Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ZARF removes namespace labels pertaining to pod security when using --adopt-existing-resources #2489

Closed
Ansible-man opened this issue May 9, 2024 · 1 comment · Fixed by #2494
Closed

ZARF removes namespace labels pertaining to pod security when using --adopt-existing-resources #2489

Ansible-man opened this issue May 9, 2024 · 1 comment · Fixed by #2494
Assignees
@AustinAbro321
Labels
bug 🐞 Something isn't working

Comments

@Ansible-man
Copy link

Environment

Device and OS:
App version: 0.33.1
Kubernetes distro being used: rke2 1.28.9
Other:

Steps to reproduce

  1. Create a namespace with the labels required to allow a pod to have privileges when restricted pod security context is enabled per CIS benchmark
  2. Deploy an app (in our case mattermost-team-edition) via helm to that namespace
  3. Create a zarf package for the app and deploy it with --adopt-existing-resources
  4. The pods will not be scheduled due to security context violations and the labels will have been removed from the namespace

Expected result

The existing labels that do not interfere with ZARF remain

Actual Result

Existing labels pertaining to pod security are removed

Visual Proof (screenshots, videos, text, etc)

Severity/Priority

Additional Context

Add any other context or screenshots about the technical debt here.
@AustinAbro321 AustinAbro321 added bug 🐞 Something isn't working and removed possible-bug 🐛 labels May 10, 2024
@AustinAbro321
Copy link
Contributor

Confirmed this is a bug, thanks!

@AustinAbro321 AustinAbro321 self-assigned this May 10, 2024
@AustinAbro321 AustinAbro321 mentioned this issue May 10, 2024
Merged
2 tasks
AustinAbro321 added a commit that referenced this issue May 20, 2024
@AustinAbro321 @lucasrod16 @phillebaba
fix: adopt namespace metadata (#2494)
41c0ad7 
## Description

Changes behavior to keep existing metadata on namespaces rather than
steamrolling them

## Related Issue

Fixes #2489 

## Checklist before merging

- [ ] Test, docs, adr added or updated as needed
- [ ] [Contributor Guide
Steps](https://github.com/defenseunicorns/zarf/blob/main/.github/CONTRIBUTING.md#developer-workflow)
followed

---------

Co-authored-by: Lucas Rodriguez <lucas.rodriguez@defenseunicorns.com>
Co-authored-by: Philip Laine <philip.laine@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AustinAbro321 AustinAbro321

Labels
bug 🐞 Something isn't working
Projects
Zarf
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: adopt namespace metadata defenseunicorns/zarf
2 participants
@AustinAbro321 @Ansible-man