Skip to content

Removing deprecation PSP #1540

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 24, 2023
Merged

Removing deprecation PSP #1540

merged 1 commit into from
Feb 24, 2023

Conversation

mridulji
Copy link
Contributor

@mridulji mridulji commented Feb 21, 2023
edited
Loading

What this PR does / Why we need it: This PR contains the changes required for removing PodSecurityPolicy been deprecated since v1.21 of kubernetes and removed from v1.25+. So in order to be able to deploy open-match on GKE with version 1.25 or up, this change is necessary.

As a solution this is in-built Pod Security Admission helps us to enforce such security. When following the documentation for migration of PSP to PSA, we are able to enforce baseline level of security using pspmigrator.

Which issue(s) this PR fixes:

Closes #1449

Special notes for your reviewer:

  • Respective changes tested on GKE version 1.25.5-gke.2000

@mridulji mridulji added the kind/bug Something isn't working label Feb 21, 2023
joeholley
joeholley approved these changes Feb 23, 2023
View reviewed changes
Copy link
Collaborator

@joeholley joeholley left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mridulji mridulji merged commit 3d1bae2 into googleforgames:main Feb 24, 2023
@benji56
Copy link

benji56 commented Mar 7, 2023

I want to install it in Digital ocean. The version is 1.25.4-do.0. Unfortunately, whatever I do I get this error. What is the problem? I tried installing with helm and also with the 1.7.0 yaml file. Unfortunately the result is the same.

helm install open-match --create-namespace --namespace open-match open-match/open-match Error: INSTALLATION FAILED: unable to build kubernetes objects from release manifest: [resource mapping not found for name: "open-match-redis-podsecuritypolicy" namespace: "open-match" from "": no matches for kind "PodSecurityPolicy" in version "policy/v1beta1" ensure CRDs are installed first, resource mapping not found for name: "open-match-core-podsecuritypolicy" namespace: "open-match" from "": no matches for kind "PodSecurityPolicy" in version "policy/v1beta1" ensure CRDs are installed first]

@mridulji
Copy link
Contributor Author

mridulji commented Mar 7, 2023

Hi @benji56, may I know which version of OM are you trying to install. Because till 1.7.0 version we are unable to support on kubernetes version 1.25+. However this PR's changes will be in 1.8.0 release so it would be possible from next versions onward. Please keep following open-match-discuss group to get the latest updates.

@ashutosji ashutosji mentioned this pull request May 22, 2023
Open
markmandel added a commit to markmandel/global-multiplayer-demo that referenced this pull request Jun 22, 2023
@markmandel
Get Open Match working on K8s 1.25+
81986fc 
This does the following:

* Disable all child Helm charts from Open Match install
* Backport PodSecurityPolicy removal from
  googleforgames/open-match#1540
  through kustomize
* Custom Director: Extra debugging.
@markmandel markmandel mentioned this pull request Jun 22, 2023
Merged
markmandel added a commit to googleforgames/global-multiplayer-demo that referenced this pull request Jun 22, 2023
@markmandel
Get Open Match working on K8s 1.25+ (#178)
1253ce6 
This does the following:

* Disable all child Helm charts from Open Match install
* Backport PodSecurityPolicy removal from
  googleforgames/open-match#1540
  through kustomize
* Custom Director: Extra debugging.
markmandel added a commit to googleforgames/global-multiplayer-demo that referenced this pull request Jun 22, 2023
@abmarcum @markmandel
Upgraded to use Agones v1.32 (#177)
149c718 
* Upgraded to use Agones v1.32
* Get Open Match working on K8s 1.25+ (#178)
* Disable all child Helm charts from Open Match install
* Backport PodSecurityPolicy removal from
  googleforgames/open-match#1540
  through kustomize
* Custom Director: Extra debugging.

---------

Co-authored-by: Mark Mandel <markmandel@google.com>
@mikeseese mikeseese mentioned this pull request Jul 31, 2023
Closed
@joeholley joeholley mentioned this pull request Aug 17, 2023
Merged
@joeholley joeholley mentioned this pull request Sep 7, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joeholley joeholley joeholley approved these changes

@aLekSer aLekSer Awaiting requested review from aLekSer aLekSer is a code owner

@HazWard HazWard Awaiting requested review from HazWard

@calebatwd calebatwd Awaiting requested review from calebatwd calebatwd is a code owner

@sawagh sawagh Awaiting requested review from sawagh

@amg84 amg84 Awaiting requested review from amg84 amg84 is a code owner

@scosgrave scosgrave Awaiting requested review from scosgrave scosgrave is a code owner

@markmandel markmandel Awaiting requested review from markmandel

Assignees
No one assigned
Labels
kind/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

PodSecurityPolicy deprecated in k8s 1.25
3 participants
@mridulji @benji56 @joeholley