compliantkubernetes-kubespray icon indicating copy to clipboard operation
compliantkubernetes-kubespray copied to clipboard

Published 20 hours ago verified publisher icon elastisys

Configuration for snapshot-controller

Open robinelastisys opened this issue 8 months ago • 5 comments

[!warning] This is a public repository, ensure not to disclose:

  • [x] personal data beyond what is necessary for interacting with this pull request, nor
  • [x] business confidential information, such as customer names.

What kind of PR is this?

Required: Mark one of the following that is applicable:

  • [ ] kind/feature
  • [x] kind/improvement
  • [ ] kind/deprecation
  • [ ] kind/documentation
  • [ ] kind/clean-up
  • [ ] kind/bug
  • [ ] kind/other

Optional: Mark one or more of the following that are applicable:

[!important] Breaking changes should be marked kind/admin-change or kind/dev-change depending on type Critical security fixes should be marked with kind/security

  • [ ] kind/admin-change
  • [ ] kind/dev-change
  • [ ] kind/security
  • [ ] kind/adr

What does this PR do / why do we need this PR?

  • Fixes #362

Information to reviewers

My main question to my reviewers is... Is this enough? The snapshot-controller pod has been enabled for cinder-csi for a very long and it seems like a VolumeSnapshotClass already is defined by default? A clearer definition of done may be needed. Because of this, I would like to have some input on what we want to achieve at the end of the day. :thinking:

Checklist

  • [x] Proper commit message prefix on all commits
  • Change checks:
    • [x] The change is transparent
    • [ ] The change is disruptive
    • [x] The change requires no migration steps
    • [ ] The change requires migration steps
  • Metrics checks:
    • [x] The metrics are still exposed and present in Grafana after the change
    • [ ] The metrics names didn't change (Grafana dashboards and Prometheus alerts are not affected)
    • [ ] The metrics names did change (Grafana dashboards and Prometheus alerts were fixed)
  • Logs checks:
    • [x] The logs do not show any errors after the change
  • Pod Security Policy checks:
    • [ ] Any changed pod is covered by Pod Security Admission
    • [ ] Any changed pod is covered by Gatekeeper Pod Security Policies
    • [x] The change does not cause any pods to be blocked by Pod Security Admission or Policies
  • Network Policy checks:
    • [x] Any changed pod is covered by Network Policies
    • [ ] The change does not cause any dropped packets in the NetworkPolicy Dashboard
  • Audit checks:
    • [x] The change does not cause any unnecessary Kubernetes audit events
    • [ ] The change requires changes to Kubernetes audit policy
  • Falco checks:
    • [x] The change does not cause any alerts to be generated by Falco
  • Bug checks:
    • [x] The bug fix is covered by regression tests

robinelastisys avatar Jun 18 '24 08:06 robinelastisys