Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

depl: drop capabilities from all plugins #1945

Merged
merged 1 commit into from
Jan 10, 2025
Merged

depl: drop capabilities from all plugins #1945

merged 1 commit into from
Jan 10, 2025

Conversation

tkatila
Copy link
Contributor

@tkatila tkatila commented Jan 2, 2025
edited by mythi
Loading

Fixes: #1841

@tkatila tkatila force-pushed the depl-drop-capabilities branch from a5f5553 to 74006cd Compare January 2, 2025 13:42
eero-t
eero-t reviewed Jan 2, 2025
View reviewed changes
Copy link
Contributor

@eero-t eero-t left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Otherwise seems fine, but controllers are missing allowPrivilegeEscalation: false setting from securityContext. Deployments use it, so I assume controllers can too.

@tkatila
Copy link
Contributor Author

tkatila commented Jan 2, 2025

Otherwise seems fine, but controllers are missing allowPrivilegeEscalation: false setting from securityContext. Deployments use it, so I assume controllers can too.

Controllers take the deployment as base:
https://github.com/intel/intel-device-plugins-for-kubernetes/blob/main/pkg/controllers/gpu/controller.go#L132
https://github.com/intel/intel-device-plugins-for-kubernetes/blob/main/deployments/daemonsets.go#L46-L51

So any changes done in the deployments are inherited by the controllers. The tests failed in my first push as I didn't remember to add the _test.go changes.

eero-t
eero-t approved these changes Jan 2, 2025
View reviewed changes
Copy link
Contributor

@eero-t eero-t left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved.

FPGA test is failing, but it's scheduling issue, not related to these changes:
0/2 nodes are available: 1 Insufficient fpga.intel.com/arria10.dcp1.2-nlb0-orchestrated

@mythi
Copy link
Contributor

mythi commented Jan 2, 2025

LGTM. Added Fixes: tag

@tkatila tkatila marked this pull request as ready for review January 3, 2025 06:43
@tkatila
Copy link
Contributor Author

tkatila commented Jan 3, 2025
edited
Loading

LGTM. Added Fixes: tag

Thanks. I was planning to add the fixes tag when the tests pass and I convert this from draft to review.

@mythi mythi merged commit 614da27 into intel:main Jan 10, 2025
75 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mythi mythi mythi approved these changes

@eero-t eero-t eero-t approved these changes

@hj-johannes-lee hj-johannes-lee hj-johannes-lee approved these changes

@bart0sh bart0sh Awaiting requested review from bart0sh bart0sh is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Incomplete plugin SecurityContexts
4 participants
@tkatila @mythi @eero-t @hj-johannes-lee