Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add securityContext items and add pod security labels #2178

Merged
merged 3 commits into from
Oct 9, 2023
Merged

Add securityContext items and add pod security labels #2178

merged 3 commits into from
Oct 9, 2023
+26 −0

Conversation

metalmatze
Copy link
Member

Description

This adds some more securityContext options to prometheus, prometheus-adapter, pyrra and kube-rbac-proxy.
Additionally, adding some pod-security.kubernetes.io warning labels to the namespace. These will inform the cluster admin about warnings but not block the deployment entirely.

Type of change

What type of changes does your code introduce to the kube-prometheus? Put an x in the box that apply.

  • CHANGE (fix or feature that would cause existing functionality to not work as expected)
  • FEATURE (non-breaking change which adds functionality)
  • BUGFIX (non-breaking change which fixes an issue)
  • ENHANCEMENT (non-breaking change which improves existing functionality)
  • NONE (if none of the other choices apply. Example, tooling, build system, CI, docs, etc.)

Changelog entry

Please put a one-line changelog entry below. Later this will be copied to the changelog file.

Add securityContext items and add pod security labels

@metalmatze
Copy link
Member Author

Reviews are appreciated! ☺️

ArthurSens
ArthurSens reviewed Aug 10, 2023
View reviewed changes
Copy link
Member

@ArthurSens ArthurSens left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good to me, but we probably need to understand the test failures in 1.25 and 1.26 🤔

@paulfantom
Copy link
Member

paulfantom commented Oct 7, 2023
edited
Loading

According to our README.md kubernetes 1.25 and 1.26 is not supported on main and as such IMHO we should drop it from test matrix and thus also unblock this PR.

@metalmatze could you rebase so CI configuration is up to date in this PR?

paulfantom
paulfantom approved these changes Oct 7, 2023
View reviewed changes
Copy link
Member

@paulfantom paulfantom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but let's rebase to allow CI kicking in on k8s 1.27 and 1.28

@metalmatze
Copy link
Member Author

Rebased and force-pushed the changes.
Thanks for taking a look @paulfantom! 🙏

@metalmatze metalmatze merged commit ac1f39f into main Oct 9, 2023
20 checks passed
@metalmatze metalmatze deleted the seccomp branch October 9, 2023 16:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ArthurSens ArthurSens ArthurSens left review comments

@paulfantom paulfantom paulfantom approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@metalmatze @paulfantom @ArthurSens