Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

small security improvements #654

Merged
merged 2 commits into from
Mar 14, 2024
Merged

small security improvements #654

merged 2 commits into from
Mar 14, 2024

Conversation

SchSeba
Copy link
Collaborator

@SchSeba SchSeba commented Mar 12, 2024

  • add runAsNonRoot=true
  • add readOnlyRootFilesystem=true
  • add allowPrivilegeEscalation=false

for operator network injector and operator webhook

@SchSeba
small security improvements
0e821f2 
* add runAsNonRoot=true
* add readOnlyRootFilesystem=true
* add allowPrivilegeEscalation=false

for operator network injector and operator webhook

Signed-off-by: Sebastian Sch <[email protected]>
@github-actions GitHub Actions
Copy link

Thanks for your PR,
To run vendors CIs use one of:

  • /test-all: To run all tests for all vendors.
  • /test-e2e-all: To run all E2E tests for all vendors.
  • /test-e2e-nvidia-all: To run all E2E tests for NVIDIA vendor.

To skip the vendors CIs use one of:

  • /skip-all: To skip all tests for all vendors.
  • /skip-e2e-all: To skip all E2E tests for all vendors.
  • /skip-e2e-nvidia-all: To skip all E2E tests for NVIDIA vendor.
    Best regards.

@coveralls
Copy link

coveralls commented Mar 12, 2024
edited
Loading

Pull Request Test Coverage Report for Build 8264574655

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • 5 unchanged lines in 2 files lost coverage.
  • Overall coverage decreased (-0.04%) to 35.883%
Files with Coverage Reduction New Missed Lines %
controllers/sriovibnetwork_controller.go 2 68.94%
api/v1/helper.go 3 45.33%
Totals Coverage Status
Change from base Build 8234792093: -0.04%
Covered Lines: 4429
Relevant Lines: 12343
💛 - Coveralls

zeeke
zeeke approved these changes Mar 12, 2024
View reviewed changes
Copy link
Member

@zeeke zeeke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

ykulazhenkov
ykulazhenkov approved these changes Mar 13, 2024
View reviewed changes
Copy link
Collaborator

@ykulazhenkov ykulazhenkov left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@SchSeba
Copy link
Collaborator Author

SchSeba commented Mar 13, 2024

/hold

checking why k8s is not able to deploy the pods

@github-actions github-actions bot added the hold label Mar 13, 2024
@github-actions GitHub Actions
Copy link

Thanks for your PR,
To run vendors CIs use one of:

  • /test-all: To run all tests for all vendors.
  • /test-e2e-all: To run all E2E tests for all vendors.
  • /test-e2e-nvidia-all: To run all E2E tests for NVIDIA vendor.

To skip the vendors CIs use one of:

  • /skip-all: To skip all tests for all vendors.
  • /skip-e2e-all: To skip all E2E tests for all vendors.
  • /skip-e2e-nvidia-all: To skip all E2E tests for NVIDIA vendor.
    Best regards.

@SchSeba
Copy link
Collaborator Author

SchSeba commented Mar 13, 2024

waiting for k8snetworkplumbingwg/network-resources-injector#150

@SchSeba
Copy link
Collaborator Author

SchSeba commented Mar 14, 2024

/hold cancel

@github-actions github-actions bot removed the hold label Mar 14, 2024
@zeeke zeeke merged commit 7c075aa into k8snetworkplumbingwg:master Mar 14, 2024
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ykulazhenkov ykulazhenkov ykulazhenkov approved these changes

@zeeke zeeke zeeke approved these changes

@e0ne e0ne e0ne approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@SchSeba @coveralls @e0ne @zeeke @ykulazhenkov