-
Notifications
You must be signed in to change notification settings - Fork 453
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove PodSecurityPolicy
from requiredPlugins and add a user-facing warning to consider migration
#6700
Conversation
Skipping CI for Draft Pull Request. |
@shafeeqes: The label(s) In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
PodSecurityPolicy
from requiredPlugins and add a user-facing warning to consider migration
/test all |
This failure is expected. Will now fix this in another commit. |
2556f05
to
071cc71
Compare
71ee96f
to
10216f8
Compare
/assign |
10216f8
to
c10e8fb
Compare
Related to #6671 |
989077e
to
e07f2e9
Compare
/retest |
This extension issue can still happen for versions > 1.22 also, right? |
I added a release note asking to update the extensions to versions which support this change. But we don't have a compatibility matrix as of now. |
PSP is not really required for a functional cluster, is it? If it was disabled then there would simply be no effect (it's like "unprivileged" mode). |
8742de5
to
3ed9cf0
Compare
Did you mean to say "privileged"? Without the PSP admission plugin, there won't be any "restrictions" for the pods. |
Otherwise the update to v1.25 will be rejected. Even if the user sets this field to nil, the defaulting will again set it to true.
3ed9cf0
to
e6f1a78
Compare
@shafeeqes: The following tests failed, say
Full PR test history. Your PR dashboard. Command help for this repository. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
New provider-openstack version is released, We can now unhold this PR /cc @shafeeqes . |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/milestone v1.58 |
/unhold |
How to categorize this PR?
/area usability control-plane testing
/kind enhancement
What this PR does / why we need it:
This PR adds a user-faced warning for shoots >= v1.23 and < v1.25, to consider migrating from
PodSecurityPolicy
toPodSecurity
admission controller.This PR also removes the
PodSecurityPolicy
from the required plugins.The e2e tests for create-update-delete shoot is also enhanced.
Which issue(s) this PR fixes:
Part of #5250
Special notes for your reviewer:
/hold until gardener/gardener-extension-provider-openstack#485 is released.Release note: