Skip to content

Commit

Permalink
Migration script 2.9 for PSP removal and other orphaned resources (#1…
Browse files Browse the repository at this point in the history 
…6114) (#16117)

* Clean-up script for psp removal and other left-overs

* Rename script

* Add migration guide description

* Update docs/migration-guide-2.8-2.9.md

Co-authored-by: Grzegorz Karaluch <[email protected]>

* Update docs/migration-guide-2.8-2.9.md

Co-authored-by: Grzegorz Karaluch <[email protected]>

Co-authored-by: Grzegorz Karaluch <[email protected]>
  • Loading branch information
@lindnerby @grego952
lindnerby and grego952 authored Nov 17, 2022
1 parent 2f28123 commit 9c20fac
Show file tree
Hide file tree
Showing 2 changed files with 39 additions and 0 deletions.
34 changes: 34 additions & 0 deletions docs/assets/2.8-2.9-cleanup-psp.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
#!/usr/bin/env bash

kubectl delete -n kyma-system clusterroles.rbac.authorization.k8s.io kyma:psp:privileged
kubectl delete -n kyma-system clusterroles.rbac.authorization.k8s.io kyma:psp:unprivileged
kubectl delete -n kyma-system clusterroles.rbac.authorization.k8s.io monitoring-operator-psp
kubectl delete -n kyma-system clusterroles.rbac.authorization.k8s.io monitoring-prometheus-psp
kubectl delete -n kyma-system clusterroles.rbac.authorization.k8s.io psp-monitoring-kube-state-metrics
kubectl delete -n kyma-system clusterroles.rbac.authorization.k8s.io psp-monitoring-prometheus-node-exporter
kubectl delete -n kyma-system clusterrolebindings.rbac.authorization.k8s.io kyma:all:psp:unprivileged
kubectl delete -n kyma-system clusterrolebindings.rbac.authorization.k8s.io monitoring-operator-psp
kubectl delete -n kyma-system clusterrolebindings.rbac.authorization.k8s.io monitoring-prometheus-psp
kubectl delete -n kyma-system clusterrolebindings.rbac.authorization.k8s.io psp-monitoring-kube-state-metrics
kubectl delete -n kyma-system clusterrolebindings.rbac.authorization.k8s.io psp-monitoring-prometheus-node-exporter
kubectl delete -n kyma-system configmaps dockerfile-nodejs12
kubectl delete -n kyma-system podsecuritypolicies.policy 000-serverless-build
kubectl delete -n kyma-system podsecuritypolicies.policy 000-serverless-function
kubectl delete -n kyma-system podsecuritypolicies.policy 001-kyma-unprivileged
kubectl delete -n kyma-system podsecuritypolicies.policy 002-kyma-privileged
kubectl delete -n kyma-system podsecuritypolicies.policy api-gateway
kubectl delete -n kyma-system podsecuritypolicies.policy logging-loki
kubectl delete -n kyma-system podsecuritypolicies.policy monitoring-alertmanager
kubectl delete -n kyma-system podsecuritypolicies.policy monitoring-grafana
kubectl delete -n kyma-system podsecuritypolicies.policy monitoring-kube-state-metrics
kubectl delete -n kyma-system podsecuritypolicies.policy monitoring-operator
kubectl delete -n kyma-system podsecuritypolicies.policy monitoring-prometheus
kubectl delete -n kyma-system podsecuritypolicies.policy monitoring-prometheus-node-exporter
kubectl delete -n kyma-system podsecuritypolicies.policy ory
kubectl delete -n kyma-system roles.rbac.authorization.k8s.io monitoring-alertmanager
kubectl delete -n kyma-system roles.rbac.authorization.k8s.io serverless-build
kubectl delete -n kyma-system roles.rbac.authorization.k8s.io serverless-function
kubectl delete -n kyma-system rolebindings.rbac.authorization.k8s.io monitoring-alertmanager
kubectl delete -n kyma-system rolebindings.rbac.authorization.k8s.io serverless-build
kubectl delete -n kyma-system rolebindings.rbac.authorization.k8s.io serverless-function
kubectl delete -n kyma-system serviceaccounts serverless-build
5 changes: 5 additions & 0 deletions docs/migration-guide-2.8-2.9.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
title: Migration Guide 2.8-2.9
---

Due to the [deprecation of PodSecurityPolicy (PSP)](https://kubernetes.io/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/) with Kubernetes 1.21 and the plan of its removal in the 1.25 release, we removed the usage of PSPs for many of our Kyma resources. To delete leftover PSP resources, when you upgrade from Kyma 2.8 to 2.9, either run the script [2.8-2.9-cleanup-psp.sh](./assets/2.8-2.9-cleanup-psp.sh) or run the commands from the script manually.

0 comments on commit 9c20fac

Please sign in to comment.