Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(backend): Add securitycontext for k8s 1.25 #1132

Merged
merged 1 commit into from
Jan 26, 2023

Conversation

yhwang
Copy link
Member

@yhwang yhwang commented Jan 26, 2023

Description of your changes:
For k8s 1.25, a securityContext definition is needed for a pod. Add proper security context to pipelineloop controler and webhook

Signed-off-by: Yihong Wang [email protected]

Checklist:

@google-oss-prow
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: yhwang

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@Tomcli
Copy link
Member

Tomcli commented Jan 26, 2023

Thanks @yhwang, I was looking into how to run pipelineloop without root for 1.25 but hitting some issues with the new customrun crd. I can merge your PR first as the temporary solution.

@yhwang
Copy link
Member Author

yhwang commented Jan 26, 2023

the reason is that the tekton-pipelines ns has this annotation: pod-security.kubernetes.io/enforce: restricted. therefore, the deployments of pipelineloop controller/webhook need to have a securitycontext

@yhwang
Copy link
Member Author

yhwang commented Jan 26, 2023

BTW, we also need this for kubeflow v1.7

@Tomcli
Copy link
Member

Tomcli commented Jan 26, 2023

@yhwang can you rebase this pr? I can patch this to our 1.5 branch once it's merged and cut 1.5.1 release

For k8s 1.25, a securityContext definition is needed for a pod.
Add proper security context to pipelineloop controler and webhook

Signed-off-by: Yihong Wang <[email protected]>
@yhwang
Copy link
Member Author

yhwang commented Jan 26, 2023

rebased

@Tomcli
Copy link
Member

Tomcli commented Jan 26, 2023

/lgtm

@google-oss-prow google-oss-prow bot added the lgtm label Jan 26, 2023
@google-oss-prow google-oss-prow bot merged commit a7db1c1 into kubeflow:master Jan 26, 2023
@yhwang yhwang deleted the update-pipelineloop branch January 26, 2023 18:11
Tomcli pushed a commit that referenced this pull request Jan 26, 2023
For k8s 1.25, a securityContext definition is needed for a pod.
Add proper security context to pipelineloop controler and webhook

Signed-off-by: Yihong Wang <[email protected]>

Signed-off-by: Yihong Wang <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants