-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
test: enable PodSecurityPolicy in CI #11140
Conversation
test-me-please |
test-missed-k8s |
test-upstream-k8s |
c1a4cd2
to
77e293b
Compare
test-missed-k8s |
77e293b
to
d7dd1af
Compare
test-me-please |
d7dd1af
to
bec0440
Compare
test-me-please |
1 similar comment
test-me-please |
restart-ginkgo |
d143b08
to
45d5de8
Compare
test-me-please |
@joestringer Sorry, this somehow fell between the cracks. I haven't worked on it for the last few days. Currently, the PR is not in a working state as the |
45d5de8
to
b55e4e4
Compare
test-me-please |
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
b55e4e4
to
a9169db
Compare
c454f48
to
595d461
Compare
ca6afbc
to
421ed5e
Compare
test-me-please |
421ed5e
to
01bf219
Compare
Enable for k8s 1.17 and 1.18. The PodSecurityPolicy is not feature-gated but enabled by enabling the PodSecurityPolicy admission plugin on kube-apiserver. Fixes #10659 Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
These relaxations are currently needed to successfully run Cilium in CI with PodSecurityPolicy. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
This allows for application pods running in the default namespace to be deployed in the k8s cluster. Signed-off-by: André Martins <andre@cilium.io>
Signed-off-by: André Martins <andre@cilium.io>
this PSP will be used for all other components that require a PSP to work properly. We can have a permissive PSP for these components since we have a dedicated PSP for Cilium. Signed-off-by: André Martins <andre@cilium.io>
When config options that open hostPorts are enabled the PodeSecurityPolicy needs to reflect this or it will not be selected. Signed-off-by: Christian Frantsen <christian.frantsen@dom.se> Signed-off-by: André Martins <andre@cilium.io>
Signed-off-by: Christian Frantsen <christian.frantsen@dom.se>
Signed-off-by: Christian Frantsen <christian.frantsen@dom.se>
Signed-off-by: Christian Frantsen <christian.frantsen@dom.se>
01bf219
to
12de9a8
Compare
@aanm @tklauser Seems like PSP will unlikely go to GA, and probably get deprecated as per kubernetes/enhancements#5 I am curious what cilium roadmap will look like on this matter. |
@sayboras interesting, I've been actually working on this PR lately. Thank you for let me know! |
Closing this PR. PodSecurityPolicy will be removed from Kubernetes kubernetes/kubernetes#90603 |
Enable for k8s 1.18 only for CI testing.
Fixes #10659