-
Notifications
You must be signed in to change notification settings - Fork 813
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Security Context to game server sidecar #3869
Conversation
Build Succeeded 👏 Build Id: 44122d01-1856-46f3-8f21-3873d953c064 The following development artifacts have been built, and will exist for the next 30 days:
A preview of the website (the last 30 builds are retained): To install this version:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice! Almost there.
Build Failed 😱 Build Id: 4cff477b-867c-41f3-9a55-bd47e921c740 To get permission to view the Cloud Build view, join the agones-discuss Google Group. |
Build Failed 😱 Build Id: c7123478-a9ab-4d35-bee6-962141a9c668 To get permission to view the Cloud Build view, join the agones-discuss Google Group. |
f98f6e7
to
c3f351d
Compare
Build Succeeded 👏 Build Id: adec230d-67ff-4c2c-9fd8-c17416034780 The following development artifacts have been built, and will exist for the next 30 days:
A preview of the website (the last 30 builds are retained): To install this version:
|
cmd/controller/main.go
Outdated
@@ -284,6 +286,7 @@ func parseEnvFlags() config { | |||
pflag.String(sidecarCPURequestFlag, viper.GetString(sidecarCPURequestFlag), "Flag to overwrite the GameServer sidecar container's cpu request. Can also use SIDECAR_CPU_REQUEST env variable") | |||
pflag.String(sidecarMemoryLimitFlag, viper.GetString(sidecarMemoryLimitFlag), "Flag to overwrite the GameServer sidecar container's memory limit. Can also use SIDECAR_MEMORY_LIMIT env variable") | |||
pflag.String(sidecarMemoryRequestFlag, viper.GetString(sidecarMemoryRequestFlag), "Flag to overwrite the GameServer sidecar container's memory request. Can also use SIDECAR_MEMORY_REQUEST env variable") | |||
pflag.Int32(sidecarRunAsUserFlag, 1000, "Flag to indicate the GameServer sidecar container's UID. Can also use SIDECAR_RUN_AS_USER env variable") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be viper.GetInt32(sidecarRunAsUserFlag)
, you already set the default on line 264 above. (You'll note the surrounding code just pulls the default out as well.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done. But why do all the other occurrences with integers all just have a number as the second variable? Like the minPortFlag and maxPortFlag down below, why don't they use viper.GetInt32()? Maybe because they are not supposed to be configurable?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Huh, I didn't even notice that. I'm going to say there's just some inconsistencies here. We should be setting the default in one place and getting it, though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
more nits but really close
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice job, thanks!
Build Succeeded 👏 Build Id: 3ee5756f-7562-48cf-be84-60abb65e1867 The following development artifacts have been built, and will exist for the next 30 days:
A preview of the website (the last 30 builds are retained): To install this version:
|
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [agones](https://agones.dev) ([source](https://github.com/googleforgames/agones)) | minor | `1.41.0` -> `1.42.0` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>googleforgames/agones (agones)</summary> ### [`v1.42.0`](https://github.com/googleforgames/agones/blob/HEAD/CHANGELOG.md#v1420-2024-07-16) [Compare Source](https://github.com/googleforgames/agones/compare/v1.41.0...v1.42.0) [Full Changelog](https://github.com/googleforgames/agones/compare/v1.41.0...v1.42.0) **Breaking changes:** - Update csharp.md to indicate ConnectAsync is deprecated by [@​aallbrig](https://github.com/aallbrig) in [https://github.com/googleforgames/agones/pull/3866](https://github.com/googleforgames/agones/pull/3866) **Implemented enhancements:** - Add security context to Agones containers by [@​peterzhongyi](https://github.com/peterzhongyi) in [https://github.com/googleforgames/agones/pull/3856](https://github.com/googleforgames/agones/pull/3856) - Add Security Context to game server sidecar by [@​peterzhongyi](https://github.com/peterzhongyi) in [https://github.com/googleforgames/agones/pull/3869](https://github.com/googleforgames/agones/pull/3869) - Drop CountsAndLists Data from the Fleet and Game Server Set When the Flag is False by [@​igooch](https://github.com/igooch) in [https://github.com/googleforgames/agones/pull/3881](https://github.com/googleforgames/agones/pull/3881) - Adds tests to confirm that Fleet, Fleet Autoscaler, and Fleet Allocation apply defaults code is idempotent by [@​igooch](https://github.com/igooch) in [https://github.com/googleforgames/agones/pull/3888](https://github.com/googleforgames/agones/pull/3888) - feat: Add CRD Changes and Feature Flag for chain policy by [@​indexjoseph](https://github.com/indexjoseph) in [https://github.com/googleforgames/agones/pull/3880](https://github.com/googleforgames/agones/pull/3880) **Fixed bugs:** - sdk-server expects SDK_LOG_LEVEL by [@​KAllan357](https://github.com/KAllan357) in [https://github.com/googleforgames/agones/pull/3858](https://github.com/googleforgames/agones/pull/3858) - this will resolve From/layer extraction issue on ltsc2019 in examples by [@​ashutosji](https://github.com/ashutosji) in [https://github.com/googleforgames/agones/pull/3873](https://github.com/googleforgames/agones/pull/3873) - featuregate: adds validation if PortPolicyNone is not enabled by [@​daniellee](https://github.com/daniellee) in [https://github.com/googleforgames/agones/pull/3871](https://github.com/googleforgames/agones/pull/3871) - added local as default for registry when registry is not specified by [@​kamaljeeti](https://github.com/kamaljeeti) in [https://github.com/googleforgames/agones/pull/3876](https://github.com/googleforgames/agones/pull/3876) - Buffer Unity SDK ReceiveData when watching for configuration changes by [@​ZeroParticle](https://github.com/ZeroParticle) in [https://github.com/googleforgames/agones/pull/3872](https://github.com/googleforgames/agones/pull/3872) - agones-{extensions,allocator}: Make servers context aware by [@​zmerlynn](https://github.com/zmerlynn) in [https://github.com/googleforgames/agones/pull/3845](https://github.com/googleforgames/agones/pull/3845) - added condition for distributed logic by [@​ashutosji](https://github.com/ashutosji) in [https://github.com/googleforgames/agones/pull/3877](https://github.com/googleforgames/agones/pull/3877) **Security fixes:** - Bump [@​grpc/grpc-js](https://github.com/grpc/grpc-js) from 1.10.7 to 1.10.9 in /sdks/nodejs by [@​dependabot](https://github.com/dependabot) in [https://github.com/googleforgames/agones/pull/3863](https://github.com/googleforgames/agones/pull/3863) **Other:** - Preparation for Release v1.42.0 by [@​ashutosji](https://github.com/ashutosji) in [https://github.com/googleforgames/agones/pull/3854](https://github.com/googleforgames/agones/pull/3854) - Add helpful note to edit-first-gameserver-go by [@​peterzhongyi](https://github.com/peterzhongyi) in [https://github.com/googleforgames/agones/pull/3846](https://github.com/googleforgames/agones/pull/3846) - Moved Passthrough feature description to the correct section in Feature Stages by [@​vicentefb](https://github.com/vicentefb) in [https://github.com/googleforgames/agones/pull/3861](https://github.com/googleforgames/agones/pull/3861) - Updated Node.js Page to Reflect that Counters and Lists is Implemented by [@​ashutosji](https://github.com/ashutosji) in [https://github.com/googleforgames/agones/pull/3865](https://github.com/googleforgames/agones/pull/3865) - Change Slack channel description from #developers to #development by [@​branhoff](https://github.com/branhoff) in [https://github.com/googleforgames/agones/pull/3868](https://github.com/googleforgames/agones/pull/3868) - updated UpdateList documentation for local sdk server and sdk server by [@​ashutosji](https://github.com/ashutosji) in [https://github.com/googleforgames/agones/pull/3878](https://github.com/googleforgames/agones/pull/3878) - Add zio-agones to the list of third party client SDKs by [@​ghostdogpr](https://github.com/ghostdogpr) in [https://github.com/googleforgames/agones/pull/3875](https://github.com/googleforgames/agones/pull/3875) - refactor simple game server by [@​ashutosji](https://github.com/ashutosji) in [https://github.com/googleforgames/agones/pull/3817](https://github.com/googleforgames/agones/pull/3817) - Update Slack invite link by [@​markmandel](https://github.com/markmandel) in [https://github.com/googleforgames/agones/pull/3896](https://github.com/googleforgames/agones/pull/3896) - Added cleanup for app-engine services in cloudbuild script by [@​kamaljeeti](https://github.com/kamaljeeti) in [https://github.com/googleforgames/agones/pull/3890](https://github.com/googleforgames/agones/pull/3890) - Adds a command to generate the zz_generated.deepcopy.go files for the apis by [@​igooch](https://github.com/igooch) in [https://github.com/googleforgames/agones/pull/3900](https://github.com/googleforgames/agones/pull/3900) - update go version to 1.21.12 by [@​ashutosji](https://github.com/ashutosji) in [https://github.com/googleforgames/agones/pull/3894](https://github.com/googleforgames/agones/pull/3894) **New Contributors:** - [@​KAllan357](https://github.com/KAllan357) made their first contribution in [https://github.com/googleforgames/agones/pull/3858](https://github.com/googleforgames/agones/pull/3858) - [@​branhoff](https://github.com/branhoff) made their first contribution in [https://github.com/googleforgames/agones/pull/3868](https://github.com/googleforgames/agones/pull/3868) - [@​aallbrig](https://github.com/aallbrig) made their first contribution in [https://github.com/googleforgames/agones/pull/3866](https://github.com/googleforgames/agones/pull/3866) - [@​ZeroParticle](https://github.com/ZeroParticle) made their first contribution in [https://github.com/googleforgames/agones/pull/3872](https://github.com/googleforgames/agones/pull/3872) - [@​ghostdogpr](https://github.com/ghostdogpr) made their first contribution in [https://github.com/googleforgames/agones/pull/3875](https://github.com/googleforgames/agones/pull/3875) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MzIuMCIsInVwZGF0ZWRJblZlciI6IjM3LjQzMi4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJyZW5vdmF0ZS9oZWxtIiwidHlwZS9taW5vciJdfQ==-->
Add security context to game server sidecar. Hard coded default values in the template, like in #3856. We can make them configurable if we find a reason to.
Fixes #3848