-not-merge/needs-area labels Dec 17, 2024
@kramaranya
Copy link
Author

/retest

2 similar comments
@kramaranya
Copy link
Author

/retest

@jparrill
Copy link
Contributor

/retest

Copy link
Contributor

openshift-ci bot commented Dec 19, 2024

@kramaranya: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@bryan-cox
Copy link
Member

/retest

@bryan-cox
Copy link
Member

/approve

Copy link
Contributor

openshift-ci bot commented Dec 19, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bryan-cox, kramaranya

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Dec 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/control-plane-operator Indicates the PR includes changes for the control plane operator - in an OCP release jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants