Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deploy: configurable podSecurityContexts in ceph-csi-cephfs chart #4664

Merged
merged 1 commit into from
Jun 10, 2024
Merged

deploy: configurable podSecurityContexts in ceph-csi-cephfs chart #4664

merged 1 commit into from
Jun 10, 2024

Conversation

1602077
Copy link
Contributor

@1602077 1602077 commented Jun 5, 2024

Describe what this PR does

  • Pod level security context are configurable via helm values.yaml for provisioner deployment and nodeplugin daemonset with a default of no securityContext specified.

Fixes: #4663

Checklist:

  • Commit Message Formatting: Commit titles and messages follow
    guidelines in the developer
    guide    .
  • Reviewed the developer guide on Submitting a Pull
    Request
  • Pending release
    notes
    updated with breaking and/or notable changes for the next major release.
  • Documentation has been updated, if necessary.
  • Unit tests have been added, if necessary.
  • Integration tests have been added, if necessary.

@1602077 1602077 force-pushed the deploy/ceph-csi-cephfs-podsecuritycontext branch from 20b0d8a to fbe07e6 Compare June 5, 2024 11:27
@nixpanic nixpanic added the component/deployment Helm chart, kubernetes templates and configuration Issues/PRs label Jun 5, 2024
nixpanic
nixpanic previously approved these changes Jun 5, 2024
View reviewed changes
@nixpanic nixpanic requested a review from a team June 5, 2024 15:54
@nixpanic
Copy link
Member

nixpanic commented Jun 5, 2024

Looks good to me, thanks for the PR!

Rakshith-R
Rakshith-R previously approved these changes Jun 6, 2024
View reviewed changes
Madhu-1
Madhu-1 previously approved these changes Jun 6, 2024
View reviewed changes
Copy link
Collaborator

@Madhu-1 Madhu-1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@1602077 LGTM, can you add the same for RBD as well in followup PR?

@1602077 1602077 mentioned this pull request Jun 6, 2024
Merged
6 tasks
@1602077
Copy link
Contributor Author

1602077 commented Jun 6, 2024

Cheers for the quick review much appreciated!

Have replicated changes for rbd in follow up PR.

@nixpanic
Copy link
Member

nixpanic commented Jun 7, 2024

@Mergifyio rebase

@nixpanic nixpanic force-pushed the deploy/ceph-csi-cephfs-podsecuritycontext branch from fbe07e6 to 99acd03 Compare June 7, 2024 07:05
@mergify Mergify
Copy link
Contributor

mergify bot commented Jun 7, 2024

rebase

✅ Branch has been successfully rebased

@nixpanic
Copy link
Member

nixpanic commented Jun 7, 2024

@Mergifyio queue

@mergify Mergify
Copy link
Contributor

mergify bot commented Jun 7, 2024
edited
Loading

queue

🛑 The pull request has been removed from the queue default

The queue conditions cannot be satisfied due to failing checks.

You can take a look at Queue: Embarked in merge queue check runs for more details.

In case of a failure due to a flaky test, you should first retrigger the CI.
Then, re-embark the pull request into the merge queue by posting the comment
@mergifyio refresh on the pull request.

@mergify mergify bot added the ok-to-test Label to trigger E2E tests label Jun 7, 2024
@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/k8s-e2e-external-storage/1.28

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/upgrade-tests-cephfs

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/k8s-e2e-external-storage/1.27

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e-helm/k8s-1.28

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/k8s-e2e-external-storage/1.29

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/upgrade-tests-rbd

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e-helm/k8s-1.27

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e/k8s-1.28

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e-helm/k8s-1.29

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/k8s-e2e-external-storage/1.30

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e/k8s-1.27

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e/k8s-1.29

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e-helm/k8s-1.30

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e/k8s-1.30

@ceph-csi-bot ceph-csi-bot removed the ok-to-test Label to trigger E2E tests label Jun 7, 2024
@nixpanic
Copy link
Member

/retest ci/centos/upgrade-tests-cephfs

2 similar comments
@nixpanic
Copy link
Member

/retest ci/centos/upgrade-tests-cephfs

@nixpanic
Copy link
Member

/retest ci/centos/upgrade-tests-cephfs

@nixpanic
Copy link
Member

@nixpanic Okay sounds good - the CI looks to be stuck in an infinite loop when trying to request the required infra to run the e2e tests

Not sure why there were issues in the CI, but after upgrading Jenkins and cleaning up stuck jobs all seems to be working again 🥳

@nixpanic nixpanic added the ok-to-test Label to trigger E2E tests label Jun 10, 2024
@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/upgrade-tests-cephfs

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/k8s-e2e-external-storage/1.29

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/upgrade-tests-rbd

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/k8s-e2e-external-storage/1.27

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e-helm/k8s-1.29

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e-helm/k8s-1.27

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/k8s-e2e-external-storage/1.30

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e/k8s-1.27

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e/k8s-1.29

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/k8s-e2e-external-storage/1.28

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e-helm/k8s-1.30

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e-helm/k8s-1.28

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e/k8s-1.30

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e/k8s-1.28

@ceph-csi-bot ceph-csi-bot removed the ok-to-test Label to trigger E2E tests label Jun 10, 2024
@nixpanic
Copy link
Member

@nixpanic Okay sounds good - the CI looks to be stuck in an infinite loop when trying to request the required infra to run the e2e tests

Not sure why there were issues in the CI, but after upgrading Jenkins and cleaning up stuck jobs all seems to be working again 🥳

Oh.... maybe not all. Still some intermediate internal networking issues pulling container images 😭

@nixpanic
Copy link
Member

/retest ci/centos/upgrade-tests

@nixpanic
Copy link
Member

/retest ci/centos/k8s-e2e-external-storage/1.28

@nixpanic
Copy link
Member

/retest ci/centos/k8s-e2e-external-storage/1.29

@nixpanic
Copy link
Member

/retest ci/centos/mini-e2e-helm/k8s-1.27

@nixpanic
Copy link
Member

/retest ci/centos/mini-e2e-helm/k8s-1.30

@nixpanic
Copy link
Member

/retest ci/centos/mini-e2e/k8s-1.30

@mergify mergify bot merged commit ea42a0e into ceph:devel Jun 10, 2024
63 checks passed
@1602077 1602077 deleted the deploy/ceph-csi-cephfs-podsecuritycontext branch June 10, 2024 14:31
@1602077
Copy link
Contributor Author

1602077 commented Aug 5, 2024

Hey @nixpanic - Is there currently a planned release data for v3.12 of ceph-csi-cephfs?

We would like to include this in our september release as part of a wider effort to enable selinux policies within our environments.

Cheers,
Jack

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nixpanic nixpanic nixpanic approved these changes

@Madhu-1 Madhu-1 Madhu-1 approved these changes

@Rakshith-R Rakshith-R Awaiting requested review from Rakshith-R

Assignees
No one assigned
Labels
component/deployment Helm chart, kubernetes templates and configuration Issues/PRs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

allow podSecurityContexts to be set in nodeplugin and provisioner of chart ceph-csi-cephfs
5 participants
@1602077 @nixpanic @ceph-csi-bot @Madhu-1 @Rakshith-R