Page MenuHomePhabricator
Create Task
Maniphest T368142

Toolforge: drop PodSecurityPolicy
Closed, ResolvedPublic
Actions

Description

Once we have set up the replacement (Kyverno pod security rules), we can drop the deprecated PodSecurityPolicy mechanism from Toolforge k8s.

Plan is:

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
kubeadm: remove reference to PSP directoryoperations/puppetproduction+0 -4
kubedm: absent psp directoryoperations/puppetproduction+1 -13
toolforge: remove references to PodSecurityPolicyoperations/puppetproduction+1 -208
Customize query in gerrit

Related Objects
Search...

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
aborrero mentioned this in T364297: [k8s,infra] track PSP migration plan.Jun 21 2024, 11:40 AM
aborrero moved this task from Backlog to Next on the User-aborrero board.
CodeReviewBot added a project: Patch-For-Review.Jun 21 2024, 12:21 PM

aborrero opened https://gitlab.wikimedia.org/repos/cloud/toolforge/maintain-kubeusers/-/merge_requests/49

PSP: delete them

aborrero triaged this task as Medium priority.Jun 21 2024, 12:22 PM
aborrero updated the task description. (Show Details)
aborrero updated the task description. (Show Details)
aborrero added a comment.Jun 26 2024, 11:16 AM

scheduled for tomorrow 2024-06-26

aborrero updated the task description. (Show Details)Jun 26 2024, 11:16 AM
CodeReviewBot added a comment.Jun 27 2024, 8:54 AM

aborrero merged https://gitlab.wikimedia.org/repos/cloud/toolforge/maintain-kubeusers/-/merge_requests/49

PSP: delete them

CodeReviewBot added a comment.Jun 27 2024, 8:56 AM

project_1317_bot_df3177307bed93c3f34e421e26c86e38 opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/356

maintain-kubeusers: bump to 0.0.159-20240627085452-0ae1a288

aborrero updated the task description. (Show Details)Jun 27 2024, 9:06 AM
CodeReviewBot added a comment.Jun 27 2024, 9:14 AM

aborrero opened https://gitlab.wikimedia.org/repos/cloud/toolforge/lima-kilo/-/merge_requests/153

k8s: drop PodSecurityPolicies

gerritbot added a comment.Jun 27 2024, 9:24 AM

Change #1050271 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/puppet@production] toolforge: remove references to PodSecurityPolicy

https://gerrit.wikimedia.org/r/1050271

Stashbot added a comment.Jun 27 2024, 9:28 AM

Mentioned in SAL (#wikimedia-cloud) [2024-06-27T09:28:20Z] <arturo> disabled PodSecurityPolicy admission plugin from apiserver static pod manifests (T368142)

Stashbot added a comment.Jun 27 2024, 9:30 AM

Mentioned in SAL (#wikimedia-cloud) [2024-06-27T09:30:33Z] <arturo> disabled PodSecurityPolicy admission plugin from kubeadm configmap (T368142)

CodeReviewBot added a comment.Jun 27 2024, 9:35 AM

aborrero merged https://gitlab.wikimedia.org/repos/cloud/toolforge/lima-kilo/-/merge_requests/153

k8s: drop PodSecurityPolicies

gerritbot added a comment.Jun 27 2024, 9:37 AM

Change #1050271 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] toolforge: remove references to PodSecurityPolicy

https://gerrit.wikimedia.org/r/1050271

CodeReviewBot added a comment.Jun 27 2024, 9:51 AM

aborrero merged https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/356

maintain-kubeusers: bump to 0.0.159-20240627085452-0ae1a288

aborrero updated the task description. (Show Details)Jun 27 2024, 9:58 AM
Stashbot added a comment.Jun 27 2024, 10:02 AM

Mentioned in SAL (#wikimedia-cloud) [2024-06-27T10:02:07Z] <arturo> disabled PodSecurityPolicy admission plugin from kubeadm configmap (T368142)

Stashbot added a comment.Jun 27 2024, 10:02 AM

Mentioned in SAL (#wikimedia-cloud) [2024-06-27T10:02:27Z] <arturo> drop all PSP definitions for all accounts (T368142)

CodeReviewBot added a comment.Jun 27 2024, 10:06 AM

aborrero opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/357

components: drop PSP references

CodeReviewBot added a comment.Jun 27 2024, 10:08 AM

aborrero opened https://gitlab.wikimedia.org/repos/cloud/toolforge/builds-api/-/merge_requests/98

deployment: drop PSP rolebinding

CodeReviewBot added a comment.Jun 27 2024, 10:10 AM

aborrero opened https://gitlab.wikimedia.org/repos/cloud/toolforge/api-gateway/-/merge_requests/24

deployment: drop PSP

CodeReviewBot added a comment.Jun 27 2024, 10:13 AM

aborrero opened https://gitlab.wikimedia.org/repos/cloud/toolforge/builds-admission/-/merge_requests/8

deployment: drop PSP

CodeReviewBot added a comment.Jun 27 2024, 10:15 AM

aborrero opened https://gitlab.wikimedia.org/repos/cloud/toolforge/builds-builder/-/merge_requests/47

deployment: drop PSP

CodeReviewBot added a comment.Jun 27 2024, 10:16 AM

aborrero opened https://gitlab.wikimedia.org/repos/cloud/toolforge/envvars-api/-/merge_requests/34

deployment: drop PSP reference

CodeReviewBot added a comment.Jun 27 2024, 10:16 AM

aborrero opened https://gitlab.wikimedia.org/repos/cloud/toolforge/foxtrot-ldap/-/merge_requests/8

helmchart: drop PSP

CodeReviewBot added a comment.Jun 27 2024, 10:17 AM

aborrero opened https://gitlab.wikimedia.org/repos/cloud/toolforge/jobs-api/-/merge_requests/98

deployment: drop PSP reference

CodeReviewBot added a comment.Jun 27 2024, 10:18 AM

aborrero opened https://gitlab.wikimedia.org/repos/cloud/toolforge/volume-admission/-/merge_requests/10

deployment: drop PSP

CodeReviewBot added a comment.Jun 27 2024, 10:20 AM

aborrero opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-weld/-/merge_requests/47

tests/fixtures: drop PSP reference

CodeReviewBot added a comment.Jun 27 2024, 10:20 AM

aborrero merged https://gitlab.wikimedia.org/repos/cloud/toolforge/maintain-kubeusers/-/merge_requests/48

resources: drop PSP

CodeReviewBot added a comment.Jun 27 2024, 10:22 AM

project_1317_bot_df3177307bed93c3f34e421e26c86e38 opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/358

maintain-kubeusers: bump to 0.0.160-20240627102103-cfd4ebd5

gerritbot added a comment.Jun 27 2024, 10:55 AM

Change #1050306 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/puppet@production] kubedm: absent psp directory

https://gerrit.wikimedia.org/r/1050306

gerritbot added a comment.Jun 27 2024, 11:01 AM

Change #1050306 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] kubedm: absent psp directory

https://gerrit.wikimedia.org/r/1050306

CodeReviewBot added a comment.Jun 27 2024, 11:03 AM

aborrero merged https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/358

maintain-kubeusers: bump to 0.0.160-20240627102103-cfd4ebd5

aborrero moved this task from Next to Doing on the User-aborrero board.Jun 27 2024, 11:03 AM
gerritbot added a comment.Jun 27 2024, 11:08 AM

Change #1050310 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/puppet@production] kubeadm: remove reference to PSP directory

https://gerrit.wikimedia.org/r/1050310

gerritbot added a comment.Jun 27 2024, 11:09 AM

Change #1050310 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] kubeadm: remove reference to PSP directory

https://gerrit.wikimedia.org/r/1050310

aborrero updated the task description. (Show Details)Jun 27 2024, 11:40 AM
CodeReviewBot added a comment.Jun 27 2024, 11:41 AM

aborrero merged https://gitlab.wikimedia.org/repos/cloud/toolforge/foxtrot-ldap/-/merge_requests/8

helmchart: drop PSP

aborrero closed this task as Resolved.Jun 27 2024, 11:45 AM
CodeReviewBot added a comment.Jun 27 2024, 2:39 PM

aborrero merged https://gitlab.wikimedia.org/repos/cloud/toolforge/builds-api/-/merge_requests/98

deployment: drop PSP rolebinding

CodeReviewBot added a comment.Jun 27 2024, 2:42 PM

aborrero opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/359

ingress-nginx: drop PSP

CodeReviewBot added a comment.Jun 27 2024, 2:54 PM

aborrero merged https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/359

ingress-nginx: drop PSP

aborrero reopened this task as In Progress.Jun 27 2024, 2:56 PM

Reopening while we merge the cleanup patches.

aborrero updated the task description. (Show Details)Jun 27 2024, 2:56 PM
CodeReviewBot added a comment.Jun 27 2024, 2:57 PM

aborrero closed https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/357

components: drop PSP references

CodeReviewBot added a comment.Jun 27 2024, 2:59 PM

aborrero opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/360

cert-manager: drop PSP

CodeReviewBot added a comment.Jun 27 2024, 3:04 PM

aborrero merged https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/360

cert-manager: drop PSP

aborrero added a comment.Jun 27 2024, 3:34 PM
aborrero@toolsbeta-test-k8s-control-7:~$ sudo helm list -n cert-manager
NAME        	NAMESPACE   	REVISION	UPDATED                                	STATUS  	CHART               	APP VERSION
cert-manager	cert-manager	6       	2023-02-16 15:28:25.14619534 +0000 UTC 	deployed	cert-manager-v1.11.0	v1.11.0    
reloader    	cert-manager	1       	2023-02-16 15:28:24.537311669 +0000 UTC	deployed	reloader-v1.0.5     	v1.0.5     
reloader-psp	cert-manager	1       	2023-02-16 15:28:24.347972406 +0000 UTC	deployed	raw-0.3.0           	0.2.3      
aborrero@toolsbeta-test-k8s-control-7:~$ sudo helm uninstall -n cert-manager reloader-psp
release "reloader-psp" uninstalled
aborrero@toolsbeta-test-k8s-control-7:~$ sudo helm list -n cert-manager
NAME        	NAMESPACE   	REVISION	UPDATED                                	STATUS  	CHART               	APP VERSION
cert-manager	cert-manager	6       	2023-02-16 15:28:25.14619534 +0000 UTC 	deployed	cert-manager-v1.11.0	v1.11.0    
reloader    	cert-manager	1       	2023-02-16 15:28:24.537311669 +0000 UTC	deployed	reloader-v1.0.5     	v1.0.5
CodeReviewBot added a comment.Jun 28 2024, 9:19 AM

aborrero merged https://gitlab.wikimedia.org/repos/cloud/toolforge/api-gateway/-/merge_requests/24

deployment: drop PSP

CodeReviewBot added a comment.Jun 28 2024, 9:21 AM

project_1317_bot_df3177307bed93c3f34e421e26c86e38 opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/361

api-gateway: bump to 0.0.25-20240628091913-285fb180

CodeReviewBot added a comment.Jun 28 2024, 9:30 AM

aborrero merged https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/361

api-gateway: bump to 0.0.25-20240628091913-285fb180

CodeReviewBot added a comment.Jun 28 2024, 9:35 AM

aborrero merged https://gitlab.wikimedia.org/repos/cloud/toolforge/jobs-api/-/merge_requests/98

deployment: drop PSP reference

CodeReviewBot added a comment.Jun 28 2024, 9:39 AM

project_1317_bot_df3177307bed93c3f34e421e26c86e38 opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/362

jobs-api: bump to 0.0.311-20240628093550-c6df8783

CodeReviewBot added a comment.Jun 28 2024, 9:39 AM

aborrero opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/363

kyverno: drop PSP

CodeReviewBot added a comment.Jun 28 2024, 9:42 AM

aborrero merged https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/363

kyverno: drop PSP

CodeReviewBot added a comment.Jun 28 2024, 9:46 AM

aborrero opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/364

wmcs-k8s-metrics: drop PSP

CodeReviewBot added a comment.Jun 28 2024, 9:51 AM

sstefanova merged https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/346

builds-api: bump to 0.0.156-20240625082108-71537e14

CodeReviewBot added a comment.Jun 28 2024, 9:53 AM

aborrero merged https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/364

wmcs-k8s-metrics: drop PSP

CodeReviewBot added a comment.Jun 28 2024, 10:14 AM

aborrero opened https://gitlab.wikimedia.org/repos/cloud/toolforge/wmcs-k8s-metrics/-/merge_requests/9

cadvisor: drop PSP

CodeReviewBot added a comment.Jun 28 2024, 10:14 AM

aborrero merged https://gitlab.wikimedia.org/repos/cloud/toolforge/wmcs-k8s-metrics/-/merge_requests/9

cadvisor: drop PSP

CodeReviewBot added a comment.Jun 28 2024, 11:06 AM

project_1317_bot_df3177307bed93c3f34e421e26c86e38 opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/366

wmcs-k8s-metrics: bump to 0.0.20-20240628101504-9ed20c1f

CodeReviewBot added a comment.Jun 28 2024, 11:14 AM

aborrero merged https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/366

wmcs-k8s-metrics: bump to 0.0.20-20240628101504-9ed20c1f

CodeReviewBot added a comment.Jul 1 2024, 2:42 PM

aborrero merged https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/362

jobs-api: bump to 0.0.311-20240628093550-c6df8783

CodeReviewBot added a comment.Jul 1 2024, 2:43 PM

aborrero merged https://gitlab.wikimedia.org/repos/cloud/toolforge/volume-admission/-/merge_requests/10

