Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dual OCP and nonOCP compatibility adjustments #491

Open
wants to merge 15 commits into
base: main
Choose a base branch
from
Open

Dual OCP and nonOCP compatibility adjustments #491

wants to merge 15 commits into from
+64 −24

Conversation

greyerof
Copy link
Contributor

@greyerof greyerof commented Sep 16, 2024
edited
Loading

Fixes to make it compatible with SNO and OCP, but also to prepare samples for
more securityContext's fields checks.

Specific to special-dp pods:

  • Added template for replica number in special-dp to make it compatible with
    SNO clusters.
  • Affinity rule updated to use "operator: Exists", since those labels don't
    have any value in real OCP clusters.

Other changes:

  • Added pod/container securityContext fields depending on whether the test
    pods are deployed in Kind or Openshift. For OCP, most fields are not needed
    as they're set by SCC policies, whereas in Kind they must be explicitly set.
    Otherwise, some access-control test cases might fail.
  • Moved REPLICAS env var setting to init-env.sh script.
  • Avoid creating file in /tmp to prepare pods to pass the
    readOnlyRootFilesystem check.

greyerof and others added 5 commits September 16, 2024 16:58
@greyerof
Deployment special adjustments.
9e145f8 
- Replica count set from template var to make it compatible with SNO
 clusters using "REPLICAS=1 make install".
- Affinity rule updated to use "operator: Exists", since those labels
  don't have any value in real OCP clusters.
@greyerof
Merge branch 'main' into special-dp-adjustments
bda0a43
@greyerof
Fixed pdb for special deployment.
a96f852 
Also:
- Added runAsNonRoot to securityContext of all test pods.
- Moved REPLICAS env var setting to init-env.sh script.
- Avoid creating file in /tmp to prepare pods to pass the
  readOnlyRootFilesystem check.
@greyerof
Linter fix: added empty last line to init-env.sh
1314a08
@greyerof
Added securityContext.runAsUser field for non-ocp clusters.
4903479
@greyerof greyerof changed the title Deployment special adjustments. Dual OCP and nonOCP compatibility adjustments Sep 17, 2024
@greyerof
Copy link
Contributor Author

Everything works except for the "check results" step, where the failing check is now passing (which is the purpose of some of the modifications):

------------------------------------------------------------------------------------------------
| TEST_CASE                                                  EXPECTED_RESULT     ACTUAL_RESULT |
------------------------------------------------------------------------------------------------
| access-control-security-context                                     FAILED            PASSED |
------------------------------------------------------------------------------------------------

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@edcdavid edcdavid edcdavid approved these changes

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@greyerof @edcdavid