DVO-110: Move disable checks to configmap #253
Conversation
|
@ncaak: This pull request references DVO-110 which is a valid jira issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
Skipping CI for Draft Pull Request. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ncaak The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
ncaak
force-pushed
the
DVO-110/move-disable-checks-configmap
branch
from
9cb4959 to
03ddc2c
Compare
|
/test lint |
|
/test lint |
| # Takes precedence over doNotAutoAddDefaults, if both are set. | ||
| addAllBuiltIn: true | ||
| exclude: ["access-to-create-pods", "access-to-secrets", "cluster-admin-role-binding", "default-service-account", "deprecated-service-account-field", "docker-sock", "drop-net-raw-capability", "env-var-secret", "exposed-services", "latest-tag", "mismatching-selector", "no-extensions-v1beta", "no-liveness-probe", "no-read-only-root-fs", "no-readiness-probe", "no-rolling-update-strategy", "privileged-ports", "read-secret-from-env-var", "required-annotation-email", "required-label-owner", "sensitive-host-mounts", "ssh-port", "unsafe-proc-mount", "use-namespace", "wildcard-in-rules", "writable-host-mount"] |
There was a problem hiding this comment.
Adding to default ConfigMap the disable checks from pkg/validations/validation_engine.go file where they were hardcoded.
This is still being not dynamically changed, but it removes hardcode configuration and allow more flexibility.
ncaak
changed the title
|
@ncaak it looks like it would be good to update the |
pkg/controller/configmap_watcher.go
Outdated
| cmw.ch <- struct{}{} | ||
| cfg, err := cmw.getKubeLinterConfig(newCm.Data[configMapDataAccess]) | ||
| if err != nil { | ||
| fmt.Printf("Error: unmarshalling configmap data: %s", err.Error()) |
There was a problem hiding this comment.
I think we should add some logger to the configmap_watcher.
There was a problem hiding this comment.
Ok, I'll take a look and reuse logger for error messages as well.
Codecov Report
❗ Your organization is not using the GitHub App Integration. As a result you may experience degraded service beginning May 15th. Please install the Github App Integration for your organization. Read more. @@ Coverage Diff @@
## master #253 +/- ##
==========================================
- Coverage 43.40% 42.68% -0.72%
==========================================
Files 23 24 +1
Lines 940 1012 +72
==========================================
+ Hits 408 432 +24
- Misses 497 539 +42
- Partials 35 41 +6
|
|
|
||
| The `exclude` property takes precedence over the `include` property. If a particular check is in both collections, it will be excluded by default. | ||
|
|
||
| The `exclude` property can work in conjunction with `addAllBuiltIn` set to `true` in a blacklisting fashion. All checks will be triggered and only the checks passed in `exclude` will be ignored. |
There was a problem hiding this comment.
Maybe we could also say what the default configuration is (when the configmap doesn't exist).
|
I reviewed and experimented a little bit with this one. Thanks. |
5 participants
summary