Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add psp support when its configured in acceptance tests #917

Merged
merged 2 commits into from
Dec 10, 2021
Merged

add psp support when its configured in acceptance tests #917

merged 2 commits into from
Dec 10, 2021

Conversation

kschoche
Copy link
Contributor

@kschoche kschoche commented Dec 9, 2021

Changes proposed in this PR:

  • Adds PSP support global.psp.enable=true to vault when it is enabled in nightly acceptance tests. currenlty the GKE-1.19 nightly is failing due to missing PSP in vault installation.

How I've tested this PR:
deployed with this flag on a local cluster and saw that it created the PSP policies:

demo $ k get psp
Warning: policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
NAME                               PRIV    CAPS   SELINUX    RUNASUSER          FSGROUP     SUPGROUP    READONLYROOTFS   VOLUMES
test-fztisb-vault                  false          RunAsAny   MustRunAsNonRoot   MustRunAs   MustRunAs   false            configMap,emptyDir,projected,secret,downwardAPI,persistentVolumeClaim
test-fztisb-vault-agent-injector   false          RunAsAny   MustRunAsNonRoot   MustRunAs   MustRunAs   false            configMap,emptyDir,projected,secret,downwardAPI

How I expect reviewers to test this PR:
code review

Checklist:

  • Tests added
  • CHANGELOG entry added

    HashiCorp engineers only, community PRs should not add a changelog entry.
    Entries should use present tense (e.g. Add support for...)

@kschoche kschoche added the vault label Dec 9, 2021
@kschoche kschoche requested a review from a team December 9, 2021 04:07
@kschoche kschoche self-assigned this Dec 9, 2021
@kschoche kschoche requested review from ndhanushkodi, thisisnotashwin and lkysow and removed request for a team December 9, 2021 04:07
@kschoche kschoche merged commit c4cafff into main Dec 10, 2021
@kschoche kschoche deleted the enable-psp-vault branch December 10, 2021 20:03
ndhanushkodi added a commit that referenced this pull request Dec 13, 2021
@ndhanushkodi
revert go mod changes from #917
f6fb089
ndhanushkodi added a commit that referenced this pull request Dec 14, 2021
@ndhanushkodi
Revert go mod changes from #917 (#928)
ff83358 
* And skip vault test if PSPs are enabled. Support for that will be added later.
rrondeau pushed a commit to rrondeau/consul-k8s that referenced this pull request Dec 21, 2021
@kschoche
Release/0.32.0-beta1 (hashicorp#917)
44600e1 
* update for release
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ndhanushkodi ndhanushkodi ndhanushkodi approved these changes

@thisisnotashwin thisisnotashwin thisisnotashwin approved these changes

@lkysow lkysow Awaiting requested review from lkysow

Assignees

@kschoche kschoche

Labels
vault
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@kschoche @ndhanushkodi @thisisnotashwin