Skip to content

ROX-14427: set PSPs for CI to false for k8s version 1.25 and higher#4488

Merged
johannes94 merged 13 commits intomasterfrom
jmalsam/ROX-14427-psp-ci-failure
Jan 25, 2023
Merged

ROX-14427: set PSPs for CI to false for k8s version 1.25 and higher#4488
johannes94 merged 13 commits intomasterfrom
jmalsam/ROX-14427-psp-ci-failure

Conversation

@johannes94
Copy link
Contributor

@johannes94 johannes94 commented Jan 20, 2023
edited
Loading

Description

We've had CI Failures like this, because the bundle installation method tries to install a PodSecurityPolicy for central by default if the env variable POD_SECURITY_POLICIES is not set or set to true. PodSecurityPolicy was removed from Kubernetes 1.25 and upwards, which is why the test setup is failing.

This PR changes the deploy scripts to query the Kubernetes server version and set POD_SECURITY_POLICIES to false if it detects a version >= 1.25.

Checklist

  • Investigated and inspected CI test results
  • [ ] Unit test and regression tests added
  • [ ] Evaluated and added CHANGELOG entry if required
  • [ ] Determined and documented upgrade steps
  • [ ] Documented user facing changes (create PR based on openshift/openshift-docs and merge into rhacs-docs)

If any of these don't apply, please comment below.

Testing Performed

Tested with commenting /test osd-gcp-qa-e2e-tests

In addition to reviewing your code, reviewers must also review your testing
instructions and make sure they are sufficient.

@openshift-ci
Copy link

openshift-ci bot commented Jan 20, 2023

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@johannes94
Copy link
Contributor Author

johannes94 commented Jan 20, 2023

/test all

@ghost
Copy link

ghost commented Jan 20, 2023
edited by ghost
Loading

Images are ready for the commit at 2483ea2.

To use with deploy scripts, first export MAIN_IMAGE_TAG=3.73.x-494-g2483ea2513.

@johannes94
Copy link
Contributor Author

johannes94 commented Jan 20, 2023

/test osd-gcp-qa-e2e-tests

@johannes94
Copy link
Contributor Author

johannes94 commented Jan 20, 2023

/test osd-gcp-qa-e2e-tests

@johannes94
Copy link
Contributor Author

johannes94 commented Jan 20, 2023

/test osd-gcp-qa-e2e-tests

@johannes94 johannes94 changed the title set default for k8sbased.sh POD_SECURITY_POLICIES to false set POD_SECURITY_POLICIES for CI to false for k8s version 1.25 and higher Jan 20, 2023
@johannes94
Copy link
Contributor Author

johannes94 commented Jan 20, 2023

/test osd-gcp-qa-e2e-tests

@johannes94 johannes94 changed the title set POD_SECURITY_POLICIES for CI to false for k8s version 1.25 and higher ROX-14427: set POD_SECURITY_POLICIES for CI to false for k8s version 1.25 and higher Jan 21, 2023
@johannes94 johannes94 changed the title ROX-14427: set POD_SECURITY_POLICIES for CI to false for k8s version 1.25 and higher ROX-14427: set PSPs for CI to false for k8s version 1.25 and higher Jan 21, 2023
@johannes94
Copy link
Contributor Author

johannes94 commented Jan 21, 2023

/test osd-gcp-qa-e2e-tests

@johannes94
Copy link
Contributor Author

johannes94 commented Jan 23, 2023

/test osd-gcp-qa-e2e-tests

@johannes94
Copy link
Contributor Author

johannes94 commented Jan 23, 2023

/test osd-gcp-qa-e2e-tests

@johannes94
Copy link
Contributor Author

johannes94 commented Jan 23, 2023

/test osd-gcp-qa-e2e-tests

@johannes94
Copy link
Contributor Author

johannes94 commented Jan 24, 2023

/test osd-gcp-qa-e2e-tests

@johannes94
Copy link
Contributor Author

johannes94 commented Jan 24, 2023

/test osd-gcp-qa-e2e-tests

@johannes94 johannes94 marked this pull request as ready for review January 24, 2023 13:49
@johannes94 johannes94 requested a review from a team as a code owner January 24, 2023 13:49
@gavin-stackrox gavin-stackrox added the ci-all-qa-tests Tells CI to run all API tests (not just BAT). label Jan 24, 2023
@gavin-stackrox
Copy link
Contributor

gavin-stackrox commented Jan 24, 2023

hi @johannes94 I added the all label and kicked off some more tests. I feel like those PSPs were required for some tests but this will give enough coverage to see.

@gavin-stackrox
Copy link
Contributor

gavin-stackrox commented Jan 24, 2023

/test

@openshift-ci
Copy link

openshift-ci bot commented Jan 24, 2023

@gavin-stackrox: The /test command needs one or more targets.
The following commands are available to trigger required jobs:

  • /test go-postgres-tests
  • /test go-unit-tests
  • /test go-unit-tests-release
  • /test grouped-static-checks
  • /test integration-unit-tests
  • /test mitre-bundles-checks
  • /test policy-checks
  • /test shell-unit-tests
  • /test stackrox_branding-images
  • /test stackrox_branding-push-images
  • /test style-checks
  • /test ui-unit-tests

The following commands are available to trigger optional jobs:

