Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[kube-prometheus-stack] SecurityContext for webhook job create/patch container #2406

Merged
merged 8 commits into from
Aug 31, 2022
Merged

[kube-prometheus-stack] SecurityContext for webhook job create/patch container #2406

merged 8 commits into from
Aug 31, 2022

Commits on Aug 31, 2022

  1. Stumbled in to this when working with kyverno and enforced strict pol… 

    …icies.

Kyverno and using strict policy configuration, job create for `ingress-nginx-admission-create` fails with policies `require-drop-all`and `disallow-privilege-escalation`. Adding the ability to configure containers in webhooks create and patch from helm values.

> k describe job monitoring-kube-prometheus-admission-patch
```
resource Pod/my-namespace/monitoring-kube-prometheus-admission-patch-njdkq was blocked due to the following policies

disallow-capabilities-strict:
  require-drop-all: 'validation failure: Containers must drop `ALL` capabilities.'
disallow-privilege-escalation:
  privilege-escalation: 'validation error: Privilege escalation is disallowed. The
    fields spec.containers[*].securityContext.allowPrivilegeEscalation, spec.initContainers[*].securityContext.allowPrivilegeEscalation,
    and spec.ephemeralContainers[*].securityContext.allowPrivilegeEscalation must
    be set to `false`. Rule privilege-escalation failed at path /spec/containers/0/securityContext/'
```

Signed-off-by: ybelMekk <[email protected]>
    @ybelMekk
    ybelMekk committed Aug 31, 2022
    Configuration menu
    Copy the full SHA
    4f61c09 View commit details
    Browse the repository at this point in the history

  2. Chart Version bumped 

    Signed-off-by: ybelMekk <[email protected]>
    @ybelMekk
    ybelMekk committed Aug 31, 2022
    Configuration menu
    Copy the full SHA
    79c9418 View commit details
    Browse the repository at this point in the history

  3. merge master 

    Signed-off-by: ybelMekk <[email protected]>
    @ybelMekk
    ybelMekk committed Aug 31, 2022
    Configuration menu
    Copy the full SHA
    fb894ce View commit details
    Browse the repository at this point in the history

  4. issue with nil pointer for if, use with 

    Signed-off-by: ybelMekk <[email protected]>
    @ybelMekk
    ybelMekk committed Aug 31, 2022
    Configuration menu
    Copy the full SHA
    c20e6d9 View commit details
    Browse the repository at this point in the history

  5. Merge branch 'main' into main 

    Signed-off-by: Youssef Bel Mekki <[email protected]>
    @ybelMekk
    ybelMekk authored Aug 31, 2022
    Configuration menu
    Copy the full SHA
    f3f6916 View commit details
    Browse the repository at this point in the history

  6. check for nil earlier 

    Signed-off-by: ybelMekk <[email protected]>
    @ybelMekk
    ybelMekk committed Aug 31, 2022
    Configuration menu
    Copy the full SHA
    1d4ce31 View commit details
    Browse the repository at this point in the history

  7. leard something about helm today, i need to spec the path right to ge… 

    …t it to work..

Signed-off-by: ybelMekk <[email protected]>
    @ybelMekk
    ybelMekk committed Aug 31, 2022
    Configuration menu
    Copy the full SHA
    5246801 View commit details
    Browse the repository at this point in the history

  8. tidy values.yaml, remove extra newlines 

    Signed-off-by: ybelMekk <[email protected]>
    @ybelMekk
    ybelMekk committed Aug 31, 2022
    Configuration menu
    Copy the full SHA
    ea1985a View commit details
    Browse the repository at this point in the history