chore: [NPM] Updated NPM to Not Share Host's UTS Namespace + Image/Configmap Alignment with Prod (#2589)

rayaisaiah · web-flow · commit 8d68e7527a72 · 2024-02-15T22:28:26.000Z
* Added a security context for allowPrivilegeEscalation and readOnlyRootFilesystem * Update npm linux to not share the host's UTS namespace and tested locally * Updated image and configmap of npm to match prod/managed * kept EnablePprof on for debugging * Updating k8s version for kind for cyclonus tests * test * test * updated cluster name * Revert "updated cluster name" This reverts commit 7715c91. * update name * Updated k8s version * updated k8s version * changed k8s version to version of local cluster * updated kind node version for control plane * version update * updated kind version * updated worker images for kind
diff --git a/.github/workflows/cyclonus-netpol-test.yaml b/.github/workflows/cyclonus-netpol-test.yaml
@@ -35,11 +35,12 @@ jobs:
           go-version: '^1.21'
 
       - name: Setup Kind
-        uses: engineerd/setup-kind@v0.5.0
+        uses: helm/kind-action@v1
         with:
-          version: "v0.11.1"
+          version: "v0.22.0"
+          kubectl_version: "v1.27.7"
           config: ./test/kind/kind.yaml
-          name: npm-kind
+          cluster_name: npm-kind
 
       - name: Check Kind
         run: |
diff --git a/npm/azure-npm.yaml b/npm/azure-npm.yaml
@@ -79,7 +79,7 @@ spec:
           operator: Exists
       containers:
         - name: azure-npm
-          image: mcr.microsoft.com/containernetworking/azure-npm:v1.4.29
+          image: mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.3
           resources:
             limits:
               cpu: 250m
@@ -106,6 +106,7 @@ spec:
             - name: azure-npm-config
               mountPath: /etc/azure-npm
       hostNetwork: true
+      hostUsers: false
       nodeSelector:
         kubernetes.io/os: linux
       volumes:
@@ -162,7 +163,6 @@ data:
             "EnableHTTPDebugAPI":      true,
             "EnableV2NPM":             true,
             "PlaceAzureChainFirst":    false,
-            "ApplyIPSetsOnNeed":       false,
             "ApplyInBackground":       true,
             "NetPolInBackground":      true
         }
diff --git a/test/kind/kind.yaml b/test/kind/kind.yaml
@@ -2,11 +2,11 @@ kind: Cluster
 apiVersion: kind.x-k8s.io/v1alpha4
 nodes:
   - role: control-plane
-    image: kindest/node:v1.19.11
+    image: kindest/node:v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245
   - role: worker
-    image: kindest/node:v1.19.11
+    image: kindest/node:v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245
   - role: worker
-    image: kindest/node:v1.19.11
+    image: kindest/node:v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245
 networking:
   ipFamily: ipv4
   podSubnet: "10.10.0.0/16"
