Skip to content

Remove the pod security policy creation #1569

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
fedepaol merged 5 commits into from
Aug 30, 2022
Merged

Remove the pod security policy creation #1569

fedepaol merged 5 commits into from
Aug 30, 2022

Conversation

@fedepaol
Copy link
Member

@fedepaol fedepaol commented Aug 29, 2022
edited
Loading

Pod security policy is now not supported anymore, so we remove it.
Note: it's currently not possible to bump the CI up to validate against 1.25 as a 1.25 is not available on kind yet.
I tested it running minikube and checking if the pods get up properly.

Fixes #1401 #1565

@fedepaol
Config / manifests: remove psp
39b927c 
Pod security policy is removed from 1.25, and 1.23 supports pod security
admission, so we are definetely migrating away from psp.

Signed-off-by: Federico Paolinelli <fpaoline@redhat.com>
@fedepaol
Charts: remove psp
33082ca 
Psp is removed in 1.25, and from 1.23 pod security admission is
officially supported, so we can safely remove psp.

Signed-off-by: Federico Paolinelli <fpaoline@redhat.com>
@fedepaol
inv dev-env: deploy on metallb-system with helm
9c20063 
Instead of deploying on the default namespace, we create the
metallb-system namespace and deploy there.

Signed-off-by: Federico Paolinelli <fpaoline@redhat.com>
@fedepaol
CI - helm lanes: remove setting the default ns
b456c95 
Now inv dev-env deploys on metallb-system with helm too, so we must
instruct the tests about it.

Signed-off-by: Federico Paolinelli <fpaoline@redhat.com>
@fedepaol
Helm: give prometheus access to services and endpoints
0896ee1 
When using servicemonitors, we must grant prometheus access to services
and endpoints too. This wasn't failing CI because when deploying
prometheus, it's granted permissions against the default namespace. It
started to fail when we deployed metallb on a different ns.

Signed-off-by: Federico Paolinelli <fpaoline@redhat.com>
oribon
oribon approved these changes Aug 30, 2022
View reviewed changes
Copy link
Member

@oribon oribon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@fedepaol fedepaol merged commit 8b28ef5 into metallb:main Aug 30, 2022
@Jancis Jancis mentioned this pull request Sep 2, 2022
Merged
@cprivitere cprivitere mentioned this pull request Oct 12, 2022
Closed
@eyenx eyenx mentioned this pull request Oct 19, 2022
Merged
6 tasks
@minjaeme minjaeme mentioned this pull request Nov 24, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@oribon oribon oribon approved these changes

@johananl johananl Awaiting requested review from johananl

@rata rata Awaiting requested review from rata

@russellb russellb Awaiting requested review from russellb

@gclawes gclawes Awaiting requested review from gclawes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Deployment manifest contains the deprecated PodSecurityPolicy

2 participants

@fedepaol @oribon