refactor: supress usage of kustomize in build #5691

eddycharly · 2022-12-14T20:47:27Z

Signed-off-by: Charles-Edouard Brétéché charles.edouard@nirmata.com

Explanation

This PR removes dependency to kustomize by not using it for creating helm chart CRDs, manifests, etc...

We maintain helm but not kustomize code so it's better to remove it from our build pipeline as it's going to become more and more obsolete.

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

codecov · 2022-12-14T20:58:01Z

Codecov Report

Merging #5691 (3e96649) into main (14d82cb) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main    #5691   +/-   ##
=======================================
  Coverage   34.64%   34.64%           
=======================================
  Files         190      190           
  Lines       21071    21071           
=======================================
  Hits         7300     7300           
  Misses      12961    12961           
  Partials      810      810

Impacted Files	Coverage Δ
pkg/policy/generate/validate.go	`22.03% <ø> (ø)`

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

realshuting · 2022-12-19T09:51:09Z

With the current changes, labels selector in the deployment will change and as it is immutable it will trigger the error below:

We need to add instructions on how to upgrade Kyverno while preserving all existing policies.

eddycharly · 2022-12-19T09:52:56Z

@realshuting label selector should not change with the latest commits.

eddycharly · 2022-12-19T09:53:13Z

I will update the PR

realshuting · 2022-12-19T09:55:32Z

Makefile

-	@$(KUSTOMIZE) build ./config > ./config/install.yaml
-	@echo Generate install_debug.yaml... >&2
-	@$(KUSTOMIZE) build ./config/debug > ./config/install_debug.yaml
+.PHONY: codegen-manifest-install


Has anything changed regarding the release process?

run make codegen-install, it writes the install.yaml to config/install.yaml
run make codegen-helm-all, it updates Helm charts docs and CRDs

run make codegen-install is not necessary, I removed the yaml manifests from the repo, they will be generated on demand.

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

realshuting

make codegen-helm-crd is the only command needed for releasing 1.9.0+ correct? I will update the wiki accordingly.

* refactor: supress usage of kustomize in build (part 1) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * e2e Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * e2e Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * e2e Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * clean Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * labels Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * simplify templating flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Md Sahil <Mohdssahil1@gmail.com>

* refactor: supress usage of kustomize in build (part 1) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * e2e Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * e2e Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * e2e Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * clean Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * labels Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * simplify templating flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>

james-callahan · 2023-02-14T03:38:42Z

Wait why was kustomize support removed?
It was so much nicer to use than helm for kyverno :/

eddycharly · 2023-02-14T08:21:01Z

Install manifests are available in release artifacts. Does this help ?

james-callahan · 2023-02-14T10:06:55Z

Install manifests are available in release artifacts. Does this help ?

No. To do a hashlocked kustomize build you want to be able to use a reference of github.com/kyverno/kyverno/config/someapp?ref=123456123456commithash123456123456

You also want the base kustomization to not have e.g. any namespaces

eddycharly · 2023-02-14T10:56:31Z

We also publish to oci. I think @stefanprodan uses that with kustomize in flux.

Another option is tu use helm to generate the manifests

james-callahan · 2023-02-14T10:57:32Z

We also publish to oci.

That's a helm thing; doesn't work with kustomize.

Another option is tu use helm to generate the manifests

The whole point here is avoiding helm...

eddycharly · 2023-02-14T10:58:52Z

We publish manifests to oci, not talking about the helm chart here.

james-callahan · 2023-02-14T11:10:38Z

We publish manifests to oci,

I'm not sure how that would be helpful?
With a kustomize remote reference https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/resource/ you have a few protocols available, but as far as I know nothing is suitable for fetching an image from an OCI filesystem bundle. https://github.com/hashicorp/go-getter#url-format

stefanprodan · 2023-02-14T11:35:02Z

@james-callahan see here an example of deploying Kyverno with Flux and Kustomize, using the OCI artifact and verifying its cosign signature are Flux features. https://github.com/fluxcd/flux2-multi-tenancy/tree/main/infrastructure/kyverno

james-callahan · 2023-02-17T01:06:16Z

@james-callahan see here an example of deploying Kyverno with Flux and Kustomize, using the OCI artifact and verifying its cosign signature are Flux features. https://github.com/fluxcd/flux2-multi-tenancy/tree/main/infrastructure/kyverno