  • /test aro-qa-e2e-tests
  • /test eks-qa-e2e-tests
  • /test gke-kernel-qa-e2e-tests
  • /test gke-nongroovy-e2e-tests
  • /test gke-postgres-nongroovy-e2e-tests
  • /test gke-postgres-qa-e2e-tests
  • /test gke-postgres-scale-tests
  • /test gke-postgres-ui-e2e-tests
  • /test gke-postgres-upgrade-tests
  • /test gke-qa-e2e-tests
  • /test gke-race-condition-qa-e2e-tests
  • /test gke-scale-tests
  • /test gke-ui-e2e-tests
  • /test gke-upgrade-tests
  • /test gke-version-compatibility-tests
  • /test local-roxctl-tests
  • /test openshift-newest-operator-e2e-tests
  • /test openshift-newest-qa-e2e-tests
  • /test openshift-oldest-operator-e2e-tests
  • /test openshift-oldest-qa-e2e-tests
  • /test openshift-penultimate-qa-e2e-tests
  • /test osd-aws-qa-e2e-tests
  • /test osd-gcp-qa-e2e-tests
  • /test rosa-qa-e2e-tests

Use /test all to run the following jobs that were automatically triggered:

  • pull-ci-stackrox-stackrox-master-gke-nongroovy-e2e-tests
  • pull-ci-stackrox-stackrox-master-gke-postgres-nongroovy-e2e-tests
  • pull-ci-stackrox-stackrox-master-gke-postgres-qa-e2e-tests
  • pull-ci-stackrox-stackrox-master-gke-qa-e2e-tests
  • pull-ci-stackrox-stackrox-master-go-postgres-tests
  • pull-ci-stackrox-stackrox-master-go-unit-tests
  • pull-ci-stackrox-stackrox-master-go-unit-tests-release
  • pull-ci-stackrox-stackrox-master-grouped-static-checks
  • pull-ci-stackrox-stackrox-master-integration-unit-tests
  • pull-ci-stackrox-stackrox-master-local-roxctl-tests
  • pull-ci-stackrox-stackrox-master-mitre-bundles-checks
  • pull-ci-stackrox-stackrox-master-openshift-newest-operator-e2e-tests
  • pull-ci-stackrox-stackrox-master-openshift-oldest-operator-e2e-tests
  • pull-ci-stackrox-stackrox-master-policy-checks
  • pull-ci-stackrox-stackrox-master-shell-unit-tests
  • pull-ci-stackrox-stackrox-master-stackrox_branding-images
  • pull-ci-stackrox-stackrox-master-stackrox_branding-push-images
  • pull-ci-stackrox-stackrox-master-style-checks
  • pull-ci-stackrox-stackrox-master-ui-unit-tests
Details

In response to this:

/test

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@gavin-stackrox
Copy link
Contributor

gavin-stackrox commented Jan 24, 2023

/test openshift-newest-qa-e2e-tests
/test gke-postgres-qa-e2e-tests

@gavin-stackrox
Copy link
Contributor

gavin-stackrox commented Jan 24, 2023

/retest

@johannes94
Copy link
Contributor Author

johannes94 commented Jan 25, 2023

Thanks @gavin-stackrox, looks to me like all tests are green, I'll merge it.

@johannes94 johannes94 merged commit 2a437dd into master Jan 25, 2023
@johannes94 johannes94 deleted the jmalsam/ROX-14427-psp-ci-failure branch January 25, 2023 09:11
@gavin-stackrox gavin-stackrox mentioned this pull request Jan 25, 2023
Merged
gavin-stackrox pushed a commit that referenced this pull request Feb 10, 2023
@johannes94 @gavin-stackrox
ROX-14427: set PSPs for CI to false for k8s version 1.25 and higher (#…
f5baf26 
…4488)

* set POD_SECURITY_POLICIES based on kubernetes version

* set POD_SECURITY_POLICIES when true aswell
@gavin-stackrox gavin-stackrox mentioned this pull request Feb 10, 2023
Merged
1 task
gavin-stackrox pushed a commit that referenced this pull request Feb 11, 2023
@johannes94 @gavin-stackrox
ROX-14427: set PSPs for CI to false for k8s version 1.25 and higher (#…
b6cdcbb 
…4488)

* set POD_SECURITY_POLICIES based on kubernetes version

* set POD_SECURITY_POLICIES when true aswell
gavin-stackrox pushed a commit that referenced this pull request Feb 11, 2023
@johannes94 @gavin-stackrox
ROX-14427: set PSPs for CI to false for k8s version 1.25 and higher (#…
9a62213 
…4488)

* set POD_SECURITY_POLICIES based on kubernetes version

* set POD_SECURITY_POLICIES when true aswell
@gavin-stackrox gavin-stackrox mentioned this pull request Feb 11, 2023
Merged
1 task
gavin-stackrox pushed a commit that referenced this pull request Feb 14, 2023
@johannes94 @gavin-stackrox
ROX-14427: set PSPs for CI to false for k8s version 1.25 and higher (#…
ecc2645 
…4488)

* set POD_SECURITY_POLICIES based on kubernetes version

* set POD_SECURITY_POLICIES when true aswell
gavin-stackrox pushed a commit that referenced this pull request Feb 14, 2023
@johannes94 @gavin-stackrox
ROX-14427: set PSPs for CI to false for k8s version 1.25 and higher (#…
4b3be2e 
…4488)

* set POD_SECURITY_POLICIES based on kubernetes version

* set POD_SECURITY_POLICIES when true aswell
@johannes94 johannes94 mentioned this pull request Jun 19, 2023
Merged
1 task
@dashrews78 dashrews78 added this to the 3.74.5-rc.1 milestone Jun 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@janisz janisz janisz approved these changes

Assignees

No one assigned

Labels

ci-all-qa-tests Tells CI to run all API tests (not just BAT).

Projects

None yet

Milestone

3.74.5-rc.1

Development

Successfully merging this pull request may close these issues.

4 participants

@johannes94 @gavin-stackrox @janisz @dashrews78