MULTIARCH-4654: Enabled the Security Profiles Operator for ppc64le

[pranitaT]

What type of PR is this?

/kind feature

What this PR does / why we need it:

This PR enables the Security Profiles Operator for the ppc64le architecture, providing support for managing seccomp and SELinux profiles. The changes have been tested and verified using logenricher to ensure functionality and compliance.

Which issue(s) this PR fixes: https://issues.redhat.com/browse/MULTIARCH-4654

Does this PR have test?

N/A

Special notes for your reviewer:

• Tested for compatibility with seccomp and SELinux profiles on the ppc64le architecture.
• Verified functionality using logenricher.

Does this PR introduce a user-facing change?

Enabled the Security Profiles Operator for `ppc64le` architecture with support for seccomp and SELinux profile management.

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: pranitaT / name: Pranita Turrey (18f0e45)

[k8s-ci-robot]

Welcome @pranitaT!

It looks like this is your first PR to kubernetes-sigs/security-profiles-operator 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/security-profiles-operator has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[k8s-ci-robot]

Hi @pranitaT. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[saschagrunert]

Thank you for the PR @pranitaT, do you mind signing the CLA?

[prb112]

Hey @saschagrunert I shared with Pranita how our team signs the CLA. We'll get this done a.s.a.p. Thank you for the time, Paul

[saschagrunert]

Please rebase to fix the CI

[saschagrunert]

/ok-to-test

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 75.00000% with 4 lines in your changes missing coverage. Please review.

Project coverage is 41.26%. Comparing base (11d77f4) to head (18f0e45).
Report is 710 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2589      +/-   ##
==========================================
- Coverage   45.50%   41.26%   -4.24%     
==========================================
  Files          79      117      +38     
  Lines        7782    19725   +11943     
==========================================
+ Hits         3541     8140    +4599     
- Misses       4099    11048    +6949     
- Partials      142      537     +395     

[saschagrunert]

The build seems to fail:

69.70 internal/pkg/daemon/bpfrecorder/bpfrecorder_linux_amd64.go:26:9: undefined: toStringInt8
69.70 internal/pkg/daemon/bpfrecorder/bpfrecorder_linux_amd64.go:31:9: undefined: toStringInt8

[prb112]

Will follow-up with Pranita, thanks

[prb112]

Added a PR for Pranita to use as a basis of the fix pranitaT#3

[saschagrunert]

Unfortunately, this one needs a rebase now.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: pranitaT, saschagrunert

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [saschagrunert]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[prb112]

/retest

[pranitaT]

Hi @saschagrunert,
Could you please initiate a retest for this PR?
Thank you!

[Vincent056]

/retest

[k8s-ci-robot]

New changes are detected. LGTM label has been removed.

[prb112]

Thanks @pranita

Creating the dummy commit and removing it did wonders.

I looked at the run and most of the action/workflows are passing.
The one failure is e2e-apparmor-profile lint to workflow run

2025-02-12T07:44:43.7769765Z [pod/security-profiles-operator-7986b75f5b-zc6fm/security-profiles-operator] E0212 07:44:34.153933       1 reflector.go:166] "Unhandled Error" err="k8s.io/client-go@v0.32.1/tools/cache/reflector.go:251: Failed to watch *v1alpha1.AppArmorProfile: failed to list *v1alpha1.AppArmorProfile: apparmorprofiles.security-profiles-operator.x-k8s.io is forbidden: User \"system:serviceaccount:security-profiles-operator:security-profiles-operator\" cannot list resource \"apparmorprofiles\" in API group \"security-profiles-operator.x-k8s.io\" at the cluster scope" logger="UnhandledError"

We should look at it locally and see if we replicate; unless @saschagrunert or @Vincent056 says otherwise.