Skip to content

feat: mount-volumes-for-ephemeral-containers policy #1225

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat: mount-volumes-for-ephemeral-containers policy #1225

wants to merge 2 commits into from

Conversation

@Darkhood148
Copy link
Contributor

@Darkhood148 Darkhood148 commented Jan 23, 2025
edited by realshuting
Loading

Related Issue(s)

Closes #1088.

Description

This PR adds a sample policy to mount volumes and set default security context for ephemeral containers; along with chainsaw tests for the same

Checklist

  • I have read the policy contribution guidelines.
  • I have added test manifests and resources covering both positive and negative tests that prove this policy works as intended.
  • I have added the artifacthub-pkg.yml file and have verified it is complete and correct.

@Darkhood148
Copy link
Contributor Author

Darkhood148 commented Jan 23, 2025
edited
Loading

Hi @realshuting,

The description of the chainsaw tests is as follows:

  • Step 1: Create the policy
  • Step 2: Create a pod with the label ephemeral-debug: true and verify that the volume is added to the pod
  • Step 3: Verify the security context of a newly created ephemeral container by ensuring that it is a read-only file system
  • Step 4: Check if volumeMounts are being correctly added

@Darkhood148
Adds chainsaw tests
dc2c5f0 
Signed-off-by: Darkhood148 <[email protected]>
@Darkhood148
Copy link
Contributor Author

Darkhood148 commented Feb 7, 2025

Hi @realshuting I have done the requested changes. Here is the updated description of the chainsaw tests:

  • Step 1: Create the policy
  • Step 2: Create a pod with the label ephemeral-debug: true and verify that the volume is added to the pod
  • Step 3: Create ephemeral container for the pod
  • Step 4: Verify the security context of the pod and verify if volume mounts are correctly added

realshuting
realshuting approved these changes Feb 11, 2025
View reviewed changes
Copy link
Member

@realshuting realshuting left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

Thanks @Darkhood148 !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@realshuting realshuting realshuting approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Sample] Mount volumes for ephemeral containers

2 participants

@Darkhood148 @realshuting