Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for deploying ComplianceAsCode/compliance-operator #176

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add support for deploying ComplianceAsCode/compliance-operator #176

wants to merge 1 commit into from
+34 −0

Conversation

rhmdnd
Copy link
Owner

@rhmdnd rhmdnd commented Sep 15, 2022

Since the whole purpose of compserv is to parse compliance results, we
can host the compliance-operator on the same cluster to generate
results.

This commit adds a new kustomize directory for installing the
compliance-operator on the same cluster that the compliance service is
running.

@rhmdnd
Add support for deploying ComplianceAsCode/compliance-operator
2d690a9 
Since the whole purpose of compserv is to parse compliance results, we
can host the compliance-operator on the same cluster to generate
results.

This commit adds a new kustomize directory for installing the
compliance-operator on the same cluster that the compliance service is
running.
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Sep 15, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rhmdnd

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@rhmdnd rhmdnd added the low hanging fruit Trivial review label Sep 15, 2022
jhrozek
jhrozek reviewed Sep 16, 2022
View reviewed changes
kustomize/compliance-operator/namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: openshift-compliance
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this work with 4.12? I would assume that you need to add:

+    pod-security.kubernetes.io/audit: privileged
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/warn: privileged

to account for the PSA changes.

(side node: we might want to bump the CI cluster to 4.12 this close to 4.12 feature freeze to catch issues early)

Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good call - I'm running this on 4.11.

Want me to do that bump here or a separate patch?

@jhrozek
Copy link
Collaborator

jhrozek commented Sep 19, 2022 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jhrozek jhrozek jhrozek left review comments

@Vincent056 Vincent056 Awaiting requested review from Vincent056

Assignees
No one assigned
Labels
approved low hanging fruit Trivial review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rhmdnd @jhrozek