Skip to content

cluster-policy-controller#478

Closed
sallyom wants to merge 3 commits into
openshift:mainfrom
sallyom:cluster-policy-controller
Closed

cluster-policy-controller#478
sallyom wants to merge 3 commits into
openshift:mainfrom
sallyom:cluster-policy-controller

Conversation

@sallyom
Copy link
Copy Markdown
Contributor

@sallyom sallyom commented Dec 2, 2021
edited
Loading

Embedding the cluster-policy-controller requires too much reworking of code, I'm in favor of running cluster-policy-controller as a deployment. This way microshift won't be dependent on changes in openshift/library-go controllercmd code.

Added OpenShift Assets:
namespace-security-allocation-controller-clusterrole
namespace-security-allocation-controller-clusterrolebinding
kube-controller-manager static pod cluster-policy-controller container
RangeAllocations CRD
kube-controller-manager ns

Closes #303

@openshift-ci openshift-ci Bot requested review from husky-parul and oglok December 2, 2021 19:20
@sallyom
Copy link
Copy Markdown
Contributor Author

sallyom commented Dec 2, 2021

Note: change in RunClusterPolicyController from 4.8, 4.9 - if we embed, will have to rework when bump to 4.9

release 4.9 cluster-policy-controller Run command: https://github.com/openshift/cluster-policy-controller/blob/release-4.9/pkg/cmd/cluster-policy-controller/policy_controller.go#L18

release 4.8 cluster-policy-controller Run command: https://github.com/openshift/cluster-policy-controller/blob/release-4.8/pkg/cmd/cluster-policy-controller/policy_controller.go#L32

@sallyom sallyom mentioned this pull request Dec 2, 2021
Closed
@sallyom sallyom force-pushed the cluster-policy-controller branch from 2e7a06c to 226f35a Compare December 2, 2021 20:07
@sallyom
Copy link
Copy Markdown
Contributor Author

sallyom commented Dec 2, 2021
edited
Loading

@fzdarsky it works! I've added a commit to run service-ca deployment w/ NonRoot 1001:1001, same as ocp manifest

      securityContext:
          runAsGroup: 1001
          runAsNonRoot: true
          runAsUser: 1001

See Note in PR description about move of service-ca hostPath volumes to configmap & secret

@sallyom
Copy link
Copy Markdown
Contributor Author

sallyom commented Dec 2, 2021

/assign @fzdarsky

@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Dec 2, 2021

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please ask for approval from fzdarsky after the PR has been reviewed.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@sallyom sallyom force-pushed the cluster-policy-controller branch 5 times, most recently from ae4cf9e to 86b1085 Compare December 12, 2021 15:51
@sallyom sallyom force-pushed the cluster-policy-controller branch from 86b1085 to 8aa55ca Compare December 15, 2021 02:51
@sallyom sallyom mentioned this pull request Dec 15, 2021
Closed
@sallyom sallyom force-pushed the cluster-policy-controller branch 3 times, most recently from 0798887 to 34cd152 Compare December 20, 2021 18:45
@mangelajo
Copy link
Copy Markdown
Contributor

mangelajo commented Jan 14, 2022

@fzdarsky @sallyom did we decide how we want to go about this?, If we want to go this route we need to build multi-arch images for the cluster-policy-controller, I can handle that, just let me know.

thanks for looking at this sally!

@sallyom
cluster-policy-controller
d4e783e 
Signed-off-by: Sally O'Malley <somalley@redhat.com>
@sallyom
generated bindata: cluster-policy-controller
f0fff6d 
Signed-off-by: Sally O'Malley <somalley@redhat.com>
@sallyom
cluster-policy-controller: comment to ocp yaml
02ac981
@sallyom sallyom force-pushed the cluster-policy-controller branch from 34cd152 to 02ac981 Compare January 18, 2022 19:56
@sallyom
Copy link
Copy Markdown
Contributor Author

sallyom commented Jan 19, 2022

/retest

1 similar comment
@cooktheryan
Copy link
Copy Markdown
Contributor

cooktheryan commented Jan 19, 2022

/retest

@openshift-bot
Copy link
Copy Markdown

openshift-bot commented May 18, 2022

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

@openshift-ci openshift-ci Bot added lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. labels May 18, 2022
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented May 18, 2022

@sallyom: PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@sallyom
Copy link
Copy Markdown
Contributor Author

sallyom commented Jun 2, 2022

closing, we won't need this & if that changes can reopen

@sallyom sallyom closed this Jun 2, 2022
@microshift-rebase-script microshift-rebase-script Bot mentioned this pull request Mar 6, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@husky-parul husky-parul Awaiting requested review from husky-parul

@oglok oglok Awaiting requested review from oglok

Assignees

@fzdarsky fzdarsky

Labels

lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Enhancement]: Add cluster-policy-controller

5 participants

@sallyom @mangelajo @cooktheryan @openshift-bot @fzdarsky