[TEST-ONLY] [WIP] Test sec default #134
Conversation
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: skonto The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/hold |
skonto
changed the title
|
The problematic test now passed. Will unblock the rest. |
|
Now that all tests pass I will test again without the capabilities flag as upstream tests pass without it. |
|
/retest |
|
/test 48-e2e-aws-ocp-48 |
|
@skonto: The
Use DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/test 48-e2e-aws-ocp-48 |
|
/retest |
2 similar comments
|
/retest |
|
/retest |
skonto
changed the title
skonto
changed the title
| CheckK8sClientMinimumVersionOrDie(ctx, logger) | ||
| // HACK: should go away when we move away from < 4.11 releases | ||
| if err := CheckMinimumKubeVersion(kubeclient.Get(ctx).Discovery(), "1.24.0"); err == nil { | ||
| os.Setenv("OCP_SECCOMP_PROFILE_WITHOUT_SCC", "true") |
There was a problem hiding this comment.
@skonto is that our env-var? If so, I'd prefix it slightly different, to not confuse w/ actual OCP bits
|
|
||
| CheckK8sClientMinimumVersionOrDie(ctx, logger) | ||
| // HACK: should go away when we move away from < 4.11 releases | ||
| if err := CheckMinimumKubeVersion(kubeclient.Get(ctx).Discovery(), "1.24.0"); err == nil { |
There was a problem hiding this comment.
why on this file?
the pkg/version has already the normalizeVersion func
|
|
||
| CheckK8sClientMinimumVersionOrDie(ctx, logger) | ||
| // HACK: should go away when we move away from < 4.11 releases | ||
| if err := CheckMinimumKubeVersion(kubeclient.Get(ctx).Discovery(), "1.24.0"); err == nil { |
There was a problem hiding this comment.
let's just hard-code against 1.24?
|
|
||
| // CheckMinimumKubeVersion checks if current K8s version we are on is higher than the one passed. | ||
| // If an error is returned then the version is not higher than the minimum | ||
| func CheckMinimumKubeVersion(versioner discovery.ServerVersionInterface, version string) error { |
There was a problem hiding this comment.
we can remove the version ? since we anyways want to check here for 1.24.0
|
/test 411-e2e-aws-ocp-411 |
2 participants
We will enable the feature by default at the S-O side on OCP 4.11+ as we did with deprecated apis.
The feature flag is:
secure-pod-defaults."serving.knative.openshift.io/skipSeccompProfile"as a revision annotation that allows to skip setting seccomProfile for a service so it can run with the default image user. Since we support versions < 4.11 SeccompProfile is only set by default in versions > 4.10.