mimir icon indicating copy to clipboard operation
mimir copied to clipboard

Published 20 hours ago verified publisher icon grafana

helm: do not render `PodSecurityPolicy` manifest on gke >= 1.25

Open ortuman opened this issue 1 year ago • 1 comments

Signed-off-by: Miguel Ángel Ortuño [email protected]

What this PR does

PodSecurityPolicy resource will be completely removed from GKE in the future. This PR prevents it from being rendered on versions greater than 1.25.

Which issue(s) this PR fixes or relates to

Fixes N/A

Checklist

  • [X] Tests updated
  • [ ] Documentation added
  • [ ] CHANGELOG.md updated - the order of entries should be [CHANGE], [FEATURE], [ENHANCEMENT], [BUGFIX]

ortuman avatar Jul 15 '22 10:07 ortuman

I'd err on the side of letting kubernetes reject the deprecated object. It's immediate feedback after running helm install or helm upgrade compared to silently the chart swallowing the incompatibility.

dimitarvdimitrov avatar Jul 29 '22 16:07 dimitarvdimitrov

actually I think we should migrate to the pod admission controller instead of doing anything with the pod security policy

dimitarvdimitrov avatar Aug 24 '22 11:08 dimitarvdimitrov

after reading a bit, it turns out that this approach is actually the preferred one. I made another similar PR https://github.com/grafana/mimir/pull/2870

dimitarvdimitrov avatar Sep 06 '22 07:09 dimitarvdimitrov

@krajorama did you try with the changes in https://github.com/grafana/mimir/pull/2870?

dimitarvdimitrov avatar Sep 06 '22 08:09 dimitarvdimitrov

@krajorama did you try with the changes in #2870?

Testing

krajorama avatar Sep 06 '22 09:09 krajorama