That requires people to use Flux (which we don't).
It doesn't allow you to use the main feature of kustomize which is selective customisations to specific fields via overlays

refactor: supress usage of kustomize in build (part 1)

a69f9d3

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

eddycharly added the milestone 1.9.0 label Dec 14, 2022

eddycharly added this to the Kyverno Release 1.9.0 milestone Dec 14, 2022

eddycharly requested a review from treydock as a code owner December 14, 2022 20:47

eddycharly requested review from chipzoller, JimBugwadia and realshuting December 14, 2022 20:47

fix

b111b3c

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

eddycharly added 4 commits December 14, 2022 22:17

fix

930b503

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix

3155be6

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

e2e

6915a2f

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

e2e

5daa1f1

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

eddycharly marked this pull request as draft December 14, 2022 22:13

eddycharly and others added 8 commits December 14, 2022 23:13

Merge branch 'main' into rm-kustomize-1

d41f86b

e2e

00aa788

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix

5a11d80

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix

89bf52e

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

clean

d631bd8

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix

2c1145f

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix

ecc36dd

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Merge branch 'main' into rm-kustomize-1

aa379ab

eddycharly changed the title ~~refactor: supress usage of kustomize in build (part 1)~~ refactor: supress usage of kustomize in build Dec 15, 2022

eddycharly and others added 7 commits December 15, 2022 15:38

fix

624f77a

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix

f45a125

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix

d442b2e

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Merge branch 'main' into rm-kustomize-1

5e2350b

labels

19fa9f3

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix

1c9080e

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

simplify templating flags

49718a1

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

eddycharly added 3 commits December 16, 2022 13:08

fix

dc42aef

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix

ef758c9

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix

8c24eeb

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

eddycharly marked this pull request as ready for review December 16, 2022 13:14

eddycharly requested review from prateekpandey14 and vyankyGH as code owners December 16, 2022 13:14

eddycharly and others added 4 commits December 16, 2022 16:21

fix

1f61892

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Merge branch 'main' into rm-kustomize-1

73a54b0

Merge branch 'main' into rm-kustomize-1

1ae5664

Merge branch 'main' into rm-kustomize-1

aff4c20

realshuting reviewed Dec 19, 2022

View reviewed changes

merge main

3e96649

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

realshuting approved these changes Dec 19, 2022

View reviewed changes

eddycharly merged commit 41fd4fb into kyverno:main Dec 19, 2022

eddycharly deleted the rm-kustomize-1 branch December 19, 2022 15:26

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

refactor: supress usage of kustomize in build #5691

refactor: supress usage of kustomize in build #5691

eddycharly commented Dec 14, 2022 •

edited

codecov bot commented Dec 14, 2022 •

edited

realshuting commented Dec 19, 2022 •

edited

eddycharly commented Dec 19, 2022

eddycharly commented Dec 19, 2022

realshuting Dec 19, 2022

eddycharly Dec 19, 2022

realshuting left a comment

james-callahan commented Feb 14, 2023

eddycharly commented Feb 14, 2023

james-callahan commented Feb 14, 2023

eddycharly commented Feb 14, 2023

james-callahan commented Feb 14, 2023

eddycharly commented Feb 14, 2023

james-callahan commented Feb 14, 2023

stefanprodan commented Feb 14, 2023 •

edited

james-callahan commented Feb 17, 2023

refactor: supress usage of kustomize in build #5691

refactor: supress usage of kustomize in build #5691

Conversation

eddycharly commented Dec 14, 2022 • edited

Explanation

codecov bot commented Dec 14, 2022 • edited

Codecov Report

realshuting commented Dec 19, 2022 • edited

eddycharly commented Dec 19, 2022

eddycharly commented Dec 19, 2022

realshuting Dec 19, 2022

Choose a reason for hiding this comment

eddycharly Dec 19, 2022

Choose a reason for hiding this comment

realshuting left a comment

Choose a reason for hiding this comment

james-callahan commented Feb 14, 2023

eddycharly commented Feb 14, 2023

james-callahan commented Feb 14, 2023

eddycharly commented Feb 14, 2023

james-callahan commented Feb 14, 2023

eddycharly commented Feb 14, 2023

james-callahan commented Feb 14, 2023

stefanprodan commented Feb 14, 2023 • edited

james-callahan commented Feb 17, 2023

eddycharly commented Dec 14, 2022 •

edited

codecov bot commented Dec 14, 2022 •

edited

realshuting commented Dec 19, 2022 •

edited

stefanprodan commented Feb 14, 2023 •

edited