Page MenuHomePhabricator
Create Task
Maniphest T246123

Switch PodSecurityPolicy API versioning in maintain-kubeusers from extensions/v1beta1 to policy.k8s.io/v1beta1
Closed, ResolvedPublic
Actions

Description

This blocks upgrading the cluster to v1.17 definitely, and quite likely v1.16.

Basically, all the objects for PSPs should use this API instead: https://github.com/kubernetes-client/python/blob/master/kubernetes/docs/PolicyV1beta1Api.md#create_pod_security_policy

If we are very lucky, this will include an upgrade to version 11.0 of kubernetes-client, but that's still in beta.

Details

SubjectRepoBranchLines +/-
deprecations: Fix psp API group to work with k8s 1.16labs/tools/maintain-kubeusersmaster+367 -237
Customize query in gerrit

Related Objects
Search...

Event Timeline

Bstorm created this task.Feb 25 2020, 4:39 PM
Bstorm triaged this task as High priority.Feb 25 2020, 5:02 PM
bd808 moved this task from Inbox to Soon! on the cloud-services-team (Kanban) board.Feb 25 2020, 5:15 PM
Bstorm updated the task description. (Show Details)Feb 25 2020, 8:15 PM
Bstorm added a comment.Feb 25 2020, 8:18 PM

Though there is no reason version 10.1 or 11.0 will not work for our current needs, it should be noted that 12.0 of kubernetes-client is the version tracking 1.16. That version is currently in alpha. As long as we aren't using the library to interact with ipv6 and things like that, we should be ok. https://github.com/kubernetes-client/python/issues/1052

gerritbot added a comment.Apr 12 2020, 12:51 AM

Change 588127 had a related patch set uploaded (by Bstorm; owner: Bstorm):
[labs/tools/maintain-kubeusers@master] deprecations: Fix psp API group to work with k8s 1.16

https://gerrit.wikimedia.org/r/588127

gerritbot added a project: Patch-For-Review.Apr 12 2020, 12:51 AM
gerritbot added a comment.Apr 14 2020, 5:19 PM

Change 588127 merged by jenkins-bot:
[labs/tools/maintain-kubeusers@master] deprecations: Fix psp API group to work with k8s 1.16

https://gerrit.wikimedia.org/r/588127

Stashbot added a comment.Apr 14 2020, 5:32 PM

Mentioned in SAL (#wikimedia-cloud) [2020-04-14T17:32:20Z] <bstorm_> updating the maintain-kubeusers:beta image on tools-docker-imagebuilder-01 T246123

Bstorm added a comment.Apr 14 2020, 6:14 PM

Testing in toolsbeta, it created credentials that did allow webservice shell to work, which suggests the toolchain functions. Moving along to deploy the new version in tools.

Stashbot added a comment.Apr 14 2020, 6:19 PM

Mentioned in SAL (#wikimedia-cloud) [2020-04-14T18:19:55Z] <bstorm_> updating the maintain-kubeusers:latest image T246123

Stashbot added a comment.Apr 14 2020, 6:26 PM

Mentioned in SAL (#wikimedia-cloud) [2020-04-14T18:26:12Z] <bstorm_> Deployed new code and RBAC for maintain-kubeusers T246123

Bstorm closed this task as Resolved.Apr 14 2020, 6:27 PM
Bstorm claimed this task.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL