Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LimitRanger and PodSecurityPolicy need to check more on init containers #29356

Merged
merged 3 commits into from
Jul 27, 2016
Merged

LimitRanger and PodSecurityPolicy need to check more on init containers #29356

merged 3 commits into from
Jul 27, 2016

Conversation

smarterclayton
Copy link
Contributor

Container limits not applied to init containers. HostPorts not checked on podsecuritypolicy

@pweil- @derekwaynecarr

@k8s-github-robot k8s-github-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. release-note-label-needed labels Jul 21, 2016
@smarterclayton
InitContainers are not checked for hostPort ranges
affd79f 
PodSecurityPolicy must verify that host port ranges are guarded on init
containers.
@smarterclayton
Container limits are not applied to InitContainers
51f4d7c 
InitContainers should be checked against limit rangers
@smarterclayton
Init containers are not respected in initial resources
522930b 
Seeds init containers just like regular containers
@k8s-github-robot k8s-github-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jul 21, 2016
@smarterclayton
Copy link
Contributor Author

@kubernetes/autoscaling for someone to review initial resources changes

@piosz piosz self-assigned this Jul 21, 2016
@piosz
Copy link
Member

piosz commented Jul 21, 2016

LGTM for IR part

@pweil-
Copy link
Contributor

pweil- commented Jul 21, 2016

hostPorts LGTM. I'll take a TODO on this to look closer at these calls and refactor them. It looks like old cruft from when PSC was introduced, they should really just be passing in the container that was given to the method call and it wouldn't have missed initContainers in that case. As-is it looks like you can receive duplicate errors which is annoying.

@smarterclayton
Copy link
Contributor Author

@derekwaynecarr just needs review from you then

@derekwaynecarr derekwaynecarr self-assigned this Jul 25, 2016
@derekwaynecarr
Copy link
Member

LGTM

@derekwaynecarr derekwaynecarr added lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. and removed release-note-label-needed labels Jul 25, 2016
@smarterclayton
Copy link
Contributor Author

@k8s-bot test this issue #IGNORE

@k8s-bot
Copy link

k8s-bot commented Jul 27, 2016

GCE e2e build/test passed for commit 522930b.

@k8s-github-robot
Copy link

@k8s-bot test this [submit-queue is verifying that this PR is safe to merge]

@k8s-bot
Copy link

k8s-bot commented Jul 27, 2016

GCE e2e build/test passed for commit 522930b.

@k8s-github-robot
Copy link

Automatic merge from submit-queue

@k8s-github-robot k8s-github-robot merged commit 3301f6d into kubernetes:master Jul 27, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@pweil- pweil-

@derekwaynecarr derekwaynecarr

@piosz piosz

Labels
lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@smarterclayton @piosz @pweil- @derekwaynecarr @k8s-bot @k8s-github-robot @googlebot @brendandburns