-
Notifications
You must be signed in to change notification settings - Fork 248
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update disallow-helm-tiller and disallow-latest-tag to include all container types in a pod #1111
Conversation
Signed-off-by: Dolis Sharma <[email protected]>
Signed-off-by: Dolis Sharma <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tiller (Helm v2) is so old technology I don't think it's worth making this change. Would suggest focusing on more useful policies in the present.
I am updating all the best practice policies. Can you approve this one while I add the logic in other policies too? |
Go ahead and make those updates. Remove from draft mode when ready for review. Please remember to follow the contribution guide as linked in the PR template. And please also ensure to increase test coverage of the policies you update in this PR as well. |
Signed-off-by: Dolis Sharma <[email protected]>
Signed-off-by: Dolis Sharma <[email protected]>
Signed-off-by: Dolis Sharma <[email protected]>
Signed-off-by: Dolis Sharma <[email protected]>
Signed-off-by: Dolis Sharma <[email protected]>
Signed-off-by: Dolis Sharma <[email protected]>
@chipzoller Extended the logic to the "disallow latest tag" policy along with changes needed for the chainsaw test cases. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missing extended tests for disallow-helm-tiller.
Signed-off-by: Dolis Sharma <[email protected]>
Signed-off-by: Dolis Sharma <[email protected]>
Signed-off-by: Dolis Sharma <[email protected]>
Signed-off-by: Dolis Sharma <[email protected]>
Signed-off-by: Dolis Sharma <[email protected]>
Signed-off-by: Dolis Sharma <[email protected]>
@chipzoller thought the Helm Tiller policy was outdated and that test cases might not be necessary. However, I’ve updated them now. Please review the changes |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please fix failing tests. Also complete the PR template (checklist).
Signed-off-by: Dolis Sharma <[email protected]>
@chipzoller I tried updating the digest using my Mac, but the check failed. I reverted to the old digest and I think it got verified. How can I generate the digest? I am using the following command.
|
Signed-off-by: Dolis Sharma <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Digests are expected to be generated in Linux; you can see the digest expected in the Policy Test step and use that if you're unable to generate one on your own system.
Tests still need to be fixed here.
Signed-off-by: Dolis Sharma <[email protected]>
@chipzoller Thanks! it worked with Linux. What checks are you referring to? I don't see any on my page. |
Please see failing CI checks. |
Signed-off-by: Dolis Sharma <[email protected]>
Signed-off-by: Dolis Sharma <[email protected]>
Signed-off-by: Dolis Sharma <[email protected]>
Signed-off-by: Dolis Sharma <[email protected]>
Signed-off-by: Dolis Sharma <[email protected]>
Signed-off-by: Dolis Sharma <[email protected]>
Signed-off-by: Dolis Sharma <[email protected]>
Signed-off-by: Dolis Sharma <[email protected]>
Signed-off-by: Dolis Sharma <[email protected]>
Signed-off-by: Dolis Sharma <[email protected]>
Signed-off-by: Dolis Sharma <[email protected]>
Signed-off-by: Dolis Sharma <[email protected]>
Signed-off-by: Dolis Sharma <[email protected]>
@chipzoller Please review. |
Related Issue(s)
Partially addresses #951
Description
Updating disallow-helm-tiller and disallow-latest-tag policies to handle all pod types and test cases to handle initContainers.
Checklist