chore: [NPM] Updated NPM to Not Share Host's UTS Namespace + Image/Configmap Alignment with Prod (#2589)

* Added a security context for allowPrivilegeEscalation and readOnlyRootFilesystem * Update npm linux to not share the host's UTS namespace and tested locally * Updated image and configmap of npm to match prod/managed * kept EnablePprof on for debugging * Updating k8s version for kind for cyclonus tests * test * test * updated cluster name * Revert "updated cluster name" This reverts commit 7715c91098. * update name * Updated k8s version * updated k8s version * changed k8s version to version of local cluster * updated kind node version for control plane * version update * updated kind version * updated worker images for kind
2024-02-15 14:28:26 -08:00 · 2024-02-15 14:28:26 -08:00 · 8d68e7527a
--- a/.github/workflows/cyclonus-netpol-test.yaml
+++ b/.github/workflows/cyclonus-netpol-test.yaml
@ -35,11 +35,12 @@ jobs:
          go-version: '^1.21'

      - name: Setup Kind
-        uses: engineerd/setup-kind@v0.5.0
+        uses: helm/kind-action@v1
        with:
-          version: "v0.11.1"
+          version: "v0.22.0"
+          kubectl_version: "v1.27.7"
          config: ./test/kind/kind.yaml
-          name: npm-kind
+          cluster_name: npm-kind

      - name: Check Kind
        run: |
--- a/npm/azure-npm.yaml
+++ b/npm/azure-npm.yaml
@ -79,7 +79,7 @@ spec:
          operator: Exists
      containers:
        - name: azure-npm
-          image: mcr.microsoft.com/containernetworking/azure-npm:v1.4.29
+          image: mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.3
          resources:
            limits:
              cpu: 250m
@ -106,6 +106,7 @@ spec:
            - name: azure-npm-config
              mountPath: /etc/azure-npm
      hostNetwork: true
+      hostUsers: false
      nodeSelector:
        kubernetes.io/os: linux
      volumes:
@ -162,7 +163,6 @@ data:
            "EnableHTTPDebugAPI":      true,
            "EnableV2NPM":             true,
            "PlaceAzureChainFirst":    false,
-            "ApplyIPSetsOnNeed":       false,
            "ApplyInBackground":       true,
            "NetPolInBackground":      true
        }
--- a/test/kind/kind.yaml
+++ b/test/kind/kind.yaml
@ -2,11 +2,11 @@ kind: Cluster
 apiVersion: kind.x-k8s.io/v1alpha4
 nodes:
  - role: control-plane
-    image: kindest/node:v1.19.11
+    image: kindest/node:v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245
  - role: worker
-    image: kindest/node:v1.19.11
+    image: kindest/node:v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245
  - role: worker
-    image: kindest/node:v1.19.11
+    image: kindest/node:v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245
 networking:
  ipFamily: ipv4
  podSubnet: "10.10.0.0/16"