chore: Add securitycontext for PSS PoC (rootless Kubeflow) #11462
Conversation
juliusvonkohout
changed the title
juliusvonkohout
changed the title
juliusvonkohout
force-pushed
the
patch-26
branch
from
45d949a to
ed593b6
Compare
biswassri
force-pushed
the
patch-26
branch
2 times, most recently
from
580147a to
df2c7fc
Compare
|
Thank you. It is essential, that you sign your commits or you will break the DCO test and we cannot merge Remaining patches for pipelines from https://github.com/kubeflow/manifests/tree/master/contrib/security/PSS/patches:
|
|
Approvals successfully granted for pending runs. |
juliusvonkohout
force-pushed
the
patch-26
branch
3 times, most recently
from
9b15e90 to
cdb5c46
Compare
|
@juliusvonkohout I think I got in most of the patches in. Please let me know if I got something wrong. Also I wasn't sure where to update |
|
@biswassri please check out https://github.com/juliusvonkohout/pipelines/blob/patch-26/manifests/kustomize/third-party/metacontroller/base/stateful-set.yaml. We should also update it to the latest release in a separate PR https://github.com/metacontroller/metacontroller/releases/tag/v4.11.21. So please modify in a separate PR https://github.com/juliusvonkohout/pipelines/blob/5587d9acc25dd96b596a491af3f38f7c3f885469/manifests/kustomize/third-party/metacontroller/base/stateful-set.yaml#L42 from docker.io/metacontrollerio/metacontroller:v2.0.4 to ghcr.io/metacontroller/metacontroller:v4.11.21 |
|
/ok-to-test |
|
@rimolive @HumairAK we need to update metacontroller since dockerhub will be removed in the future according to https://github.com/metacontroller/metacontroller/releases/tag/v4.11.21 |
biswassri
force-pushed
the
patch-26
branch
2 times, most recently
from
4aed65a to
7242a2f
Compare
|
@juliusvonkohout I updated the metacontroller security patch as well. Created a separate PR for the image update. #11474 |
|
/ok-to-test |
|
Approvals successfully granted for pending runs. |
Signed-off-by: biswassri <[email protected]> Update ml-pipeline-scheduledworkflow-deployment.yaml Signed-off-by: juliusvonkohout <[email protected]> Update ml-pipeline-persistenceagent-deployment.yaml Upstreaming off pss patches Signed-off-by: Julius von Kohout <[email protected]> Updating server,ui,visualization,veiwercrd deployment yaml Signed-off-by: biswassri <[email protected]> Signed-off-by: juliusvonkohout <[email protected]> Updating remaining PSS patches Signed-off-by: biswassri <[email protected]>
juliusvonkohout
force-pushed
the
patch-26
branch
from
7242a2f to
8b72102
Compare
|
@biswassri I have squashed all commits and now the DCO is satisfied :-D |
|
/assign @HumairAK |
|
/assign @hbelmiro |
|
@rimolive this is a blocker for kubeflow/manifests 1.10 release / roadmap and kubeflow/manifests#2528 |
Signed-off-by: juliusvonkohout <[email protected]>
|
/lgtm Thanks @juliusvonkohout ! |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: HumairAK The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Description of your changes:
upstream what we have in https://github.com/kubeflow/manifests/tree/master/contrib/security/PSS to make PSS enforcable
and enjoy a rootless Kubeflow kubeflow/manifests#2528
Checklist: