diff options
author | Cédric Ollivier <cedric.ollivier@orange.com> | 2024-01-12 22:19:36 +0100 |
---|---|---|
committer | Cédric Ollivier <cedric.ollivier@orange.com> | 2024-01-12 22:22:48 +0100 |
commit | ed36cd525f4bee23229aa2b24a6b1a6b380e425d (patch) | |
tree | 562e7dac15c9de38270e9f368ade77efd18ece7b /docker/core/Dockerfile | |
parent | 8f2baf0af49854f5dceb40ec4b722f9c1a2ad39b (diff) |
Apply PR " Enforce baseline Pod Security Standard with namespace labels"
It's needed for any Cluster where PodSecurityConfiguration enforces "restricted" [1].
[1] https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-admission-controller/
Change-Id: I9df12654d09390353a898030314a3fda9074b0d5
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
(cherry picked from commit 05656f790feab78bb02b6ed0e3b11048eea39901)
Diffstat (limited to 'docker/core/Dockerfile')
-rw-r--r-- | docker/core/Dockerfile | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/docker/core/Dockerfile b/docker/core/Dockerfile index 18d714c8..c3c258cf 100644 --- a/docker/core/Dockerfile +++ b/docker/core/Dockerfile @@ -6,6 +6,7 @@ ARG OPNFV_TAG=stable/zed COPY Try-a-quick-fix-vs-asynchronuous-issues.patch /tmp/Try-a-quick-fix-vs-asynchronuous-issues.patch COPY Switch-to-threading.Thread-for-Rally-tasks.patch /tmp/Switch-to-threading.Thread-for-Rally-tasks.patch +COPY Enforce-baseline-Pod-Security-Standard-with-namespac.patch /tmp/Enforce-baseline-Pod-Security-Standard-with-namespac.patch RUN apk -U upgrade && \ apk --no-cache add --update python3 py3-pip py3-wheel bash git grep libffi openssl mailcap \ libxml2 libxslt gcompat && \ @@ -35,14 +36,16 @@ RUN apk -U upgrade && \ /src/functest-kubernetes && \ (cd /src/rally && patch -p1 < /tmp/Switch-to-threading.Thread-for-Rally-tasks.patch) && \ (cd /usr/lib/python3.10/site-packages/xrally_kubernetes/ && \ - patch -p2 < /tmp/Try-a-quick-fix-vs-asynchronuous-issues.patch) && \ + patch -p2 < /tmp/Try-a-quick-fix-vs-asynchronuous-issues.patch && \ + patch -p2 < /tmp/Enforce-baseline-Pod-Security-Standard-with-namespac.patch) && \ rm -rf /src/functest-kubernetes /tmp/Switch-to-threading.Thread-for-Rally-tasks.patch && \ bash -c "mkdir -p /var/lib/xtesting /home/opnfv" && \ ln -s /var/lib/xtesting /home/opnfv/functest && \ mkdir -p /etc/rally && \ printf "[database]\nconnection = 'sqlite:////var/lib/rally/database/rally.sqlite'" > /etc/rally/rally.conf && \ mkdir -p /var/lib/rally/database && rally db create && \ - rm -r /src/requirements/.git /tmp/Try-a-quick-fix-vs-asynchronuous-issues.patch && \ + rm -r /src/requirements/.git /tmp/Try-a-quick-fix-vs-asynchronuous-issues.patch \ + /tmp/Enforce-baseline-Pod-Security-Standard-with-namespac.patch && \ addgroup -g 1000 xtesting && adduser -u 1000 -G xtesting -D xtesting && \ mkdir -p /etc/xtesting && chown -R xtesting: /etc/xtesting /etc/rally && \ mkdir -p /var/lib/xtesting/results && chown -R xtesting: /var/lib/xtesting /var/lib/rally && \ |