-
Notifications
You must be signed in to change notification settings - Fork 330
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add disallow interactive tty constraint #305
Add disallow interactive tty constraint #305
Conversation
I've tested this in my cluster. Gitlab runners use |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks for the contribution!
Not sure if the artifact hub generation stuff is supposed to happen later.
It looks like this command needs to be run: |
Thanks, yes I am doing this now. |
Done, and pushed. |
Checking on the new failures... |
@@ -4,7 +4,7 @@ metadata: | |||
name: k8shorizontalpodautoscaler | |||
annotations: | |||
metadata.gatekeeper.sh/title: "Horizontal Pod Autoscaler" | |||
metadata.gatekeeper.sh/version: 1.0.0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
did you mean to make these changes for this policy?
Yes. I'm trying to sneak in a whitespace fix in the hpa constraint and the CI required that the version be bumped in order to approve the change.
|
@tspearconquest the change bumps the patch version. might be good to revert it for now since the horizontalpodautoscaler policy is not in the right place. xref #314 |
Signed-off-by: Thomas Spear <[email protected]>
Signed-off-by: Thomas Spear <[email protected]>
* remove skip for storage class Signed-off-by: Sertac Ozercan <[email protected]> * revert timestamp Signed-off-by: Sertac Ozercan <[email protected]> --------- Signed-off-by: Sertac Ozercan <[email protected]> Signed-off-by: Thomas Spear <[email protected]>
* fix: disallowed repos sample test name Signed-off-by: Sertac Ozercan <[email protected]> * fix tests Signed-off-by: Sertac Ozercan <[email protected]> --------- Signed-off-by: Sertac Ozercan <[email protected]> Signed-off-by: Thomas Spear <[email protected]>
* feat: add HorizontalPodAutoscaler policy Signed-off-by: Craig Trought <[email protected]> * chore: add metadata for artifacts Signed-off-by: Craig Trought <[email protected]> * chore: generate artifacts Signed-off-by: Craig Trought <[email protected]> * fix: remove sample constraint Signed-off-by: Craig Trought <[email protected]> * core: add requiresSyncData metadata Signed-off-by: Craig Trought <[email protected]> * add hpa policy to kustomize Signed-off-by: Craig Trought <[email protected]> --------- Signed-off-by: Craig Trought <[email protected]> Co-authored-by: Sertaç Özercan <[email protected]> Co-authored-by: Max Smythe <[email protected]> Signed-off-by: Thomas Spear <[email protected]>
) Signed-off-by: Thomas Spear <[email protected]>
Signed-off-by: Thomas Spear <[email protected]>
…ts' again Signed-off-by: Thomas Spear <[email protected]>
…-artifacts' again" This reverts commit 673a63a. Signed-off-by: Thomas Spear <[email protected]>
…-artifacts'" This reverts commit 54b069c. Signed-off-by: Thomas Spear <[email protected]>
Signed-off-by: Thomas Spear <[email protected]>
5cb4eae
to
0547a50
Compare
Signed-off-by: Thomas Spear <[email protected]>
@nilekhc can you pls help take a look at all the CI failures to make sure they are failing correctly? e.g. |
@tspearconquest can you try deleting |
Signed-off-by: Thomas Spear <[email protected]>
…tspearconquest/gatekeeper-library into add_disallow_interactive_tty_constraint
Thanks for reporting this @ritazh! I have opened #339 to fix it. |
Hi @tspearconquest - #339 has been merged, can you please try a fresh 'make generate generate-website-docs generate-artifacthub-artifacts' to generate the templates and docs. Cheers! |
Hello, apologies for my delay, as I was on leave for the last 2 weeks. I am doing it now. |
Signed-off-by: Thomas Spear <[email protected]>
Ok, it's pushed and it looks like tests have passed. Please take a look. Thanks again! |
@ritazh LGTY? |
This issue/PR has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions. |
Any update on this? |
This issue/PR has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions. |
Not stale... /help |
What this PR does / why we need it:
Adds a constraint to disallow deployment of pods with containers where the fields related to interactive sessions, such as
stdin
, andtty
, are set totrue
Special notes for your reviewer: