)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":11600,"name":"Michał Dulko","email":"michal.dulko@gmail.com","username":"dulek"},"change_message_id":"5867cdd96dc7ebd50e86e50f1c1978fae6f413e0","unresolved":true,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Setting security context for kuryr demo pod"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Otherwise for Openshift \u003e\u003d 4.13 it fails with:"},{"line_number":10,"context_line":"kuryr-pod-1568568478 is forbidden: violates PodSecurity"},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"Depends-On: I35ff6f3b9d1b1fd88ae72ba9a62219da669adeab"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":7,"id":"e09168ba_ed819c46","line":9,"range":{"start_line":9,"start_character":0,"end_line":9,"end_character":46},"updated":"2023-03-13 12:35:04.000000000","message":"Better to use Kubernetes here. It\u0027s kubernetes 1.26.","commit_id":"1807fd4224ad6cb4dad9de426d6b27a90abc5304"},{"author":{"_account_id":4727,"name":"Itzik Brown","email":"itzikb@redhat.com","username":"itzikb1"},"change_message_id":"2fb564a5d8da23bfd8cdd87516f8ff4286301097","unresolved":false,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Setting security context for kuryr demo pod"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Otherwise for Openshift \u003e\u003d 4.13 it fails with:"},{"line_number":10,"context_line":"kuryr-pod-1568568478 is forbidden: violates PodSecurity"},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"Depends-On: I35ff6f3b9d1b1fd88ae72ba9a62219da669adeab"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":7,"id":"7620296e_f8c4c443","line":9,"range":{"start_line":9,"start_character":0,"end_line":9,"end_character":46},"in_reply_to":"e09168ba_ed819c46","updated":"2023-03-20 08:13:51.000000000","message":"Done","commit_id":"1807fd4224ad6cb4dad9de426d6b27a90abc5304"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":4727,"name":"Itzik Brown","email":"itzikb@redhat.com","username":"itzikb1"},"change_message_id":"c16b745b13e3b57900cb42c3f784edc89137db46","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"616518b9_eb66dadc","updated":"2023-03-01 06:55:12.000000000","message":"recheck","commit_id":"9cc8cb0c7cee578cff6514bc1c18262f2064d1c3"},{"author":{"_account_id":13692,"name":"Roman Dobosz","email":"gryf73@gmail.com","username":"gryf"},"change_message_id":"8ce2b6ce5826a02d49923c1ece2091026e521ce3","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"03585133_76310d2a","updated":"2023-03-13 11:28:53.000000000","message":"recheck","commit_id":"1807fd4224ad6cb4dad9de426d6b27a90abc5304"},{"author":{"_account_id":4727,"name":"Itzik Brown","email":"itzikb@redhat.com","username":"itzikb1"},"change_message_id":"1d30009bcdab8de1ad6ca2f88c3713cc20dcd83c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"a8ad5e4d_3e8f72a8","updated":"2023-03-02 07:24:02.000000000","message":"recheck","commit_id":"1807fd4224ad6cb4dad9de426d6b27a90abc5304"},{"author":{"_account_id":13692,"name":"Roman Dobosz","email":"gryf73@gmail.com","username":"gryf"},"change_message_id":"7c7125282e5ec0cece2b2e76068e8c7dc4fa0d33","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":9,"id":"06598685_637f1012","updated":"2023-03-15 05:47:05.000000000","message":"recheck","commit_id":"a934863c02cf90419aea54955d4bcd84705113cd"},{"author":{"_account_id":13692,"name":"Roman Dobosz","email":"gryf73@gmail.com","username":"gryf"},"change_message_id":"bd69eaeae0c418e42154f549167abe7a20619432","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":9,"id":"2ca8b3d0_fcff512e","updated":"2023-03-14 11:32:25.000000000","message":"recheck","commit_id":"a934863c02cf90419aea54955d4bcd84705113cd"},{"author":{"_account_id":13692,"name":"Roman Dobosz","email":"gryf73@gmail.com","username":"gryf"},"change_message_id":"b05cc30ec45acc2d381197f11e2a78ea5ef6f739","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":9,"id":"35105e82_3fec0171","updated":"2023-03-14 13:45:09.000000000","message":"recheck","commit_id":"a934863c02cf90419aea54955d4bcd84705113cd"},{"author":{"_account_id":13692,"name":"Roman Dobosz","email":"gryf73@gmail.com","username":"gryf"},"change_message_id":"84bf4f7820c6278c3f2e5879bea538746475d2c8","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":9,"id":"d17e0ddf_da80aa83","updated":"2023-03-14 20:05:55.000000000","message":"recheck","commit_id":"a934863c02cf90419aea54955d4bcd84705113cd"},{"author":{"_account_id":11600,"name":"Michał Dulko","email":"michal.dulko@gmail.com","username":"dulek"},"change_message_id":"58c646506c716bb9554f5cc26d997e360edcd71b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":10,"id":"f8dc6bf3_c38f8a0a","updated":"2023-03-15 15:00:27.000000000","message":"Oh wait, that\u0027s a genuine error on Wallaby:\n\n[x]\n        \nft1.1: kuryr_tempest_plugin.tests.scenario.test_cross_ping.TestCrossPingScenario.test_pod_pod_ping[id-bddf5441-1244-449d-a125-b5fddfb1a2a9]testtools.testresult.real._StringException: Traceback (most recent call last):\n  File \"/opt/stack/tempest/.tox/tempest/lib/python3.8/site-packages/kuryr_tempest_plugin/tests/scenario/test_cross_ping.py\", line 79, in test_pod_pod_ping\n    pod_name, pod \u003d self.create_pod()\n  File \"/opt/stack/tempest/.tox/tempest/lib/python3.8/site-packages/kuryr_tempest_plugin/tests/scenario/base.py\", line 181, in create_pod\n    seccomp_profile \u003d cls.k8s_client.V1SeccompProfile(\nAttributeError: module \u0027kubernetes.client\u0027 has no attribute \u0027V1SeccompProfile\u0027\n\nWe either need to bump the version of kubernetes plugin in requirements or always skip this in older versions.","commit_id":"b89dfc2cbe105bcba33f81bd45cc975a33618b91"},{"author":{"_account_id":11600,"name":"Michał Dulko","email":"michal.dulko@gmail.com","username":"dulek"},"change_message_id":"3c80f4279e1d795d65290f1a95f7e25d839d2cb2","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":10,"id":"fe14bbf5_3e6ea347","updated":"2023-03-16 10:17:00.000000000","message":"Should we just default the option to False and set it explicitly on master?","commit_id":"b89dfc2cbe105bcba33f81bd45cc975a33618b91"},{"author":{"_account_id":11600,"name":"Michał Dulko","email":"michal.dulko@gmail.com","username":"dulek"},"change_message_id":"d2708792e1bc16010e78a45aff2b4a818e54beab","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":10,"id":"572afd01_5bacc832","updated":"2023-03-15 14:59:12.000000000","message":"recheck","commit_id":"b89dfc2cbe105bcba33f81bd45cc975a33618b91"},{"author":{"_account_id":13692,"name":"Roman Dobosz","email":"gryf73@gmail.com","username":"gryf"},"change_message_id":"54763b9be28febb6cd8e9b15aed665df134fc14a","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":10,"id":"eb4104b7_4c6d804d","in_reply_to":"f8dc6bf3_c38f8a0a","updated":"2023-03-16 10:06:13.000000000","message":"I guess the latter. At some poin Wallaby will go away, I don\u0027t think we should try to use newer version of k8s on old software, as there could be dragons.","commit_id":"b89dfc2cbe105bcba33f81bd45cc975a33618b91"},{"author":{"_account_id":13692,"name":"Roman Dobosz","email":"gryf73@gmail.com","username":"gryf"},"change_message_id":"99986b728a0a86c81c95d4d3dc2d1ee377c5506b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":10,"id":"6dfac478_146452b0","in_reply_to":"fe14bbf5_3e6ea347","updated":"2023-03-16 13:59:35.000000000","message":"Yes. Let\u0027s do that.","commit_id":"b89dfc2cbe105bcba33f81bd45cc975a33618b91"},{"author":{"_account_id":4727,"name":"Itzik Brown","email":"itzikb@redhat.com","username":"itzikb1"},"change_message_id":"1994a6ddd55d55b5e8ae225045dc83f2d7a0e6a8","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"275075b8_7fe3a345","updated":"2023-03-20 08:12:43.000000000","message":"recheck","commit_id":"0bbeb7dfe6c63c4a97f3177501206304d2a1de7e"},{"author":{"_account_id":13692,"name":"Roman Dobosz","email":"gryf73@gmail.com","username":"gryf"},"change_message_id":"99986b728a0a86c81c95d4d3dc2d1ee377c5506b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"94a63858_53b001af","updated":"2023-03-16 13:59:35.000000000","message":"recheck","commit_id":"0bbeb7dfe6c63c4a97f3177501206304d2a1de7e"},{"author":{"_account_id":11600,"name":"Michał Dulko","email":"michal.dulko@gmail.com","username":"dulek"},"change_message_id":"5a5df3a917d3e76aa1d49194fc55bba9203d7eb4","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"f4dc1237_2aafe95e","updated":"2023-03-17 14:25:18.000000000","message":"recheck\n\nLooks like it\u0027s working now.","commit_id":"0bbeb7dfe6c63c4a97f3177501206304d2a1de7e"}],"kuryr_tempest_plugin/config.py":[{"author":{"_account_id":11600,"name":"Michał Dulko","email":"michal.dulko@gmail.com","username":"dulek"},"change_message_id":"b36fed3a966cd18cc746e134df1cd6babca51533","unresolved":true,"context_lines":[{"line_number":118,"context_line":"    cfg.BoolOpt(\"annotation_project_driver\", default\u003dFalse,"},{"line_number":119,"context_line":"                help\u003d\"Whether or not annotation project tests will be \""},{"line_number":120,"context_line":"                     \"running\"),"},{"line_number":121,"context_line":"    cfg.BoolOpt(\"security_context_set\", default\u003dTrue,"},{"line_number":122,"context_line":"                help\u003d\"Whether or not to set security context for Kuryr demo \""},{"line_number":123,"context_line":"                     \"pods\"),"},{"line_number":124,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"fda09cf7_5b827895","line":121,"range":{"start_line":121,"start_character":17,"end_line":121,"end_character":37},"updated":"2023-02-15 15:51:46.000000000","message":"That should rather be \"set_pod_security_context\".","commit_id":"da5c5b3184d11814a4a67215a7a181309d271b2b"},{"author":{"_account_id":4727,"name":"Itzik Brown","email":"itzikb@redhat.com","username":"itzikb1"},"change_message_id":"c4a86b52644bd7f0ad2943c835e6642957e3cf60","unresolved":false,"context_lines":[{"line_number":118,"context_line":"    cfg.BoolOpt(\"annotation_project_driver\", default\u003dFalse,"},{"line_number":119,"context_line":"                help\u003d\"Whether or not annotation project tests will be \""},{"line_number":120,"context_line":"                     \"running\"),"},{"line_number":121,"context_line":"    cfg.BoolOpt(\"security_context_set\", default\u003dTrue,"},{"line_number":122,"context_line":"                help\u003d\"Whether or not to set security context for Kuryr demo \""},{"line_number":123,"context_line":"                     \"pods\"),"},{"line_number":124,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"4dcaa8f7_577b919c","line":121,"range":{"start_line":121,"start_character":17,"end_line":121,"end_character":37},"in_reply_to":"fda09cf7_5b827895","updated":"2023-02-16 08:59:35.000000000","message":"Done","commit_id":"da5c5b3184d11814a4a67215a7a181309d271b2b"}],"kuryr_tempest_plugin/tests/scenario/base.py":[{"author":{"_account_id":11600,"name":"Michał Dulko","email":"michal.dulko@gmail.com","username":"dulek"},"change_message_id":"b36fed3a966cd18cc746e134df1cd6babca51533","unresolved":true,"context_lines":[{"line_number":174,"context_line":"        pod.metadata \u003d cls.k8s_client.V1ObjectMeta(name\u003dname, labels\u003dlabels,"},{"line_number":175,"context_line":"                                                   annotations\u003dannotations)"},{"line_number":176,"context_line":""},{"line_number":177,"context_line":"        if CONF.kuryr_kubernetes.security_context_set:"},{"line_number":178,"context_line":"            seccomp_profile \u003d cls.k8s_client.V1SeccompProfile("},{"line_number":179,"context_line":"                type\u003d\u0027RuntimeDefault\u0027)"},{"line_number":180,"context_line":"            capabilities \u003d cls.k8s_client.V1Capabilities(drop\u003d[\u0027ALL\u0027])"},{"line_number":181,"context_line":"            security_context_container \u003d cls.k8s_client.V1SecurityContext("},{"line_number":182,"context_line":"                allow_privilege_escalation\u003dFalse, capabilities\u003dcapabilities)"},{"line_number":183,"context_line":"            security_context \u003d cls.k8s_client.V1PodSecurityContext("},{"line_number":184,"context_line":"                run_as_non_root\u003dTrue, seccomp_profile\u003dseccomp_profile)"},{"line_number":185,"context_line":"            container \u003d kubernetes.client.V1Container("},{"line_number":186,"context_line":"                name\u003dname, image\u003dimage,"},{"line_number":187,"context_line":"                image_pull_policy\u003d\u0027IfNotPresent\u0027,"},{"line_number":188,"context_line":"                security_context\u003dsecurity_context_container)"},{"line_number":189,"context_line":"            spec \u003d cls.k8s_client.V1PodSpec(containers\u003d[container],"},{"line_number":190,"context_line":"                                            security_context\u003dsecurity_context)"},{"line_number":191,"context_line":"        else:"},{"line_number":192,"context_line":"            container \u003d kubernetes.client.V1Container("},{"line_number":193,"context_line":"                name\u003dname, image\u003dimage, image_pull_policy\u003d\u0027IfNotPresent\u0027)"},{"line_number":194,"context_line":"            spec \u003d cls.k8s_client.V1PodSpec(containers\u003d[container])"},{"line_number":195,"context_line":""},{"line_number":196,"context_line":"        pod.spec \u003d spec"},{"line_number":197,"context_line":"        pod.spec.affinity \u003d affinity"}],"source_content_type":"text/x-python","patch_set":2,"id":"eeff6203_fe776be1","line":194,"range":{"start_line":177,"start_character":0,"end_line":194,"end_character":67},"updated":"2023-02-15 15:51:46.000000000","message":"You can do it like this to deduplicate some code:\n\nsecurity_context \u003d None\nsecurity_context_container \u003d None\nif CONF.kuryr_kubernetes.security_context_set:\n    seccomp_profile \u003d cls.k8s_client.V1SeccompProfile(\n        type\u003d\u0027RuntimeDefault\u0027)\n    capabilities \u003d cls.k8s_client.V1Capabilities(drop\u003d[\u0027ALL\u0027])\n    security_context_container \u003d cls.k8s_client.V1SecurityContext(\n        allow_privilege_escalation\u003dFalse, capabilities\u003dcapabilities)\n    security_context \u003d cls.k8s_client.V1PodSecurityContext(\n        run_as_non_root\u003dTrue, seccomp_profile\u003dseccomp_profile)\n\ncontainer \u003d kubernetes.client.V1Container(\n    name\u003dname, image\u003dimage,\n    image_pull_policy\u003d\u0027IfNotPresent\u0027,\n    security_context\u003dsecurity_context_container)\nspec \u003d cls.k8s_client.V1PodSpec(containers\u003d[container],\n                                security_context\u003dsecurity_context)\n                                \nAre you sure we can drop all the capabilities if we need the ones required to do PINGs from the containers?","commit_id":"da5c5b3184d11814a4a67215a7a181309d271b2b"},{"author":{"_account_id":11600,"name":"Michał Dulko","email":"michal.dulko@gmail.com","username":"dulek"},"change_message_id":"722ef86361ae606bf9652813a644b6485f903913","unresolved":true,"context_lines":[{"line_number":174,"context_line":"        pod.metadata \u003d cls.k8s_client.V1ObjectMeta(name\u003dname, labels\u003dlabels,"},{"line_number":175,"context_line":"                                                   annotations\u003dannotations)"},{"line_number":176,"context_line":""},{"line_number":177,"context_line":"        if CONF.kuryr_kubernetes.security_context_set:"},{"line_number":178,"context_line":"            seccomp_profile \u003d cls.k8s_client.V1SeccompProfile("},{"line_number":179,"context_line":"                type\u003d\u0027RuntimeDefault\u0027)"},{"line_number":180,"context_line":"            capabilities \u003d cls.k8s_client.V1Capabilities(drop\u003d[\u0027ALL\u0027])"},{"line_number":181,"context_line":"            security_context_container \u003d cls.k8s_client.V1SecurityContext("},{"line_number":182,"context_line":"                allow_privilege_escalation\u003dFalse, capabilities\u003dcapabilities)"},{"line_number":183,"context_line":"            security_context \u003d cls.k8s_client.V1PodSecurityContext("},{"line_number":184,"context_line":"                run_as_non_root\u003dTrue, seccomp_profile\u003dseccomp_profile)"},{"line_number":185,"context_line":"            container \u003d kubernetes.client.V1Container("},{"line_number":186,"context_line":"                name\u003dname, image\u003dimage,"},{"line_number":187,"context_line":"                image_pull_policy\u003d\u0027IfNotPresent\u0027,"},{"line_number":188,"context_line":"                security_context\u003dsecurity_context_container)"},{"line_number":189,"context_line":"            spec \u003d cls.k8s_client.V1PodSpec(containers\u003d[container],"},{"line_number":190,"context_line":"                                            security_context\u003dsecurity_context)"},{"line_number":191,"context_line":"        else:"},{"line_number":192,"context_line":"            container \u003d kubernetes.client.V1Container("},{"line_number":193,"context_line":"                name\u003dname, image\u003dimage, image_pull_policy\u003d\u0027IfNotPresent\u0027)"},{"line_number":194,"context_line":"            spec \u003d cls.k8s_client.V1PodSpec(containers\u003d[container])"},{"line_number":195,"context_line":""},{"line_number":196,"context_line":"        pod.spec \u003d spec"},{"line_number":197,"context_line":"        pod.spec.affinity \u003d affinity"}],"source_content_type":"text/x-python","patch_set":2,"id":"fa1593a8_67df4f9c","line":194,"range":{"start_line":177,"start_character":0,"end_line":194,"end_character":67},"in_reply_to":"c6d69ac4_6cad59c4","updated":"2023-02-23 16:26:52.000000000","message":"Try adding CAP_NET_RAW.","commit_id":"da5c5b3184d11814a4a67215a7a181309d271b2b"},{"author":{"_account_id":13692,"name":"Roman Dobosz","email":"gryf73@gmail.com","username":"gryf"},"change_message_id":"1f7f0bca1e0873ab95d8a44d779cc6a2893c9314","unresolved":true,"context_lines":[{"line_number":174,"context_line":"        pod.metadata \u003d cls.k8s_client.V1ObjectMeta(name\u003dname, labels\u003dlabels,"},{"line_number":175,"context_line":"                                                   annotations\u003dannotations)"},{"line_number":176,"context_line":""},{"line_number":177,"context_line":"        if CONF.kuryr_kubernetes.security_context_set:"},{"line_number":178,"context_line":"            seccomp_profile \u003d cls.k8s_client.V1SeccompProfile("},{"line_number":179,"context_line":"                type\u003d\u0027RuntimeDefault\u0027)"},{"line_number":180,"context_line":"            capabilities \u003d cls.k8s_client.V1Capabilities(drop\u003d[\u0027ALL\u0027])"},{"line_number":181,"context_line":"            security_context_container \u003d cls.k8s_client.V1SecurityContext("},{"line_number":182,"context_line":"                allow_privilege_escalation\u003dFalse, capabilities\u003dcapabilities)"},{"line_number":183,"context_line":"            security_context \u003d cls.k8s_client.V1PodSecurityContext("},{"line_number":184,"context_line":"                run_as_non_root\u003dTrue, seccomp_profile\u003dseccomp_profile)"},{"line_number":185,"context_line":"            container \u003d kubernetes.client.V1Container("},{"line_number":186,"context_line":"                name\u003dname, image\u003dimage,"},{"line_number":187,"context_line":"                image_pull_policy\u003d\u0027IfNotPresent\u0027,"},{"line_number":188,"context_line":"                security_context\u003dsecurity_context_container)"},{"line_number":189,"context_line":"            spec \u003d cls.k8s_client.V1PodSpec(containers\u003d[container],"},{"line_number":190,"context_line":"                                            security_context\u003dsecurity_context)"},{"line_number":191,"context_line":"        else:"},{"line_number":192,"context_line":"            container \u003d kubernetes.client.V1Container("},{"line_number":193,"context_line":"                name\u003dname, image\u003dimage, image_pull_policy\u003d\u0027IfNotPresent\u0027)"},{"line_number":194,"context_line":"            spec \u003d cls.k8s_client.V1PodSpec(containers\u003d[container])"},{"line_number":195,"context_line":""},{"line_number":196,"context_line":"        pod.spec \u003d spec"},{"line_number":197,"context_line":"        pod.spec.affinity \u003d affinity"}],"source_content_type":"text/x-python","patch_set":2,"id":"eb187084_9f0fe7f8","line":194,"range":{"start_line":177,"start_character":0,"end_line":194,"end_character":67},"in_reply_to":"cf0f9449_255cc197","updated":"2023-02-16 09:08:06.000000000","message":"well, only SCTP test fails on most zuul gates. That\u0027s might be lack of needed capabilities.","commit_id":"da5c5b3184d11814a4a67215a7a181309d271b2b"},{"author":{"_account_id":4727,"name":"Itzik Brown","email":"itzikb@redhat.com","username":"itzikb1"},"change_message_id":"db660a768728606fcba8addc14e76814e3efd086","unresolved":true,"context_lines":[{"line_number":174,"context_line":"        pod.metadata \u003d cls.k8s_client.V1ObjectMeta(name\u003dname, labels\u003dlabels,"},{"line_number":175,"context_line":"                                                   annotations\u003dannotations)"},{"line_number":176,"context_line":""},{"line_number":177,"context_line":"        if CONF.kuryr_kubernetes.security_context_set:"},{"line_number":178,"context_line":"            seccomp_profile \u003d cls.k8s_client.V1SeccompProfile("},{"line_number":179,"context_line":"                type\u003d\u0027RuntimeDefault\u0027)"},{"line_number":180,"context_line":"            capabilities \u003d cls.k8s_client.V1Capabilities(drop\u003d[\u0027ALL\u0027])"},{"line_number":181,"context_line":"            security_context_container \u003d cls.k8s_client.V1SecurityContext("},{"line_number":182,"context_line":"                allow_privilege_escalation\u003dFalse, capabilities\u003dcapabilities)"},{"line_number":183,"context_line":"            security_context \u003d cls.k8s_client.V1PodSecurityContext("},{"line_number":184,"context_line":"                run_as_non_root\u003dTrue, seccomp_profile\u003dseccomp_profile)"},{"line_number":185,"context_line":"            container \u003d kubernetes.client.V1Container("},{"line_number":186,"context_line":"                name\u003dname, image\u003dimage,"},{"line_number":187,"context_line":"                image_pull_policy\u003d\u0027IfNotPresent\u0027,"},{"line_number":188,"context_line":"                security_context\u003dsecurity_context_container)"},{"line_number":189,"context_line":"            spec \u003d cls.k8s_client.V1PodSpec(containers\u003d[container],"},{"line_number":190,"context_line":"                                            security_context\u003dsecurity_context)"},{"line_number":191,"context_line":"        else:"},{"line_number":192,"context_line":"            container \u003d kubernetes.client.V1Container("},{"line_number":193,"context_line":"                name\u003dname, image\u003dimage, image_pull_policy\u003d\u0027IfNotPresent\u0027)"},{"line_number":194,"context_line":"            spec \u003d cls.k8s_client.V1PodSpec(containers\u003d[container])"},{"line_number":195,"context_line":""},{"line_number":196,"context_line":"        pod.spec \u003d spec"},{"line_number":197,"context_line":"        pod.spec.affinity \u003d affinity"}],"source_content_type":"text/x-python","patch_set":2,"id":"c6d69ac4_6cad59c4","line":194,"range":{"start_line":177,"start_character":0,"end_line":194,"end_character":67},"in_reply_to":"eb187084_9f0fe7f8","updated":"2023-02-16 13:17:33.000000000","message":"I see that some gates fail on ping , I wonder why. What capabilities needed for sctp?","commit_id":"da5c5b3184d11814a4a67215a7a181309d271b2b"},{"author":{"_account_id":4727,"name":"Itzik Brown","email":"itzikb@redhat.com","username":"itzikb1"},"change_message_id":"c4a86b52644bd7f0ad2943c835e6642957e3cf60","unresolved":true,"context_lines":[{"line_number":174,"context_line":"        pod.metadata \u003d cls.k8s_client.V1ObjectMeta(name\u003dname, labels\u003dlabels,"},{"line_number":175,"context_line":"                                                   annotations\u003dannotations)"},{"line_number":176,"context_line":""},{"line_number":177,"context_line":"        if CONF.kuryr_kubernetes.security_context_set:"},{"line_number":178,"context_line":"            seccomp_profile \u003d cls.k8s_client.V1SeccompProfile("},{"line_number":179,"context_line":"                type\u003d\u0027RuntimeDefault\u0027)"},{"line_number":180,"context_line":"            capabilities \u003d cls.k8s_client.V1Capabilities(drop\u003d[\u0027ALL\u0027])"},{"line_number":181,"context_line":"            security_context_container \u003d cls.k8s_client.V1SecurityContext("},{"line_number":182,"context_line":"                allow_privilege_escalation\u003dFalse, capabilities\u003dcapabilities)"},{"line_number":183,"context_line":"            security_context \u003d cls.k8s_client.V1PodSecurityContext("},{"line_number":184,"context_line":"                run_as_non_root\u003dTrue, seccomp_profile\u003dseccomp_profile)"},{"line_number":185,"context_line":"            container \u003d kubernetes.client.V1Container("},{"line_number":186,"context_line":"                name\u003dname, image\u003dimage,"},{"line_number":187,"context_line":"                image_pull_policy\u003d\u0027IfNotPresent\u0027,"},{"line_number":188,"context_line":"                security_context\u003dsecurity_context_container)"},{"line_number":189,"context_line":"            spec \u003d cls.k8s_client.V1PodSpec(containers\u003d[container],"},{"line_number":190,"context_line":"                                            security_context\u003dsecurity_context)"},{"line_number":191,"context_line":"        else:"},{"line_number":192,"context_line":"            container \u003d kubernetes.client.V1Container("},{"line_number":193,"context_line":"                name\u003dname, image\u003dimage, image_pull_policy\u003d\u0027IfNotPresent\u0027)"},{"line_number":194,"context_line":"            spec \u003d cls.k8s_client.V1PodSpec(containers\u003d[container])"},{"line_number":195,"context_line":""},{"line_number":196,"context_line":"        pod.spec \u003d spec"},{"line_number":197,"context_line":"        pod.spec.affinity \u003d affinity"}],"source_content_type":"text/x-python","patch_set":2,"id":"cf0f9449_255cc197","line":194,"range":{"start_line":177,"start_character":0,"end_line":194,"end_character":67},"in_reply_to":"eeff6203_fe776be1","updated":"2023-02-16 08:59:35.000000000","message":"kuryr_tempest_plugin.tests.scenario.test_cross_ping.TestCrossPingScenario.test_pod_pod_ping works for me","commit_id":"da5c5b3184d11814a4a67215a7a181309d271b2b"},{"author":{"_account_id":13692,"name":"Roman Dobosz","email":"gryf73@gmail.com","username":"gryf"},"change_message_id":"84bf4f7820c6278c3f2e5879bea538746475d2c8","unresolved":true,"context_lines":[{"line_number":174,"context_line":"        pod.metadata \u003d cls.k8s_client.V1ObjectMeta(name\u003dname, labels\u003dlabels,"},{"line_number":175,"context_line":"                                                   annotations\u003dannotations)"},{"line_number":176,"context_line":""},{"line_number":177,"context_line":"        if CONF.kuryr_kubernetes.security_context_set:"},{"line_number":178,"context_line":"            seccomp_profile \u003d cls.k8s_client.V1SeccompProfile("},{"line_number":179,"context_line":"                type\u003d\u0027RuntimeDefault\u0027)"},{"line_number":180,"context_line":"            capabilities \u003d cls.k8s_client.V1Capabilities(drop\u003d[\u0027ALL\u0027])"},{"line_number":181,"context_line":"            security_context_container \u003d cls.k8s_client.V1SecurityContext("},{"line_number":182,"context_line":"                allow_privilege_escalation\u003dFalse, capabilities\u003dcapabilities)"},{"line_number":183,"context_line":"            security_context \u003d cls.k8s_client.V1PodSecurityContext("},{"line_number":184,"context_line":"                run_as_non_root\u003dTrue, seccomp_profile\u003dseccomp_profile)"},{"line_number":185,"context_line":"            container \u003d kubernetes.client.V1Container("},{"line_number":186,"context_line":"                name\u003dname, image\u003dimage,"},{"line_number":187,"context_line":"                image_pull_policy\u003d\u0027IfNotPresent\u0027,"},{"line_number":188,"context_line":"                security_context\u003dsecurity_context_container)"},{"line_number":189,"context_line":"            spec \u003d cls.k8s_client.V1PodSpec(containers\u003d[container],"},{"line_number":190,"context_line":"                                            security_context\u003dsecurity_context)"},{"line_number":191,"context_line":"        else:"},{"line_number":192,"context_line":"            container \u003d kubernetes.client.V1Container("},{"line_number":193,"context_line":"                name\u003dname, image\u003dimage, image_pull_policy\u003d\u0027IfNotPresent\u0027)"},{"line_number":194,"context_line":"            spec \u003d cls.k8s_client.V1PodSpec(containers\u003d[container])"},{"line_number":195,"context_line":""},{"line_number":196,"context_line":"        pod.spec \u003d spec"},{"line_number":197,"context_line":"        pod.spec.affinity \u003d affinity"}],"source_content_type":"text/x-python","patch_set":2,"id":"450977cf_98cb37b3","line":194,"range":{"start_line":177,"start_character":0,"end_line":194,"end_character":67},"in_reply_to":"fa1593a8_67df4f9c","updated":"2023-03-14 20:05:55.000000000","message":"This will not work. NET_RAW is not allowed neither for restricted[1] profile nor for baseline[2]. In fact, only NET_BIND_SERVICE is allowed.\n\n[1] https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted\n[2] https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline","commit_id":"da5c5b3184d11814a4a67215a7a181309d271b2b"},{"author":{"_account_id":11600,"name":"Michał Dulko","email":"michal.dulko@gmail.com","username":"dulek"},"change_message_id":"5867cdd96dc7ebd50e86e50f1c1978fae6f413e0","unresolved":true,"context_lines":[{"line_number":174,"context_line":"        pod.metadata \u003d cls.k8s_client.V1ObjectMeta(name\u003dname, labels\u003dlabels,"},{"line_number":175,"context_line":"                                                   annotations\u003dannotations)"},{"line_number":176,"context_line":""},{"line_number":177,"context_line":"        security_context \u003d None"},{"line_number":178,"context_line":"        security_context_container \u003d None"},{"line_number":179,"context_line":""},{"line_number":180,"context_line":"        if CONF.kuryr_kubernetes.set_pod_security_context:"},{"line_number":181,"context_line":"            seccomp_profile \u003d cls.k8s_client.V1SeccompProfile("},{"line_number":182,"context_line":"                type\u003d\u0027RuntimeDefault\u0027)"},{"line_number":183,"context_line":"            capabilities \u003d cls.k8s_client.V1Capabilities("},{"line_number":184,"context_line":"                drop\u003d[\u0027ALL\u0027], add\u003d[\"NET_BIND_SERVICE\"])"},{"line_number":185,"context_line":"            security_context_container \u003d cls.k8s_client.V1SecurityContext("},{"line_number":186,"context_line":"                allow_privilege_escalation\u003dFalse, capabilities\u003dcapabilities)"},{"line_number":187,"context_line":"            security_context \u003d cls.k8s_client.V1PodSecurityContext("},{"line_number":188,"context_line":"                run_as_non_root\u003dTrue, seccomp_profile\u003dseccomp_profile)"},{"line_number":189,"context_line":"        container \u003d kubernetes.client.V1Container("},{"line_number":190,"context_line":"            name\u003dname, image\u003dimage,"},{"line_number":191,"context_line":"            image_pull_policy\u003d\u0027IfNotPresent\u0027,"},{"line_number":192,"context_line":"            security_context\u003dsecurity_context_container)"},{"line_number":193,"context_line":"        spec \u003d cls.k8s_client.V1PodSpec(containers\u003d[container],"},{"line_number":194,"context_line":"                                        security_context\u003dsecurity_context)"},{"line_number":195,"context_line":""},{"line_number":196,"context_line":"        pod.spec \u003d spec"},{"line_number":197,"context_line":"        pod.spec.affinity \u003d affinity"}],"source_content_type":"text/x-python","patch_set":7,"id":"e2d296f9_a5119175","line":194,"range":{"start_line":177,"start_character":0,"end_line":194,"end_character":74},"updated":"2023-03-13 12:35:04.000000000","message":"So the idea is to set it only for Kubernetes 1.26? Is there any problem with setting it for previous versions?","commit_id":"1807fd4224ad6cb4dad9de426d6b27a90abc5304"},{"author":{"_account_id":13692,"name":"Roman Dobosz","email":"gryf73@gmail.com","username":"gryf"},"change_message_id":"84bf4f7820c6278c3f2e5879bea538746475d2c8","unresolved":true,"context_lines":[{"line_number":174,"context_line":"        pod.metadata \u003d cls.k8s_client.V1ObjectMeta(name\u003dname, labels\u003dlabels,"},{"line_number":175,"context_line":"                                                   annotations\u003dannotations)"},{"line_number":176,"context_line":""},{"line_number":177,"context_line":"        security_context \u003d None"},{"line_number":178,"context_line":"        security_context_container \u003d None"},{"line_number":179,"context_line":""},{"line_number":180,"context_line":"        if CONF.kuryr_kubernetes.set_pod_security_context:"},{"line_number":181,"context_line":"            seccomp_profile \u003d cls.k8s_client.V1SeccompProfile("},{"line_number":182,"context_line":"                type\u003d\u0027RuntimeDefault\u0027)"},{"line_number":183,"context_line":"            capabilities \u003d cls.k8s_client.V1Capabilities("},{"line_number":184,"context_line":"                drop\u003d[\u0027ALL\u0027], add\u003d[\"NET_BIND_SERVICE\"])"},{"line_number":185,"context_line":"            security_context_container \u003d cls.k8s_client.V1SecurityContext("},{"line_number":186,"context_line":"                allow_privilege_escalation\u003dFalse, capabilities\u003dcapabilities)"},{"line_number":187,"context_line":"            security_context \u003d cls.k8s_client.V1PodSecurityContext("},{"line_number":188,"context_line":"                run_as_non_root\u003dTrue, seccomp_profile\u003dseccomp_profile)"},{"line_number":189,"context_line":"        container \u003d kubernetes.client.V1Container("},{"line_number":190,"context_line":"            name\u003dname, image\u003dimage,"},{"line_number":191,"context_line":"            image_pull_policy\u003d\u0027IfNotPresent\u0027,"},{"line_number":192,"context_line":"            security_context\u003dsecurity_context_container)"},{"line_number":193,"context_line":"        spec \u003d cls.k8s_client.V1PodSpec(containers\u003d[container],"},{"line_number":194,"context_line":"                                        security_context\u003dsecurity_context)"},{"line_number":195,"context_line":""},{"line_number":196,"context_line":"        pod.spec \u003d spec"},{"line_number":197,"context_line":"        pod.spec.affinity \u003d affinity"}],"source_content_type":"text/x-python","patch_set":7,"id":"5981cc71_e40bfe1d","line":194,"range":{"start_line":177,"start_character":0,"end_line":194,"end_character":74},"in_reply_to":"e2d296f9_a5119175","updated":"2023-03-14 20:05:55.000000000","message":"Well, there is no guarantee, that k8s 1.26 is the culprit here. I might imagine, that default OCP configuration forcing certain pod sec standard. Currently I cannot run k8s/cri-o 1.26 with devstack, as there are issues between cri-o and kubelet. Obscure kubelet logs doesn\u0027t help.","commit_id":"1807fd4224ad6cb4dad9de426d6b27a90abc5304"},{"author":{"_account_id":11600,"name":"Michał Dulko","email":"michal.dulko@gmail.com","username":"dulek"},"change_message_id":"9dd08f0fd2b97d5e420e2e012fa113756b7523d5","unresolved":true,"context_lines":[{"line_number":174,"context_line":"        pod.metadata \u003d cls.k8s_client.V1ObjectMeta(name\u003dname, labels\u003dlabels,"},{"line_number":175,"context_line":"                                                   annotations\u003dannotations)"},{"line_number":176,"context_line":""},{"line_number":177,"context_line":"        security_context \u003d None"},{"line_number":178,"context_line":"        security_context_container \u003d None"},{"line_number":179,"context_line":""},{"line_number":180,"context_line":"        if CONF.kuryr_kubernetes.set_pod_security_context and security_context:"}],"source_content_type":"text/x-python","patch_set":8,"id":"ee822f81_f2fb8c36","line":177,"range":{"start_line":177,"start_character":0,"end_line":177,"end_character":31},"updated":"2023-03-13 14:52:17.000000000","message":"Looks like you have variable name conflict?","commit_id":"f1b6aa2fceb1e17dd6c67db86fc45267cef5c748"},{"author":{"_account_id":13692,"name":"Roman Dobosz","email":"gryf73@gmail.com","username":"gryf"},"change_message_id":"84bf4f7820c6278c3f2e5879bea538746475d2c8","unresolved":false,"context_lines":[{"line_number":174,"context_line":"        pod.metadata \u003d cls.k8s_client.V1ObjectMeta(name\u003dname, labels\u003dlabels,"},{"line_number":175,"context_line":"                                                   annotations\u003dannotations)"},{"line_number":176,"context_line":""},{"line_number":177,"context_line":"        security_context \u003d None"},{"line_number":178,"context_line":"        security_context_container \u003d None"},{"line_number":179,"context_line":""},{"line_number":180,"context_line":"        if CONF.kuryr_kubernetes.set_pod_security_context and security_context:"}],"source_content_type":"text/x-python","patch_set":8,"id":"bfcdec51_c71caa07","line":177,"range":{"start_line":177,"start_character":0,"end_line":177,"end_character":31},"in_reply_to":"ee822f81_f2fb8c36","updated":"2023-03-14 20:05:55.000000000","message":"Ack","commit_id":"f1b6aa2fceb1e17dd6c67db86fc45267cef5c748"},{"author":{"_account_id":27032,"name":"Maysa de Macedo Souza","email":"maysa.macedo95@gmail.com","username":"maysa"},"change_message_id":"71e8dbc31bf3f436ba20d832c95cf04866e4006e","unresolved":true,"context_lines":[{"line_number":1479,"context_line":"            if protocol \u003d\u003d \"SCTP\":"},{"line_number":1480,"context_line":"                pod_name, _ \u003d self.create_pod("},{"line_number":1481,"context_line":"                    labels\u003dlabels, image\u003d\u0027quay.io/kuryr/sctp-demo\u0027,"},{"line_number":1482,"context_line":"                    namespace\u003dnamespace, pod_security\u003dFalse)"},{"line_number":1483,"context_line":"            else:"},{"line_number":1484,"context_line":"                pod_name, _ \u003d self.create_pod("},{"line_number":1485,"context_line":"                    namespace\u003dnamespace, labels\u003dlabels)"}],"source_content_type":"text/x-python","patch_set":11,"id":"b052f170_416068f8","line":1482,"range":{"start_line":1482,"start_character":41,"end_line":1482,"end_character":53},"updated":"2023-03-17 10:24:31.000000000","message":"Why we set pod_security as false for SCTP Pods?","commit_id":"0bbeb7dfe6c63c4a97f3177501206304d2a1de7e"},{"author":{"_account_id":4727,"name":"Itzik Brown","email":"itzikb@redhat.com","username":"itzikb1"},"change_message_id":"0c2a254e3fb7c6eef55f0d14813df387342048b4","unresolved":true,"context_lines":[{"line_number":1479,"context_line":"            if protocol \u003d\u003d \"SCTP\":"},{"line_number":1480,"context_line":"                pod_name, _ \u003d self.create_pod("},{"line_number":1481,"context_line":"                    labels\u003dlabels, image\u003d\u0027quay.io/kuryr/sctp-demo\u0027,"},{"line_number":1482,"context_line":"                    namespace\u003dnamespace, pod_security\u003dFalse)"},{"line_number":1483,"context_line":"            else:"},{"line_number":1484,"context_line":"                pod_name, _ \u003d self.create_pod("},{"line_number":1485,"context_line":"                    namespace\u003dnamespace, labels\u003dlabels)"}],"source_content_type":"text/x-python","patch_set":11,"id":"3a382aa3_01ef3f0b","line":1482,"range":{"start_line":1482,"start_character":41,"end_line":1482,"end_character":53},"in_reply_to":"b052f170_416068f8","updated":"2023-03-20 08:14:54.000000000","message":"It\u0027s the only one that can\u0027t use the default security standard with the capabilities we set","commit_id":"0bbeb7dfe6c63c4a97f3177501206304d2a1de7e"}]}
