Skip to content

genpolicy sync upstream [3/3] #173

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Apr 10, 2024
Merged

genpolicy sync upstream [3/3] #173

merged 8 commits into from
Apr 10, 2024

Conversation

@Redent0r
Copy link

@Redent0r Redent0r commented Apr 10, 2024
edited
Loading

Merge Checklist
  • Followed patch format from upstream recommendation: https://github.com/kata-containers/community/blob/main/CONTRIBUTING.md#patch-format
    • Included a single commit in a given PR - at least unless there are related commits and each makes sense as a change on its own.
  • Aware about the PR to be merged using "create a merge commit" rather than "squash and merge" (or similar)
  • genPolicy only: Ensured the tool still builds on Windows
  • genPolicy only: Updated sample YAMLs' policy annotations, if applicable
  • The upstream-missing label (or upstream-not-needed) has been set on the PR.
Summary

genpolicy sync upstream [3/3]

Test Methodology

https://dev.azure.com/mariner-org/mariner/_build/results?buildId=547421&view=ms.vss-test-web.build-test-results-tab [pass]

danmihai1 and others added 7 commits April 9, 2024 17:08
@danmihai1 @Redent0r
genpolicy: update default values
cb75f5f 
1. Remove PullImageRequest because that is not used in the main
   branch. It was used in the CCv0 branch.

2. Add default false values for the remaining Kata Agent ttrpc
   requests.

These changes don't change the functionality of the auto generated
Policy, but they help with easier understanding the Policy text and
the logging from the Rego rules.

Fixes: kata-containers#9049

Signed-off-by: Dan Mihai <[email protected]>
@danmihai1 @Redent0r
genpolicy: add easy way to allow CloseStdinRequest
35e34ef 
For example, Kata CI's k8s-copy-file.bats transfers files between the
Host and the Guest using "kubectl exec", and that results in
CloseStdinRequest being called from the Host.

Signed-off-by: Dan Mihai <[email protected]>
@danmihai1 @Redent0r
genpolicy: improve logging from ExecProcessRequest
78a9152 
Additional logging from the ExecProcessRequest rules, for easier
debugging.

Signed-off-by: Dan Mihai <[email protected]>
@danmihai1 @Redent0r
genpolicy: fix typo in policy logging
0b05a2d 
Improve logging, for easier debugging.

Fixes: kata-containers#9072

Signed-off-by: Dan Mihai <[email protected]>
@Redent0r
genpolicy: panic when we see a volume mount subpath
8f07523 
Based on kata-containers/runtime#2812

Fixes: kata-containers#9145

Signed-off-by: Saul Paredes <[email protected]>
@3u13r @Redent0r
genpolicy: add restartPolicy to container struct
8d86d84 
This adds support for sidecar container introduced in Kubernetes 1.28

Fixes: kata-containers#9220

Signed-off-by: Leonard Cohnen <[email protected]>
@danmihai1 @Redent0r
genpolicy: reduce policy debug prints
2148abe 
Kata CI has full debug output enabled for the cbl-mariner k8s tests,
and the test AKS node is relatively slow. So debug prints from policy
are expensive during CI.

Fixes: kata-containers#9296

Signed-off-by: Dan Mihai <[email protected]>
@Redent0r Redent0r added the upstream/not-needed PRs that will not be upstreamed (e.g. internal) label Apr 10, 2024
@Redent0r
genpolicy: update samples
db5c673 
Signed-off-by: Saul Paredes <[email protected]>
@Redent0r Redent0r marked this pull request as ready for review April 10, 2024 03:38
@Redent0r Redent0r requested review from a team as code owners April 10, 2024 03:38
@Redent0r Redent0r merged commit 7f92755 into msft-main Apr 10, 2024
@Redent0r Redent0r deleted the saulparedes/genpolicy_sync_3 branch April 10, 2024 03:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@danmihai1 danmihai1 danmihai1 approved these changes

Assignees

No one assigned

Labels

upstream/not-needed PRs that will not be upstreamed (e.g. internal)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Redent0r @danmihai1 @3u13r