Skip to content

ROX-13265: Fix default policy "Deployments should have at least one ingress Network Policy"#3597

Merged
fredrb merged 4 commits intomasterfrom
fred/ROX-13265-fix-netpol-default-policy
Oct 31, 2022
Merged

ROX-13265: Fix default policy "Deployments should have at least one ingress Network Policy"#3597
fredrb merged 4 commits intomasterfrom
fred/ROX-13265-fix-netpol-default-policy

Conversation

@fredrb
Copy link
Contributor

@fredrb fredrb commented Oct 27, 2022
edited
Loading

Description

Another PR (#2150) introduced changes to the default policy "Deployments should have at least one ingress Network Policy", but it didn't update the actual default policy JSON. This led new installations to not have the new fields added.

This PR:

  1. Adds the fields to the default policy
  2. Creates another migration exactly like the original for customers that did a fresh installation after it

Checklist

  • Investigated and inspected CI test results
  • Unit test and regression tests added
  • Evaluated and added CHANGELOG entry if required
  • Determined and documented upgrade steps
  • Documented user facing changes (create PR based on openshift/openshift-docs and merge into rhacs-docs)

Testing Performed

@fredrb fredrb requested a review from a team as a code owner October 27, 2022 16:22
@fredrb fredrb force-pushed the fred/ROX-13265-fix-netpol-default-policy branch from 8468430 to f55aa60 Compare October 27, 2022 16:22
@theencee
Copy link
Contributor

theencee commented Oct 27, 2022

@c-du - does there need to be an equivalent migration for postgres? Or since postgres doesn't release until 73, there's no reason to do so?

@ghost
Copy link

ghost commented Oct 27, 2022
edited by ghost
Loading

Images are ready for the commit at 1853910.

To use with deploy scripts, first export MAIN_IMAGE_TAG=3.72.x-428-g1853910e6b.

md2119
md2119 suggested changes Oct 27, 2022
View reviewed changes
@md2119
Copy link
Contributor

md2119 commented Oct 27, 2022

@c-du - does there need to be an equivalent migration for postgres? Or since postgres doesn't release until 73, there's no reason to do so?

I believe the m's execute before the n's, thus when policy store is being migrated to postgres, the rocksdb store already has the required changes, and nothing more is required to do.

@openshift-ci
Copy link

openshift-ci bot commented Oct 27, 2022

@fredrb: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/gke-postgres-upgrade-tests 1853910 link false /test gke-postgres-upgrade-tests

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@fredrb fredrb requested review from md2119 and theencee October 28, 2022 07:27
@fredrb fredrb merged commit 43650df into master Oct 31, 2022
@fredrb fredrb deleted the fred/ROX-13265-fix-netpol-default-policy branch October 31, 2022 08:51
ivan-degtiarenko pushed a commit that referenced this pull request Nov 5, 2022
@fredrb @ivan-degtiarenko
ROX-13265: Fix default policy "Deployments should have at least one i…
c91c3c4 
…ngress Network Policy" (#3597)
@fredrb fredrb mentioned this pull request Nov 11, 2022
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@theencee theencee Awaiting requested review from theencee

1 more reviewer

@md2119 md2119 md2119 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@fredrb @theencee @md2119