Skip to content

Apply restricted Pod Security Standard to all deployments#37

Merged
k8s-ci-robot merged 1 commit into
kubernetes-sigs:mainfrom
matzew:security-context-restricted-defaults
Mar 16, 2026
Merged

Apply restricted Pod Security Standard to all deployments#37
k8s-ci-robot merged 1 commit into
kubernetes-sigs:mainfrom
matzew:security-context-restricted-defaults

Conversation

@matzew

@matzew matzew commented Mar 13, 2026

Copy link
Copy Markdown
Member

Ensure operator-created MCPServer deployments can run in namespaces enforcing the "restricted" Pod Security Standard without requiring users to manually configure security contexts on every MCPServer CR.

Applied same to pattern to controller's deployment too

@k8s-ci-robot k8s-ci-robot requested review from mrunalp and soltysh March 13, 2026 11:27
@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Mar 13, 2026
@aliok

aliok commented Mar 13, 2026

Copy link
Copy Markdown
Member

LGTM
Thanks!

@matzew

matzew commented Mar 13, 2026

Copy link
Copy Markdown
Member Author

/assign @ArangoGutierrez

ArangoGutierrez
ArangoGutierrez approved these changes Mar 16, 2026
View reviewed changes

@ArangoGutierrez ArangoGutierrez left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added lgtm "Looks good to me", indicates that a PR is ready to be merged. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Mar 16, 2026
@matzew
Apply restricted Pod Security Standard to all deployments
e06d867 
Ensure operator-created MCP server deployments can run in namespaces
enforcing the "restricted" Pod Security Standard without requiring
users to manually configure security contexts on every MCPServer CR.

Signed-off-by: Matthias Wessendorf <mwessend@redhat.com>
@matzew matzew force-pushed the security-context-restricted-defaults branch from 4687508 to e06d867 Compare March 16, 2026 10:02
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 16, 2026
ArangoGutierrez
ArangoGutierrez approved these changes Mar 16, 2026
View reviewed changes

@ArangoGutierrez ArangoGutierrez left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rebased
/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 16, 2026
@k8s-ci-robot

k8s-ci-robot commented Mar 16, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ArangoGutierrez, matzew

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit 81edbaa into kubernetes-sigs:main Mar 16, 2026
5 checks passed
@matzew matzew mentioned this pull request Mar 16, 2026
Closed
11 tasks
@matzew matzew deleted the security-context-restricted-defaults branch March 27, 2026 07:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ArangoGutierrez ArangoGutierrez ArangoGutierrez approved these changes

@mrunalp mrunalp Awaiting requested review from mrunalp

@soltysh soltysh Awaiting requested review from soltysh

Assignees

@ArangoGutierrez ArangoGutierrez

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@matzew @aliok @k8s-ci-robot @ArangoGutierrez