From b3b4a72f6e3426de0d14b9addb5c742d960b22f5 Mon Sep 17 00:00:00 2001 From: Zakhar Bessarab Date: Wed, 29 Mar 2023 10:29:51 +0300 Subject: [PATCH 1/2] ci: add k8s v1.25 to testing matrix --- .github/workflows/run-testing.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/run-testing.yaml b/.github/workflows/run-testing.yaml index f1f5811a5..8261c17e4 100644 --- a/.github/workflows/run-testing.yaml +++ b/.github/workflows/run-testing.yaml @@ -50,7 +50,7 @@ jobs: strategy: matrix: chart: ${{ fromJSON(needs.get-changed-charts.outputs.charts) }} - k8s_version: ["v1.22.16", "v1.23.14", "v1.24.8"] + k8s_version: ["v1.22.16", "v1.23.14", "v1.24.8", "v1.25.8"] fail-fast: false steps: - name: Checkout From 1b1873506d51f6520fbafc481fdb9fddb91b13fa Mon Sep 17 00:00:00 2001 From: Zakhar Bessarab Date: Wed, 29 Mar 2023 10:43:24 +0300 Subject: [PATCH 2/2] charts: fix PSP compatibility check to work with ArgoCD Related: #505 --- charts/victoria-metrics-agent/templates/clusterrole.yaml | 2 +- .../victoria-metrics-agent/templates/podsecuritypolicy.yaml | 2 +- .../victoria-metrics-alert/templates/podsecuritypolicy.yaml | 4 ++-- charts/victoria-metrics-alert/templates/role.yaml | 4 ++-- charts/victoria-metrics-auth/templates/podsecuritypolicy.yaml | 4 ++-- charts/victoria-metrics-cluster/templates/clusterrole.yaml | 2 +- .../victoria-metrics-cluster/templates/podsecuritypolicy.yaml | 4 ++-- charts/victoria-metrics-cluster/templates/role.yaml | 4 ++-- charts/victoria-metrics-operator/templates/psp.yaml | 4 ++-- charts/victoria-metrics-single/templates/clusterrole.yaml | 2 +- .../victoria-metrics-single/templates/podsecuritypolicy.yaml | 4 ++-- charts/victoria-metrics-single/templates/role.yaml | 4 ++-- charts/victoria-metrics-single/templates/rolebinding.yaml | 4 ++-- 13 files changed, 22 insertions(+), 22 deletions(-) diff --git a/charts/victoria-metrics-agent/templates/clusterrole.yaml b/charts/victoria-metrics-agent/templates/clusterrole.yaml index b2968335a..5151d1aaf 100644 --- a/charts/victoria-metrics-agent/templates/clusterrole.yaml +++ b/charts/victoria-metrics-agent/templates/clusterrole.yaml @@ -41,7 +41,7 @@ rules: - nonResourceURLs: ["/metrics"] verbs: ["get"] {{- end }} -{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1") }} +{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} - apiGroups: ['extensions'] resources: ['podsecuritypolicies'] verbs: ['use'] diff --git a/charts/victoria-metrics-agent/templates/podsecuritypolicy.yaml b/charts/victoria-metrics-agent/templates/podsecuritypolicy.yaml index 8b5a176fd..3964fede4 100644 --- a/charts/victoria-metrics-agent/templates/podsecuritypolicy.yaml +++ b/charts/victoria-metrics-agent/templates/podsecuritypolicy.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1") }} +{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: diff --git a/charts/victoria-metrics-alert/templates/podsecuritypolicy.yaml b/charts/victoria-metrics-alert/templates/podsecuritypolicy.yaml index 5bf39f370..7ec44cc47 100644 --- a/charts/victoria-metrics-alert/templates/podsecuritypolicy.yaml +++ b/charts/victoria-metrics-alert/templates/podsecuritypolicy.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1") }} +{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: @@ -39,4 +39,4 @@ spec: fsGroup: rule: 'RunAsAny' readOnlyRootFilesystem: false -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/victoria-metrics-alert/templates/role.yaml b/charts/victoria-metrics-alert/templates/role.yaml index f0de47ec0..6ad2ba22a 100644 --- a/charts/victoria-metrics-alert/templates/role.yaml +++ b/charts/victoria-metrics-alert/templates/role.yaml @@ -14,7 +14,7 @@ metadata: {{ toYaml . | indent 4 }} {{- end }} rules: -{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1") }} +{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} - apiGroups: ['extensions'] resources: ['podsecuritypolicies'] verbs: ['use'] @@ -22,4 +22,4 @@ rules: {{- else }} rules: [] {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/victoria-metrics-auth/templates/podsecuritypolicy.yaml b/charts/victoria-metrics-auth/templates/podsecuritypolicy.yaml index b2476de6e..3964fede4 100644 --- a/charts/victoria-metrics-auth/templates/podsecuritypolicy.yaml +++ b/charts/victoria-metrics-auth/templates/podsecuritypolicy.