-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[v2.9][v1.29] Rancher K8s v1.29.0 update #45380
base: release/v2.9
Are you sure you want to change the base?
Conversation
4009a83
to
25b37e6
Compare
7bccba4
to
2d177ae
Compare
c59803d
to
3cec011
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@krunalhinguu We also need to update kubeVersion
in Chart.yaml to add support for 1.29
Line 6 in 3c48a19
kubeVersion: < 1.29.0-0 |
1013644
to
4aa0070
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Such a huge PR, good job!
It looks good to me overall, and I have a few suggestions and questions.
@@ -2,6 +2,8 @@ module github.com/rancher/rancher | |||
|
|||
go 1.22 | |||
|
|||
replace github.com/rancher/shepherd => github.com/caliskanugur/shepherd v0.0.0-20240507144611-b10827fbb1f1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This will be switched back to rancher/shepherd, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yup, once this pull request is merged, automation team will proceed to update rancher/shepherd, which has a dependency on rancher/apis. Afterward, I'll ensure that this is updated with the appropriate rancher/shepherd tag.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just to keep track of this : #45564
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cool, it sounds good to me.
tests/validation/tests/v3_api/resource/terraform/k3s/master/install_k3s_master.sh
Outdated
Show resolved
Hide resolved
c2de2a3
to
a8e15f2
Compare
Need @maxsokolovsky's review around PSP removal before merging. |
a8e15f2
to
32d5b05
Compare
32d5b05
to
c90eb3f
Compare
@krunalhinguu , thank you for updating the PR. Unfortunately CI is failing after latest force-push that updated error handling packages usage - https://drone-pr.rancher.io/rancher/rancher/39365/6/2. Could you please resolve this? |
@snasovich looks like all the builds are failing in release-v2.9, I have to check the reason |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A couple of questions:
- Are there any ClusterRoles and ClusterRoleBindings with permissions to perform actions on PSPs that may need to be removed?
- If yes, do we know if these bindings only act on PSP objects and no others?
I am not seeing any cleanup of these remaining objects, and we might want that.
Cleanup is usually done by running custom code or Job when the agent starts up. See this example: #42325
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Another question is about CRDs, CRs, and PSP resources themselves.
In case of CRDs, any deletions will trigger K8s to delete custom resources of that kind. So those PSP Bindings will get deleted when the CRD for them is deleted. But what about PSPs themselves? Those are not strictly CRDs but resources of a K8s group. Are they treated the same as CRs when a CRD is deleted? If the K8s API server doesn't know about PSPs, does it delete them all?
@maxsokolovsky , thank you for the feedback. @krunalhinguu (cc: @mitulshah-suse ), please let us know if in fact we require these non-trivial changes to address @maxsokolovsky's concerns. |
Issue:
Problem
Solution
PodSecurityPolicy
PodSecurityPolicyTemplateProjectBinding
PodSecurityPolicyTemplateName
PSP
forceAdopt
is renamed totakeOwnership
as part of helm3.14.3
golangci-lint
version. go1.22 support golangci/golangci-lint#4273Testing
Engineering Testing
Manual Testing
Automated Testing
Summary: TODO
QA Testing Considerations
Regressions Considerations
TODO
Existing / newly added automated tests that provide evidence there are no regressions: