aboutsummaryrefslogtreecommitdiffstats
path: root/docker/core
diff options
context:
space:
mode:
Diffstat (limited to 'docker/core')
-rw-r--r--docker/core/Dockerfile7
-rw-r--r--docker/core/Enforce-baseline-Pod-Security-Standard-with-namespac.patch39
2 files changed, 2 insertions, 44 deletions
diff --git a/docker/core/Dockerfile b/docker/core/Dockerfile
index e935d426..b6507da1 100644
--- a/docker/core/Dockerfile
+++ b/docker/core/Dockerfile
@@ -6,7 +6,6 @@ ARG OPNFV_TAG=master
COPY Try-a-quick-fix-vs-asynchronuous-issues.patch /tmp/Try-a-quick-fix-vs-asynchronuous-issues.patch
COPY Switch-to-threading.Thread-for-Rally-tasks.patch /tmp/Switch-to-threading.Thread-for-Rally-tasks.patch
-COPY Enforce-baseline-Pod-Security-Standard-with-namespac.patch /tmp/Enforce-baseline-Pod-Security-Standard-with-namespac.patch
RUN apk -U upgrade && \
apk --no-cache add --update python3 py3-pip py3-wheel bash git grep libffi openssl mailcap \
libxml2 libxslt gcompat && \
@@ -36,16 +35,14 @@ RUN apk -U upgrade && \
/src/functest-kubernetes && \
(cd /src/rally && patch -p1 < /tmp/Switch-to-threading.Thread-for-Rally-tasks.patch) && \
(cd /usr/lib/python3.10/site-packages/xrally_kubernetes/ && \
- patch -p2 < /tmp/Try-a-quick-fix-vs-asynchronuous-issues.patch && \
- patch -p2 < /tmp/Enforce-baseline-Pod-Security-Standard-with-namespac.patch) && \
+ patch -p2 < /tmp/Try-a-quick-fix-vs-asynchronuous-issues.patch) && \
rm -rf /src/functest-kubernetes /tmp/Switch-to-threading.Thread-for-Rally-tasks.patch && \
bash -c "mkdir -p /var/lib/xtesting /home/opnfv" && \
ln -s /var/lib/xtesting /home/opnfv/functest && \
mkdir -p /etc/rally && \
printf "[database]\nconnection = 'sqlite:////var/lib/rally/database/rally.sqlite'" > /etc/rally/rally.conf && \
mkdir -p /var/lib/rally/database && rally db create && \
- rm -r /src/requirements/.git /tmp/Try-a-quick-fix-vs-asynchronuous-issues.patch \
- /tmp/Enforce-baseline-Pod-Security-Standard-with-namespac.patch && \
+ rm -r /src/requirements/.git /tmp/Try-a-quick-fix-vs-asynchronuous-issues.patch && \
addgroup -g 1000 xtesting && adduser -u 1000 -G xtesting -D xtesting && \
mkdir -p /etc/xtesting && chown -R xtesting: /etc/xtesting /etc/rally && \
mkdir -p /var/lib/xtesting/results && chown -R xtesting: /var/lib/xtesting /var/lib/rally && \
diff --git a/docker/core/Enforce-baseline-Pod-Security-Standard-with-namespac.patch b/docker/core/Enforce-baseline-Pod-Security-Standard-with-namespac.patch
deleted file mode 100644
index 1a4cc1d0..00000000
--- a/docker/core/Enforce-baseline-Pod-Security-Standard-with-namespac.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From cf7998dc92bd9d0bcc99ee2c9a21b6c41d1b2750 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?C=C3=A9dric=20Ollivier?= <cedric.ollivier@orange.com>
-Date: Fri, 12 Jan 2024 21:16:54 +0100
-Subject: [PATCH] Enforce baseline Pod Security Standard with namespace labels
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-It allows running the xrally_kubernetes testcases vs clusters where
-PodSecurityConfiguration enforces "restricted" [1].
-
-Please note that Kubernetes.create_and_delete_pod_with_hostpath_volume
-even requests for privileged [2].
-
-[1] https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-admission-controller/
-[2] https://kubernetes.io/docs/concepts/storage/volumes/#hostpath
-
-Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
----
- xrally_kubernetes/service.py | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/xrally_kubernetes/service.py b/xrally_kubernetes/service.py
-index d38f84b..4f97550 100644
---- a/xrally_kubernetes/service.py
-+++ b/xrally_kubernetes/service.py
-@@ -238,7 +238,8 @@ class Kubernetes(service.Service):
- "metadata": {
- "name": name,
- "labels": {
-- "role": name
-+ "role": name,
-+ "pod-security.kubernetes.io/enforce": "baseline"
- }
- }
- }
---
-2.43.0
-