deployment: drop PSP

CodeReviewBot added a comment.Jul 1 2024, 2:44 PM

aborrero merged https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-weld/-/merge_requests/47

tests/fixtures: drop PSP reference

CodeReviewBot added a comment.Jul 1 2024, 2:46 PM

project_1317_bot_df3177307bed93c3f34e421e26c86e38 opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/370

volume-admission: bump to 0.0.48-20240701144407-0003a769

CodeReviewBot added a comment.Jul 1 2024, 2:59 PM

aborrero merged https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/370

volume-admission: bump to 0.0.48-20240701144407-0003a769

CodeReviewBot added a comment.Jul 2 2024, 8:58 AM

aborrero merged https://gitlab.wikimedia.org/repos/cloud/toolforge/builds-builder/-/merge_requests/47

deployment: drop PSP

CodeReviewBot added a comment.Jul 2 2024, 8:59 AM

project_1317_bot_df3177307bed93c3f34e421e26c86e38 opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/371

builds-builder: bump to 0.0.106-20240702085825-e1519ac7

CodeReviewBot added a comment.Jul 2 2024, 9:11 AM

aborrero merged https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/371

builds-builder: bump to 0.0.106-20240702085825-e1519ac7

CodeReviewBot added a comment.Jul 2 2024, 9:21 AM

aborrero opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/372

cert-manager: drop internal PSP definitions

CodeReviewBot added a comment.Jul 2 2024, 9:22 AM

aborrero merged https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/372

cert-manager: drop internal PSP definitions

CodeReviewBot added a comment.Jul 2 2024, 9:54 AM

aborrero opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/373

wmcs-k8s-metrics: kube-state-metrics: drop internal PSP definition

CodeReviewBot added a comment.Jul 2 2024, 9:57 AM

aborrero merged https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/373

wmcs-k8s-metrics: kube-state-metrics: drop internal PSP definition

CodeReviewBot added a comment.Jul 2 2024, 10:16 AM

aborrero opened https://gitlab.wikimedia.org/repos/cloud/toolforge/builds-builder/-/merge_requests/48

tekton-pipelines: drop internal PSP definitions

CodeReviewBot added a comment.Jul 2 2024, 10:19 AM

aborrero merged https://gitlab.wikimedia.org/repos/cloud/toolforge/builds-builder/-/merge_requests/48

tekton-pipelines: drop internal PSP definitions

CodeReviewBot added a comment.Jul 2 2024, 10:30 AM

project_1317_bot_df3177307bed93c3f34e421e26c86e38 opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/374

builds-builder: bump to 0.0.107-20240702102918-afd8fe1a

CodeReviewBot added a comment.Jul 2 2024, 10:54 AM

aborrero merged https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/374

builds-builder: bump to 0.0.107-20240702102918-afd8fe1a

aborrero closed this task as Resolved.Jul 2 2024, 11:01 AM
aborrero updated the task description. (Show Details)
CodeReviewBot added a comment.Jul 5 2024, 10:11 AM

aborrero merged https://gitlab.wikimedia.org/repos/cloud/toolforge/envvars-api/-/merge_requests/34

deployment: drop PSP reference

CodeReviewBot added a comment.Jul 5 2024, 10:15 AM

project_1317_bot_df3177307bed93c3f34e421e26c86e38 opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/391

envvars-api: bump to 0.0.52-20240705101149-aa9da2fa

CodeReviewBot added a comment.Jul 5 2024, 2:39 PM

aborrero opened https://gitlab.wikimedia.org/repos/cloud/toolforge/registry-admission/-/merge_requests/8

deployment: remove PSP reference

CodeReviewBot added a comment.Jul 8 2024, 2:51 PM

aborrero merged https://gitlab.wikimedia.org/repos/cloud/toolforge/registry-admission/-/merge_requests/8

deployment: remove PSP reference

CodeReviewBot added a comment.Jul 8 2024, 2:54 PM

project_1317_bot_df3177307bed93c3f34e421e26c86e38 opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/400

registry-admission: bump to 0.0.45-20240708145115-17015d83

CodeReviewBot added a comment.Jul 9 2024, 2:22 PM

aborrero merged https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/400

registry-admission: bump to 0.0.45-20240708145115-17015d83

aborrero mentioned this in T369164: toolforge: review k8s API usage by custom components for 1.25 upgrade.Jul 10 2024, 8:28 AM
CodeReviewBot added a comment.Jul 10 2024, 10:11 AM

dcaro merged https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/391

envvars-api: bump to 0.0.52-20240705101149-aa9da2fa

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits