Don't deploy `PSP`s when `PodSecurityPolicy` plugin is disabled #558

shafeeqes · 2022-08-12T09:09:53Z

How to categorize this PR?

/area open-source
/kind enhancement
/platform azure

What this PR does / why we need it:
PodSecurityPolicy is deprecated and will be disabled in kubernetes v1.25+.
End-users are provided an option to migrate their PSPs before upgrading and disable the PodSecurityPolicy admission plugin in the ShootSpec.
In that case, we should stop deploying our PSPs as well.

This PR stops deploying PSPs related to provider-azure if the plugin is disabled in the Shoot.

Which issue(s) this PR fixes:
Part of gardener/gardener#5250

Special notes for your reviewer:
Similar to gardener/gardener-extension-provider-aws#587
/hold
Depends on #554

Release note:

Please make sure you're running [email protected] or above before upgrading to this version.

shafeeqes · 2022-08-12T09:19:39Z

/squash

shafeeqes · 2022-08-16T15:10:52Z

/unhold

shafeeqes · 2022-08-19T11:34:41Z

/invite @dkistner @kon-angelo

gardener-robot · 2022-08-22T03:02:34Z

@kon-angelo, @dkistner You have pull request review open invite, please check

rfranzke

/lgtm

shafeeqes requested review from a team as code owners August 12, 2022 09:09

shafeeqes mentioned this pull request Aug 12, 2022

Drop PodSecurityPolicy usage / move to PodSecurity gardener/gardener#5250

Closed

23 tasks

gardener-robot added the merge/squash Should be merged via 'Squash and merge' label Aug 12, 2022

shafeeqes added 3 commits August 16, 2022 15:46

Don't deploy PSPs if it's disabled in the shoot

e6e09ca

Minor cosmetics

d323894

Fix log msgs

72f8865

shafeeqes force-pushed the enh/podsecurity branch from 4cbf582 to 72f8865 Compare August 16, 2022 10:17

gardener-robot added size/s Size of pull request is small (see gardener-robot robot/bots/size.py) and removed size/xl Size of pull request is huge (see gardener-robot robot/bots/size.py) labels Aug 16, 2022

gardener-robot-ci-3 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Aug 16, 2022

gardener-robot removed the reviewed/do-not-merge Has no approval for merging as it may break things, be of poor quality or have (ext.) dependencies label Aug 16, 2022

gardener-robot requested review from dkistner and kon-angelo August 19, 2022 11:34

rfranzke approved these changes Aug 26, 2022

View reviewed changes

gardener-robot added reviewed/lgtm Has approval for merging and removed needs/review Needs review needs/second-opinion Needs second review by someone else labels Aug 26, 2022

rfranzke merged commit 1348f1b into gardener:master Aug 26, 2022

gardener-robot added the status/closed Issue is closed (either delivered or triaged) label Aug 26, 2022

shafeeqes deleted the enh/podsecurity branch September 14, 2022 10:44

shafeeqes mentioned this pull request Sep 27, 2022

Support for Kubernetes v1.25 #575

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Don't deploy `PSP`s when `PodSecurityPolicy` plugin is disabled #558

Don't deploy `PSP`s when `PodSecurityPolicy` plugin is disabled #558

shafeeqes commented Aug 12, 2022

shafeeqes commented Aug 12, 2022

shafeeqes commented Aug 16, 2022

shafeeqes commented Aug 19, 2022

gardener-robot commented Aug 22, 2022

rfranzke left a comment

Don't deploy PSPs when PodSecurityPolicy plugin is disabled #558

Don't deploy PSPs when PodSecurityPolicy plugin is disabled #558

Conversation

shafeeqes commented Aug 12, 2022

shafeeqes commented Aug 12, 2022

shafeeqes commented Aug 16, 2022

shafeeqes commented Aug 19, 2022

gardener-robot commented Aug 22, 2022

rfranzke left a comment

Choose a reason for hiding this comment

Don't deploy `PSP`s when `PodSecurityPolicy` plugin is disabled #558

Don't deploy `PSP`s when `PodSecurityPolicy` plugin is disabled #558