Remove defaultPolicies and extraPolicies from `cilium-app`

giantswarm / roadmap

Giant Swarm Product Roadmap

https://github.com/orgs/giantswarm/projects/273

Apache License 2.0

3 stars 0 forks source link

Remove defaultPolicies and extraPolicies from `cilium-app` #3416

Open mcharriere opened 2 months ago

mcharriere commented 2 months ago

We'd like to remove the defaultPolicies and extraPolicies manifests from the app.

This has to be done after all providers are aligned (at this time, only CAPZ is missing)

Since the jobs also contain the cleanup process, we need to be particularly careful and existing cluster must be updated to their respective latest versions before removing completely the jobs from the cilium chart.

kopiczko commented 3 weeks ago

We had a call with @mcharriere and @ubergesundheit. Things to do here:

Find all cluster* releases which deploy with defaultPolicies.remove=ture and extraPolicies.remove=true and create a provider <-> version matrix of that
Check if all clusters are above versions from the matrix created in 1. | dashboard URL |
After 2. is true, proceed with removing extraPolicies and defaultPolicies from cilium-app
While upgrading cilium-app in cluster* chart remember to remove all extraPolicies and defaultPolicies settings

kopiczko commented 3 weeks ago

📈 Dashboard: link

App	Done	Release	Cmompare URL	PR
cluster-aws	❌	0.71.0	https://github.com/giantswarm/cluster-aws/compare/v0.70.0...v0.71.0	https://github.com/giantswarm/cluster-aws/pull/549
clsuter-eks	✅	0.17.0	https://github.com/giantswarm/cluster-eks/compare/v0.16.0...v0.17.0	https://github.com/giantswarm/cluster-eks/pull/92
clsuter-azure	❌	0.10.0	https://github.com/giantswarm/cluster-azure/compare/v0.9.0...v0.10.0	https://github.com/giantswarm/cluster-azure/pull/251
clsuter-vsphere	✅	0.10.3	https://github.com/giantswarm/cluster-vsphere/compare/v0.10.2...v0.10.3	https://github.com/giantswarm/cluster-vsphere/pull/172
clsuter-cloud-director	✅	0.50.0	https://github.com/giantswarm/cluster-cloud-director/compare/v0.16.0...v0.50.0	https://github.com/giantswarm/cluster-cloud-director/pull/284

kopiczko commented 1 week ago

There many cluster-aws which are behind, and cluster-azure is way behind. We can still open the PRs for EKS, vSphere and VCD but the rest is blocked

kopiczko commented 1 week ago

Cluster charts cleanup PRs:

cluster-eks: https://github.com/giantswarm/cluster-eks/pull/103
cluster-vsphere: https://github.com/giantswarm/cluster-vsphere/pull/223
cluster-cloud-director: https://github.com/giantswarm/cluster-cloud-director/pull/328

Verification cloud-director and vsphere clusters don't have CNPs installed with cilium-app https://gigantic.slack.com/archives/C01BYMF6RN0/p1718969328134989

kopiczko commented 5 days ago

It's already done for cluster-eks, cluster-vsphere and cluster-cloud-director.

With cluster-aws and cluster-azure we need to wait for the upgrades. See the table in this comment https://github.com/giantswarm/roadmap/issues/3416#issuecomment-2158224691.

I'm marking this a blocked.