-
Epic
-
Resolution: Done
-
Critical
-
None
-
None
-
None
-
None
-
Make SPO profile recording suitable for large workloads
-
False
-
None
-
False
-
Not Selected
-
To Do
-
0% To Do, 0% In Progress, 100% Done
Epic Goal
- Make SPO profile recording useful for large and complex workloads
Why is this important?
- SPO is able to record SELinux and seccomp policies for smaller workloads, but there are issues scaling up, both with the recording webhook and the way the resulting policies are generated
Scenarios
- As an application developer, I want to record SELinux or seccomp profiles or my workload without worrying about SPO stability or having to manually post-process the recorded policies
Acceptance Criteria
- Profiles can be recorded even for workloads that scale up or down during the recoridng
- Manipulating the workload (scaling, deleting its resources etc) must never trigger errors in the webhooks
- SPO must be able to produce a single policy per container, not a single policy per container instance
Dependencies (internal and external)
- internally, we need to remove
Previous Work (Optional):
- N/A
Open questions::
- to be discussed upstream - which mode of recording (merging or per-container-instance) should be the default
Done Checklist
- CI - CI is running, tests are automated and merged.
- Release Enablement <link to Feature Enablement Presentation>
- DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
- DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
- DEV - Downstream build attached to advisory: <link to errata>
- QE - Test plans in Polarion: <link or reference to Polarion>
- QE - Automated tests merged: <link or reference to automated tests>
- DOC - Downstream documentation merged: <link to meaningful PR>
- blocks
-
-
- Closed
-