Add Security Context to game server sidecar #3869
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Build Succeeded 👏 Build Id: 44122d01-1856-46f3-8f21-3873d953c064 The following development artifacts have been built, and will exist for the next 30 days:
A preview of the website (the last 30 builds are retained): To install this version:
|
peterzhongyi
commented
Jun 14, 2024
|
Build Failed 😱 Build Id: 4cff477b-867c-41f3-9a55-bd47e921c740 To get permission to view the Cloud Build view, join the agones-discuss Google Group. |
|
Build Failed 😱 Build Id: c7123478-a9ab-4d35-bee6-962141a9c668 To get permission to view the Cloud Build view, join the agones-discuss Google Group. |
peterzhongyi
force-pushed
the
sec
branch
2 times, most recently
from
f98f6e7
to
c3f351d
Compare
|
Build Succeeded 👏 Build Id: adec230d-67ff-4c2c-9fd8-c17416034780 The following development artifacts have been built, and will exist for the next 30 days:
A preview of the website (the last 30 builds are retained): To install this version:
|
zmerlynn
reviewed
Jun 14, 2024
cmd/controller/main.go
Outdated
| @@ -284,6 +286,7 @@ func parseEnvFlags() config { | |||
| pflag.String(sidecarCPURequestFlag, viper.GetString(sidecarCPURequestFlag), "Flag to overwrite the GameServer sidecar container's cpu request. Can also use SIDECAR_CPU_REQUEST env variable") | |||
| pflag.String(sidecarMemoryLimitFlag, viper.GetString(sidecarMemoryLimitFlag), "Flag to overwrite the GameServer sidecar container's memory limit. Can also use SIDECAR_MEMORY_LIMIT env variable") | |||
| pflag.String(sidecarMemoryRequestFlag, viper.GetString(sidecarMemoryRequestFlag), "Flag to overwrite the GameServer sidecar container's memory request. Can also use SIDECAR_MEMORY_REQUEST env variable") | |||
| pflag.Int32(sidecarRunAsUserFlag, 1000, "Flag to indicate the GameServer sidecar container's UID. Can also use SIDECAR_RUN_AS_USER env variable") | |||
There was a problem hiding this comment.
This should be viper.GetInt32(sidecarRunAsUserFlag), you already set the default on line 264 above. (You'll note the surrounding code just pulls the default out as well.)
There was a problem hiding this comment.
Done. But why do all the other occurrences with integers all just have a number as the second variable? Like the minPortFlag and maxPortFlag down below, why don't they use viper.GetInt32()? Maybe because they are not supposed to be configurable?
There was a problem hiding this comment.
Huh, I didn't even notice that. I'm going to say there's just some inconsistencies here. We should be setting the default in one place and getting it, though.
zmerlynn
reviewed
Jun 14, 2024
|
Build Succeeded 👏 Build Id: 3ee5756f-7562-48cf-be84-60abb65e1867 The following development artifacts have been built, and will exist for the next 30 days:
A preview of the website (the last 30 builds are retained): To install this version:
|
spiceratops
added a commit
to spiceratops/k8s-gitops
that referenced
this pull request
Jul 23, 2024
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [agones](https://agones.dev) ([source](https://github.com/googleforgames/agones)) | minor | `1.41.0` -> `1.42.0` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>googleforgames/agones (agones)</summary> ### [`v1.42.0`](https://github.com/googleforgames/agones/blob/HEAD/CHANGELOG.md#v1420-2024-07-16) [Compare Source](https://github.com/googleforgames/agones/compare/v1.41.0...v1.42.0) [Full Changelog](https://github.com/googleforgames/agones/compare/v1.41.0...v1.42.0) **Breaking changes:** - Update csharp.md to indicate ConnectAsync is deprecated by [@​aallbrig](https://github.com/aallbrig) in [googleforgames/agones#3866 **Implemented enhancements:** - Add security context to Agones containers by [@​peterzhongyi](https://github.com/peterzhongyi) in [googleforgames/agones#3856 - Add Security Context to game server sidecar by [@​peterzhongyi](https://github.com/peterzhongyi) in [googleforgames/agones#3869 - Drop CountsAndLists Data from the Fleet and Game Server Set When the Flag is False by [@​igooch](https://github.com/igooch) in [googleforgames/agones#3881 - Adds tests to confirm that Fleet, Fleet Autoscaler, and Fleet Allocation apply defaults code is idempotent by [@​igooch](https://github.com/igooch) in [googleforgames/agones#3888 - feat: Add CRD Changes and Feature Flag for chain policy by [@​indexjoseph](https://github.com/indexjoseph) in [googleforgames/agones#3880 **Fixed bugs:** - sdk-server expects SDK_LOG_LEVEL by [@​KAllan357](https://github.com/KAllan357) in [googleforgames/agones#3858 - this will resolve From/layer extraction issue on ltsc2019 in examples by [@​ashutosji](https://github.com/ashutosji) in [googleforgames/agones#3873 - featuregate: adds validation if PortPolicyNone is not enabled by [@​daniellee](https://github.com/daniellee) in [googleforgames/agones#3871 - added local as default for registry when registry is not specified by [@​kamaljeeti](https://github.com/kamaljeeti) in [googleforgames/agones#3876 - Buffer Unity SDK ReceiveData when watching for configuration changes by [@​ZeroParticle](https://github.com/ZeroParticle) in [googleforgames/agones#3872 - agones-{extensions,allocator}: Make servers context aware by [@​zmerlynn](https://github.com/zmerlynn) in [googleforgames/agones#3845 - added condition for distributed logic by [@​ashutosji](https://github.com/ashutosji) in [googleforgames/agones#3877 **Security fixes:** - Bump [@​grpc/grpc-js](https://github.com/grpc/grpc-js) from 1.10.7 to 1.10.9 in /sdks/nodejs by [@​dependabot](https://github.com/dependabot) in [googleforgames/agones#3863 **Other:** - Preparation for Release v1.42.0 by [@​ashutosji](https://github.com/ashutosji) in [googleforgames/agones#3854 - Add helpful note to edit-first-gameserver-go by [@​peterzhongyi](https://github.com/peterzhongyi) in [googleforgames/agones#3846 - Moved Passthrough feature description to the correct section in Feature Stages by [@​vicentefb](https://github.com/vicentefb) in [googleforgames/agones#3861 - Updated Node.js Page to Reflect that Counters and Lists is Implemented by [@​ashutosji](https://github.com/ashutosji) in [googleforgames/agones#3865 - Change Slack channel description from #developers to #development by [@​branhoff](https://github.com/branhoff) in [googleforgames/agones#3868 - updated UpdateList documentation for local sdk server and sdk server by [@​ashutosji](https://github.com/ashutosji) in [googleforgames/agones#3878 - Add zio-agones to the list of third party client SDKs by [@​ghostdogpr](https://github.com/ghostdogpr) in [googleforgames/agones#3875 - refactor simple game server by [@​ashutosji](https://github.com/ashutosji) in [googleforgames/agones#3817 - Update Slack invite link by [@​markmandel](https://github.com/markmandel) in [googleforgames/agones#3896 - Added cleanup for app-engine services in cloudbuild script by [@​kamaljeeti](https://github.com/kamaljeeti) in [googleforgames/agones#3890 - Adds a command to generate the zz_generated.deepcopy.go files for the apis by [@​igooch](https://github.com/igooch) in [googleforgames/agones#3900 - update go version to 1.21.12 by [@​ashutosji](https://github.com/ashutosji) in [googleforgames/agones#3894 **New Contributors:** - [@​KAllan357](https://github.com/KAllan357) made their first contribution in [googleforgames/agones#3858 - [@​branhoff](https://github.com/branhoff) made their first contribution in [googleforgames/agones#3868 - [@​aallbrig](https://github.com/aallbrig) made their first contribution in [googleforgames/agones#3866 - [@​ZeroParticle](https://github.com/ZeroParticle) made their first contribution in [googleforgames/agones#3872 - [@​ghostdogpr](https://github.com/ghostdogpr) made their first contribution in [googleforgames/agones#3875 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MzIuMCIsInVwZGF0ZWRJblZlciI6IjM3LjQzMi4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJyZW5vdmF0ZS9oZWxtIiwidHlwZS9taW5vciJdfQ==-->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add security context to game server sidecar. Hard coded default values in the template, like in #3856. We can make them configurable if we find a reason to.
Fixes #3848