New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade gatekeeper to 3.6.0 #8973
Upgrade gatekeeper to 3.6.0 #8973
Conversation
/retest |
2 similar comments
/retest |
/retest |
/override pre-kubermatic-test-helm-charts This one is broken because of the new docker registry mirroring stuff, because of the dangling /test pre-kubermatic-opa-e2e This one is flaky. Are we sure this can be applied over an existing OPA installation without issues? Changes to CRDs are always scary to me. |
@xrstf: Overrode contexts on behalf of xrstf: pre-kubermatic-test-helm-charts In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Nor sure. This opa test became flaky again after the crd migration, i have to check it to see why. So i dont know if now its flaky or its something real. But no rush with this PR ill check it on monday |
let my quote my notes from team A's slack channel 2 hours ago:
there's a chance the CRD mirgation made it flaky, but it would guess more that the improved ClusterStatus handling made things so fast that we now experience these issues 😁 |
Right, it could be the ClusterStatus. Anyway the webhook shouldnt block the deployment, because it has a failure policy set to Ignore (allow if validation request fails), but maybe something changed, ill check it out. In the meantime, regarding this PR, I found 1 place in the e2e tests where the old v1beta1 CT was being used, maybe it helps here. |
Ill first focus on fixing the OPA tests flakiness, then check here. It seems this one is failing for a different issue, so Ill put this on hold for now. /hold |
7cbbd92
to
711d740
Compare
There is some issue with the OPA e2e tests in this PR beside the flakiness. So I will be checking it here, keeping the PR on hold |
/retest |
b780ef7
to
d79bd89
Compare
/retest |
2 similar comments
/retest |
/retest |
d79bd89
to
2078a89
Compare
/retest |
3 similar comments
/retest |
/retest |
/retest |
@xrstf this is ready for re-review. The failing opa test was fixed, it was fixed in the commit, the issue was that dynamically you cant (or at least i havent found a way) properly create openAPIschema for arrays which includes its type. And as the new v1 ConstraintTemplates demand this, it was failing. Btw the opa test is still flaky because of #9047 . |
@xrstf PTAL |
3e8f236
to
bcac200
Compare
/retest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/approve
LGTM label has been added. Git tree hash: 557d8027fbd8d1c520041e63efd4cdc25c686350
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: lsviben, xrstf The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
What does this PR do / Why do we need it:
Upgrades the OPA integration Gatekeeper from 3.5.2 to 3.6.0.
Important change here is that ConstraintTemplates are now v1 from v1beta1
Does this PR close any issues?:
Fixes #8832
Does this PR introduce a user-facing change?: