Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Slim down v2 ClusterRoles #442

Merged
merged 1 commit into from
Nov 13, 2023
Merged

Slim down v2 ClusterRoles #442

merged 1 commit into from
Nov 13, 2023

Conversation

DharmitD
Copy link
Member

@DharmitD DharmitD commented Nov 3, 2023
edited by HumairAK
Loading

The issue resolved by this Pull Request:

Resolves #354

Description of your changes:

Slimming down v2 ClusterRoles to a stricter spec, to help minimize our security footprint

PF details on the updates made as part of this PR, in this doc.

Testing instructions

  • Run the following commands to prepare the environment. NOTE: Make sure there are no other DSP installations in the testing cluster:
$ export IMAGE=quay.io/<QUAY_USERNAME>/dspo:v2
$ export DSPO_NS=data-science-pipelines-operator-v2
$ export DSPA_NS=data-science-pipelines-application-v2
$ oc new-project $DSPO_NS
$ oc new-project $DSPA_NS
$ make podman-build podman-push IMG=$IMAGE
$ make v2deploy IMG=$IMAGE V2INFRA_NS=openshift-pipelines
$ make deploy IMG=$IMAGE OPERATOR_NS=$DSPO_NS

quay.io/rhn_support_ddalvi/data-science-pipelines-operator:latest-clusterroles is the image I built to test these changes.

Checklist

  • The commits are squashed in a cohesive manner and have meaningful messages.
  • Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
  • The developer has manually tested the changes and verified that the changes work

@dsp-developers
Copy link
Contributor

A new image has been built to help with testing out this PR: quay.io/opendatahub/data-science-pipelines-operator:pr-442
An OCP cluster where you are logged in as cluster admin is required.

To use this image run the following:

cd $(mktemp -d)
git clone git@github.com:opendatahub-io/data-science-pipelines-operator.git
cd data-science-pipelines-operator/
git fetch origin pull/442/head
git checkout -b pullrequest 027e8abfc98c41acfc1f284a2c3a1caa396baa44
make deploy IMG="quay.io/opendatahub/data-science-pipelines-operator:pr-442"

More instructions here on how to deploy and test a Data Science Pipelines Application.

@DharmitD DharmitD mentioned this pull request Nov 3, 2023
Closed
@HumairAK HumairAK requested review from rimolive and removed request for harshad16 November 6, 2023 16:37
@rimolive
Copy link
Contributor

Created #456 and #457 as follow-up tasks while they are out of this task scope.

@rimolive
Copy link
Contributor

/lgtm
/approve

@openshift-ci openshift-ci bot added the lgtm label Nov 13, 2023
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Nov 13, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rimolive

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-bot openshift-merge-bot bot merged commit f24983b into opendatahub-io:dspv2 Nov 13, 2023
5 checks passed
@DharmitD DharmitD mentioned this pull request Nov 13, 2023
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@HumairAK HumairAK Awaiting requested review from HumairAK

@rimolive rimolive Awaiting requested review from rimolive

Assignees

@rimolive rimolive

Labels
approved lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@DharmitD @dsp-developers @rimolive