diff options
| author |   Cédric Ollivier <cedric.ollivier@orange.com> | 2024-01-12 22:19:36 +0100 |
|---|---|---|
| committer | Cédric Ollivier <cedric.ollivier@orange.com> | 2024-01-12 22:23:09 +0100 |
| commit | 869a1d1da62ec900f6c47ecf76cff82ef3ca9fe5 (patch) | |
| tree | 7fc26b90d3328eec7b14136d1c992f1327d0aaca /docker/core/Dockerfile | |
| parent | 767cb9d833f7dfb12c16b291981ad71fa368a4d8 (diff) | |
Apply PR " Enforce baseline Pod Security Standard with namespace labels"
It's needed for any Cluster where PodSecurityConfiguration enforces "restricted" [1].
[1] https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-admission-controller/
Change-Id: I9df12654d09390353a898030314a3fda9074b0d5
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
(cherry picked from commit 05656f790feab78bb02b6ed0e3b11048eea39901)
Diffstat (limited to 'docker/core/Dockerfile')
| -rw-r--r-- | docker/core/Dockerfile | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/docker/core/Dockerfile b/docker/core/Dockerfile index 3bc15ec2..861f1cf3 100644 --- a/docker/core/Dockerfile +++ b/docker/core/Dockerfile @@ -6,6 +6,7 @@ ARG OPNFV_TAG=stable/zed COPY Try-a-quick-fix-vs-asynchronuous-issues.patch /tmp/Try-a-quick-fix-vs-asynchronuous-issues.patch COPY Switch-to-threading.Thread-for-Rally-tasks.patch /tmp/Switch-to-threading.Thread-for-Rally-tasks.patch +COPY Enforce-baseline-Pod-Security-Standard-with-namespac.patch /tmp/Enforce-baseline-Pod-Security-Standard-with-namespac.patch RUN apk -U upgrade && \ apk --no-cache add --update python3 py3-pip py3-wheel bash git grep libffi openssl mailcap \ libxml2 libxslt gcompat && \ @@ -34,14 +35,16 @@ RUN apk -U upgrade && \ /src/functest-kubernetes && \ (cd /src/rally && patch -p1 < /tmp/Switch-to-threading.Thread-for-Rally-tasks.patch) && \ (cd /usr/lib/python3.10/site-packages/xrally_kubernetes/ && \ - patch -p2 < /tmp/Try-a-quick-fix-vs-asynchronuous-issues.patch) && \ + patch -p2 < /tmp/Try-a-quick-fix-vs-asynchronuous-issues.patch && \ + patch -p2 < /tmp/Enforce-baseline-Pod-Security-Standard-with-namespac.patch) && \ rm -rf /src/functest-kubernetes /tmp/Switch-to-threading.Thread-for-Rally-tasks.patch && \ bash -c "mkdir -p /var/lib/xtesting /home/opnfv" && \ ln -s /var/lib/xtesting /home/opnfv/functest && \ mkdir -p /etc/rally && \ printf "[database]\nconnection = 'sqlite:////var/lib/rally/database/rally.sqlite'" > /etc/rally/rally.conf && \ mkdir -p /var/lib/rally/database && rally db create && \ - rm -r /src/requirements/.git /tmp/Try-a-quick-fix-vs-asynchronuous-issues.patch && \ + rm -r /src/requirements/.git /tmp/Try-a-quick-fix-vs-asynchronuous-issues.patch \ + /tmp/Enforce-baseline-Pod-Security-Standard-with-namespac.patch && \ addgroup -g 1000 xtesting && adduser -u 1000 -G xtesting -D xtesting && \ mkdir -p /etc/xtesting && chown -R xtesting: /etc/xtesting /etc/rally && \ mkdir -p /var/lib/xtesting/results && chown -R xtesting: /var/lib/xtesting /var/lib/rally && \ |