Skip to content
This repository has been archived by the owner on Jun 28, 2024. It is now read-only.

CC | Merge from main to CCv0 -- Aug 7th, 2023 #5742

Merged
merged 10 commits into from
Aug 7, 2023
Merged

CC | Merge from main to CCv0 -- Aug 7th, 2023 #5742

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
ad8f18e
ci/openshift-ci: Fix the smoke_test permissions
ldoktor Jul 17, 2023
21f3a89
kata-webhook: Fix the webhook's pods permissions
ldoktor Jul 24, 2023
d32ca2d
ci: Initialize GOPATH before it's used
ldoktor Jul 17, 2023
2075a7f
Merge pull request #5712 from ldoktor/http-server
wainersm Jul 26, 2023
6caf9f4
Merge pull request #5714 from ldoktor/go
wainersm Jul 27, 2023
ebc660c
release: Kata Containers 3.2.0-alpha4
fidencio Jul 31, 2023
f2c8a00
Merge pull request #5738 from fidencio/3.2.0-alpha4-branch-bump
fidencio Jul 31, 2023
669964a
release: Kata Containers 3.2.0-rc0
fidencio Aug 2, 2023
0f2c2d8
Merge pull request #5739 from fidencio/3.2.0-rc0-branch-bump
fidencio Aug 2, 2023
72b42d4
CC: Merge from main to CCv0, Aug 7th, 2023
fidencio Aug 7, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 8 additions & 8 deletions .ci/lib.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,14 @@
# SPDX-License-Identifier: Apache-2.0
#

# Ensure GOPATH set
if command -v go > /dev/null; then
export GOPATH=${GOPATH:-$(go env GOPATH)}
else
# if go isn't installed, set default location for GOPATH
export GOPATH="${GOPATH:-$HOME/go}"
fi

export KATA_KSM_THROTTLER=${KATA_KSM_THROTTLER:-no}
export KATA_QEMU_DESTDIR=${KATA_QEMU_DESTDIR:-"/usr"}
export KATA_ETC_CONFIG_PATH="/etc/kata-containers/configuration.toml"
Expand Down Expand Up @@ -36,14 +44,6 @@ export KATA_NET_TIMEOUT=30

source /etc/os-release || source /usr/lib/os-release

# Ensure GOPATH set
if command -v go > /dev/null; then
export GOPATH=${GOPATH:-$(go env GOPATH)}
else
# if go isn't installed, set default location for GOPATH
export GOPATH="${GOPATH:-$HOME/go}"
fi

# Support Golang 1.16.x.
# By default in Golang >= 1.16 GO111MODULE is set to "on",
# some subprojects in this repo may not support "go modules",
Expand Down
9 changes: 9 additions & 0 deletions .ci/openshift-ci/smoke/http-server.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,4 +18,13 @@ spec:
- containerPort: 8080
command: ["python3"]
args: [ "-m", "http.server", "8080"]
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
runtimeClassName: kata-qemu
2 changes: 1 addition & 1 deletion VERSION
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
3.2.0-alpha3
3.2.0-rc0
9 changes: 9 additions & 0 deletions kata-webhook/deploy/webhook.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,15 @@ spec:
requests:
cpu: "100m"
memory: "250Mi"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumes:
- name: webhook-certs
secret:
Expand Down
9 changes: 9 additions & 0 deletions kata-webhook/webhook-check.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,15 @@ check_working() {
image: quay.io/prometheus/busybox:latest
command: ["echo", "Hello Webhook"]
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
EOF
local class_name=$(kubectl get -n ${WEBHOOK_NS} \
-o jsonpath='{.spec.runtimeClassName}' pod/${hello_pod})
Expand Down
Loading