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1") }} +{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: @@ -39,4 +39,4 @@ spec: fsGroup: rule: 'RunAsAny' readOnlyRootFilesystem: false -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/victoria-metrics-cluster/templates/clusterrole.yaml b/charts/victoria-metrics-cluster/templates/clusterrole.yaml index 07194aaa6..33f089f75 100644 --- a/charts/victoria-metrics-cluster/templates/clusterrole.yaml +++ b/charts/victoria-metrics-cluster/templates/clusterrole.yaml @@ -12,7 +12,7 @@ metadata: annotations: {{ toYaml . | indent 4 }} {{- end }} -{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1") }} +{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} rules: - apiGroups: ['extensions'] resources: ['podsecuritypolicies'] diff --git a/charts/victoria-metrics-cluster/templates/podsecuritypolicy.yaml b/charts/victoria-metrics-cluster/templates/podsecuritypolicy.yaml index 2cc28c154..a636697ac 100644 --- a/charts/victoria-metrics-cluster/templates/podsecuritypolicy.yaml +++ b/charts/victoria-metrics-cluster/templates/podsecuritypolicy.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1") }} +{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: @@ -39,4 +39,4 @@ spec: fsGroup: rule: 'RunAsAny' readOnlyRootFilesystem: false -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/victoria-metrics-cluster/templates/role.yaml b/charts/victoria-metrics-cluster/templates/role.yaml index 0de996d91..5618247b5 100644 --- a/charts/victoria-metrics-cluster/templates/role.yaml +++ b/charts/victoria-metrics-cluster/templates/role.yaml @@ -13,7 +13,7 @@ metadata: annotations: {{ toYaml . | indent 4 }} {{- end }} -{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1") }} +{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} rules: - apiGroups: ['extensions'] resources: ['podsecuritypolicies'] @@ -22,4 +22,4 @@ rules: {{- else }} rules: [] {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/victoria-metrics-operator/templates/psp.yaml b/charts/victoria-metrics-operator/templates/psp.yaml index 5bd70cf22..25faa8714 100644 --- a/charts/victoria-metrics-operator/templates/psp.yaml +++ b/charts/victoria-metrics-operator/templates/psp.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1") }} +{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: @@ -84,4 +84,4 @@ roleRef: name: {{ include "vm-operator.fullname" . }}-psp apiGroup: rbac.authorization.k8s.io --- -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/victoria-metrics-single/templates/clusterrole.yaml b/charts/victoria-metrics-single/templates/clusterrole.yaml index d2198be70..44a86553a 100644 --- a/charts/victoria-metrics-single/templates/clusterrole.yaml +++ b/charts/victoria-metrics-single/templates/clusterrole.yaml @@ -38,7 +38,7 @@ rules: - nonResourceURLs: [ "/metrics" ] verbs: [ "get" ] {{- end }} - {{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1") }} + {{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} - apiGroups: ['extensions'] resources: ['podsecuritypolicies'] verbs: ['use'] diff --git a/charts/victoria-metrics-single/templates/podsecuritypolicy.yaml b/charts/victoria-metrics-single/templates/podsecuritypolicy.yaml index 9635bcd2b..27affe23d 100644 --- a/charts/victoria-metrics-single/templates/podsecuritypolicy.yaml +++ b/charts/victoria-metrics-single/templates/podsecuritypolicy.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1") }} +{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: @@ -39,4 +39,4 @@ spec: fsGroup: rule: 'RunAsAny' readOnlyRootFilesystem: false -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/victoria-metrics-single/templates/role.yaml b/charts/victoria-metrics-single/templates/role.yaml index e6f60bdce..27fd2b8e0 100644 --- a/charts/victoria-metrics-single/templates/role.yaml +++ b/charts/victoria-metrics-single/templates/role.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1") }} +{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} {{- if .Values.rbac.create -}} apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -20,4 +20,4 @@ rules: verbs: ['use'] resourceNames: [{{ template "victoria-metrics.fullname" . }}] {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/victoria-metrics-single/templates/rolebinding.yaml b/charts/victoria-metrics-single/templates/rolebinding.yaml index f208abf87..df9d185bb 100644 --- a/charts/victoria-metrics-single/templates/rolebinding.yaml +++ b/charts/victoria-metrics-single/templates/rolebinding.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1") }} +{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} {{- if .Values.rbac.create -}} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -23,4 +23,4 @@ subjects: name: {{ template "victoria-metrics.serviceAccountName" . }} namespace: {{ .Release.Namespace }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }}