Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add the support for using PodSecurityAdmissionConfigurationTemplate in RKE1 cluster 1.25 and above #165

Merged
merged 8 commits into from
Jan 4, 2023
Merged

add the support for using PodSecurityAdmissionConfigurationTemplate in RKE1 cluster 1.25 and above #165

merged 8 commits into from
Jan 4, 2023

Conversation

jiaqiluo
Copy link
Member

@jiaqiluo jiaqiluo commented Dec 23, 2022
edited by snasovich
Loading

Issue:
rancher/rancher#39992
rancher/rancher#40009

Additionally, this also partially addresses rancher/rancher#39995 by implementing the check on webhook side (the deeper check on RKE1 side is implemented as part of rancher/rke#3132).

Description:
This PR is a part of the effort to support using PSACT (Pod Security Admission Configuration Template) in the RKE1 1.25 cluster.

The PR introduces the following major changes:

  • add a new mutator for the v3 management Cluster ( see the file pkg/resources/mutation/cluster/cluster.go)
  • update the existing validator for the v3 management Cluster to validate the PSP-related and PSACT-related fields in the cluster (see the file pkg/resources/validation/cluster/cluster.go)

Related PRs:

@jiaqiluo jiaqiluo changed the title bump modules for k8s 1.25 add the support for using PodSecurityAdmissionConfigurationTemplate in RKE1 cluster 1.25 and above Dec 23, 2022
@jiaqiluo jiaqiluo requested a review from a team December 23, 2022 06:49
sbstp
sbstp reviewed Dec 23, 2022
View reviewed changes
go.mod Show resolved Hide resolved
@jiaqiluo jiaqiluo marked this pull request as ready for review December 27, 2022 17:58
@jiaqiluo jiaqiluo requested review from a team and sbstp December 27, 2022 17:59
crobby
crobby reviewed Dec 29, 2022
View reviewed changes
Copy link
Contributor

@crobby crobby left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might be useful to add unit tests for the functions in podsecurityadmission.go

pkg/resources/mutation/cluster/cluster.go Show resolved Hide resolved
@jiaqiluo jiaqiluo requested a review from crobby December 29, 2022 18:55
snasovich
snasovich reviewed Dec 29, 2022
View reviewed changes
Copy link

@snasovich snasovich left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Couple minor comments, started reviewing it and now need to take care of something else. Planning to resume reviewing later.

pkg/patch/patch.go Outdated Show resolved Hide resolved
pkg/podsecurityadmission/podsecurityadmission.go Outdated Show resolved Hide resolved
pkg/podsecurityadmission/podsecurityadmission.go Outdated Show resolved Hide resolved
snasovich
snasovich requested changes Dec 30, 2022
View reviewed changes
Copy link

@snasovich snasovich left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added some comments/questions/suggestions.

pkg/resources/validation/cluster/cluster.go Outdated Show resolved Hide resolved
pkg/resources/validation/cluster/cluster.go Outdated Show resolved Hide resolved
pkg/resources/validation/cluster/cluster.go Outdated Show resolved Hide resolved
pkg/resources/validation/cluster/cluster.go Outdated Show resolved Hide resolved
pkg/resources/validation/cluster/cluster.go Outdated Show resolved Hide resolved
pkg/resources/validation/cluster/cluster.go Show resolved Hide resolved
pkg/resources/validation/cluster/cluster.go Outdated Show resolved Hide resolved
pkg/resources/validation/cluster/cluster.go Outdated Show resolved Hide resolved
pkg/generated/objects/management.cattle.io/v3/objects.go Outdated Show resolved Hide resolved
pkg/resources/mutation/cluster/cluster.go Show resolved Hide resolved
@jiaqiluo jiaqiluo force-pushed the psact branch 2 times, most recently from 5380564 to 8ba1a34 Compare January 4, 2023 01:39
snasovich
snasovich previously approved these changes Jan 4, 2023
View reviewed changes
Copy link

@snasovich snasovich left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jiaqiluo , thank you for addressing my comments. LGTM based on the previous review.
I'm approving it with the assumption that the second review will not be a rubber-stamp one. :)

@snasovich snasovich requested a review from a team January 4, 2023 03:23
@snasovich snasovich requested a review from a team January 4, 2023 03:23
KevinJoiner
KevinJoiner suggested changes Jan 4, 2023
View reviewed changes
pkg/resources/utilities.go Outdated Show resolved Hide resolved
pkg/resources/validation/cluster/cluster.go Outdated Show resolved Hide resolved
@jiaqiluo jiaqiluo merged commit 98bc82b into rancher:release/v0.3 Jan 4, 2023
@jiaqiluo jiaqiluo deleted the psact branch January 4, 2023 18:49
@crobby crobby mentioned this pull request Jan 11, 2023
Closed
@tmmorin tmmorin mentioned this pull request Jan 27, 2023
Closed
@KevinJoiner KevinJoiner mentioned this pull request Mar 15, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@KevinJoiner KevinJoiner KevinJoiner approved these changes

@snasovich snasovich snasovich left review comments

@sbstp sbstp Awaiting requested review from sbstp

@crobby crobby Awaiting requested review from crobby

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jiaqiluo @sbstp @crobby @KevinJoiner @snasovich