CMP-2666: Added SPO 0.8.4 release notes #79305
Conversation
|
@sheriff-rh: This pull request references CMP-2666 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the sub-task to target the "4.17.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-ci-robot
added
the
jira/valid-reference
|
@sheriff-rh: This pull request references CMP-2666 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the sub-task to target the "4.17.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-ci
bot
added
the
size/XS
|
@sheriff-rh: This pull request references CMP-2666 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the sub-task to target the "4.17.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-ci
bot
added
size/S
sheriff-rh
force-pushed
the
CMP-2666
branch
7 times, most recently
from
4f98cce to
a797fd1
Compare
sheriff-rh
added
the
peer-review-needed
modules/spo-binding-workloads.adoc
Outdated
| @@ -35,10 +35,16 @@ spec: | |||
| profileRef: | |||
| kind: {kind} <1> | |||
| name: profile <2> | |||
| image: quay.io/security-profiles-operator/test-nginx-unprivileged:1.21 | |||
| image: quay.io/security-profiles-operator/test-nginx-unprivileged:1.21 <3> | |||
| ---- | |||
| <1> The `kind:` variable refers to the name of the profile. | |||
There was a problem hiding this comment.
Maybe better to be:
The kind variable refers to the kind of the profile.
| @@ -35,10 +35,16 @@ spec: | |||
| profileRef: | |||
| kind: {kind} <1> | |||
| name: profile <2> | |||
| image: quay.io/security-profiles-operator/test-nginx-unprivileged:1.21 | |||
| image: quay.io/security-profiles-operator/test-nginx-unprivileged:1.21 <3> | |||
| ---- | |||
| <1> The `kind:` variable refers to the name of the profile. | |||
| <2> The `name:` variable refers to the name of the profile. | |||
There was a problem hiding this comment.
Maybe better to be:
The name variable refers to the name of the profile.
modules/spo-binding-workloads.adoc
Outdated
| + | ||
| [IMPORTANT] | ||
| ==== | ||
| Using the `image: "*"` wildcard attribute binds all pods with a default security profile in a given namespace. |
There was a problem hiding this comment.
@Vincent056 I am unsure about two points. Could you please help to double confirm? Thanks.
Firstly, I tested this function. Actually, it only works for newly created pods(it doesn't work for the existing pods before profilebinding created). Maybe we can say
Using the image: "*" wildcard attribute binds all new pods with a default security profile in a given namespace.
Secondly, there is a Import severity bug when trying to delete the profilebinding: https://issues.redhat.com/browse/OCPBUGS-37557. Do we need to add it to doc? Thanks.
There was a problem hiding this comment.
@Vincent056 I am unsure about two points. Could you please help to double confirm? Thanks. Firstly, I tested this function. Actually, it only works for newly created pods(it doesn't work for the existing pods before profilebinding created). Maybe we can say Using the
image: "*"wildcard attribute binds all new pods with a default security profile in a given namespace.Secondly, there is a Import severity bug when trying to delete the profilebinding: https://issues.redhat.com/browse/OCPBUGS-37557. Do we need to add it to doc? Thanks.
that's correct, it will not work for the old pods.
for second, have you removed all the pods that uses the binding before you remove the profile @xiaojiey
There was a problem hiding this comment.
I addressed @xiaojiey's feedback, updating the text in the callouts and changing the note to "binds new pods...".
Anything else I can add? @Vincent056 @BhargaviGudi
|
@sheriff-rh: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
All feedback has been addressed, Vincent was unable to duplicate the bug Xiaojie ran into. I will publish this for now so that customers have the information pertaining to the release. If we need to make further corrections, we can do tomorrow or next week. Thanks all! Merging to 4.12+. |
|
/cherrypick enterprise-4.17 |
|
/cherrypick enterprise-4.16 |
|
/cherrypick enterprise-4.15 |
|
/cherrypick enterprise-4.14 |
|
/cherrypick enterprise-4.13 |
|
/cherrypick enterprise-4.12 |
|
@sheriff-rh: new pull request created: #79514 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@sheriff-rh: new pull request created: #79515 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@sheriff-rh: new pull request created: #79516 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@sheriff-rh: new pull request created: #79517 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@sheriff-rh: new pull request created: #79518 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@sheriff-rh: new pull request created: #79519 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Version(s):
4.12+
Issue:
https://issues.redhat.com/browse/CMP-2666
Link to docs preview:
Security Profiles Operator 0.8.4
79305--ocpdocs-pr.netlify.app/openshift-enterprise/latest/security/security_profiles_operator/spo-seccomp.html
79305--ocpdocs-pr.netlify.app/openshift-enterprise/latest/security/security_profiles_operator/spo-selinux.html
QE review:
Additional information:
None