Skip to content

Commit

Permalink
feat: add externaldata v1beta1 api (#270)
Browse files Browse the repository at this point in the history 
* remove docker it

Signed-off-by: Sertac Ozercan <sozercan@gmail.com>

* add v1beta1

Signed-off-by: Sertac Ozercan <sozercan@gmail.com>

* fix lint

Signed-off-by: Sertac Ozercan <sozercan@gmail.com>

* conversion

Signed-off-by: Sertac Ozercan <sozercan@gmail.com>

* update dependencies

Signed-off-by: Sertac Ozercan <sozercan@gmail.com>

* autoconvert

Signed-off-by: Sertac Ozercan <sozercan@gmail.com>

* update

Signed-off-by: Sertac Ozercan <sozercan@gmail.com>

* add deprecation msg

Signed-off-by: Sertac Ozercan <sozercan@gmail.com>

* unversioned api

Signed-off-by: Sertac Ozercan <sozercan@gmail.com>

* update unversioned

Signed-off-by: Sertac Ozercan <sozercan@gmail.com>

* remove tls skip flag

Signed-off-by: Sertac Ozercan <sozercan@gmail.com>

* update remove test to https

Signed-off-by: Sertac Ozercan <sozercan@gmail.com>

Signed-off-by: Sertac Ozercan <sozercan@gmail.com>
  • Loading branch information
@sozercan
sozercan committed Dec 14, 2022
1 parent 64f47d1 commit b745745
Show file tree
Hide file tree
Showing 174 changed files with 180,713 additions and 244 deletions.
10 changes: 5 additions & 5 deletions constraint/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,17 +30,17 @@ docker-internal-test:

# Hook to run docker tests
test:
docker build . -t constraint-test && docker run -it constraint-test
docker build . -t constraint-test && docker run constraint-test

# Install CRDs into a cluster
install: manifests
kubectl apply -f config/crds

# Install the generation dependencies on the local machine
gen-dependencies:
go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.8.0
go install k8s.io/code-generator/cmd/conversion-gen@v0.23.3
go install k8s.io/code-generator/cmd/defaulter-gen@v0.23.3
go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.10.0
go install k8s.io/code-generator/cmd/conversion-gen@v0.25.4
go install k8s.io/code-generator/cmd/defaulter-gen@v0.25.4

# Generate manifests e.g. CRD, RBAC etc.
manifests:
Expand Down Expand Up @@ -75,7 +75,7 @@ generate: generate-defaults
# TODO: Once https://github.com/kubernetes/kubernetes/issues/101567 is fixed, update
# conversion-gen and get us back to running `make generate` in our CI pipeline
conversion-gen \
--input-dirs "./pkg/apis/templates/..." \
--input-dirs "./pkg/apis/templates/...,./pkg/apis/externaldata/..." \
--go-header-file=./hack/boilerplate.go.txt \
--output-file-base=zz_generated.conversion \
--extra-dirs=k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1
Expand Down
53 changes: 41 additions & 12 deletions constraint/config/crds/externaldata.gatekeeper.sh_providers.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.8.0
controller-gen.kubebuilder.io/version: v0.10.0
creationTimestamp: null
name: providers.externaldata.gatekeeper.sh
spec:
Expand All @@ -15,7 +15,10 @@ spec:
singular: provider
scope: Cluster
versions:
- name: v1alpha1
- deprecated: true
deprecationWarning: externaldata.gatekeeper.sh/v1alpha1 is deprecated. Use externaldata.gatekeeper.sh/v1beta1
instead.
name: v1alpha1
schema:
openAPIV3Schema:
description: Provider is the Schema for the Provider API
Expand All @@ -40,10 +43,6 @@ spec:
TLS CA bundle in PEM format. It is used to verify the signature
of the provider's certificate.
type: string
insecureTLSSkipVerify:
description: InsecureTLSSkipVerify skips the verification of Provider's
certificate if enabled.
type: boolean
timeout:
description: Timeout is the timeout when querying the provider.
type: integer
Expand All @@ -55,9 +54,39 @@ spec:
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
- name: v1beta1
schema:
openAPIV3Schema:
description: Provider is the Schema for the providers API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec defines the Provider specifications.
properties:
caBundle:
description: CABundle is a base64-encoded string that contains the
TLS CA bundle in PEM format. It is used to verify the signature
of the provider's certificate.
type: string
timeout:
description: Timeout is the timeout when querying the provider.
type: integer
url:
description: URL is the url for the provider. URL is prefixed with
http:// or https://.
type: string
type: object
type: object
served: true
storage: false
8 changes: 1 addition & 7 deletions constraint/config/crds/templates.gatekeeper.sh_constrainttemplates.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.8.0
controller-gen.kubebuilder.io/version: v0.10.0
creationTimestamp: null
name: constrainttemplates.templates.gatekeeper.sh
spec:
Expand Down Expand Up @@ -324,9 +324,3 @@ spec:
storage: false
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
9 changes: 9 additions & 0 deletions constraint/config/samples/externaldata_v1beta1_provider.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
apiVersion: externaldata.gatekeeper.sh/v1beta1
kind: Provider
metadata:
labels:
controller-tools.k8s.io: "1.0"
name: provider-sample
spec:
# Add fields here
foo: bar
128 changes: 56 additions & 72 deletions constraint/deploy/crds.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.8.0
controller-gen.kubebuilder.io/version: v0.10.0
name: constrainttemplates.templates.gatekeeper.sh
spec:
group: templates.gatekeeper.sh
Expand All @@ -17,18 +17,13 @@ spec:
- name: v1
schema:
openAPIV3Schema:
description: ConstraintTemplate is the Schema for the constrainttemplates
API
description: ConstraintTemplate is the Schema for the constrainttemplates API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
Expand Down Expand Up @@ -80,13 +75,11 @@ spec:
properties:
byPod:
items:
description: ByPodStatus defines the observed state of ConstraintTemplate
as seen by an individual controller
description: ByPodStatus defines the observed state of ConstraintTemplate as seen by an individual controller
properties:
errors:
items:
description: CreateCRDError represents a single error caught
during parsing, compiling, etc.
description: CreateCRDError represents a single error caught during parsing, compiling, etc.
properties:
code:
type: string
Expand All @@ -100,8 +93,7 @@ spec:
type: object
type: array
id:
description: a unique identifier for the pod that wrote the
status
description: a unique identifier for the pod that wrote the status
type: string
observedGeneration:
format: int64
Expand All @@ -120,18 +112,13 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
description: ConstraintTemplate is the Schema for the constrainttemplates
API
description: ConstraintTemplate is the Schema for the constrainttemplates API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
Expand Down Expand Up @@ -183,13 +170,11 @@ spec:
properties:
byPod:
items:
description: ByPodStatus defines the observed state of ConstraintTemplate
as seen by an individual controller
description: ByPodStatus defines the observed state of ConstraintTemplate as seen by an individual controller
properties:
errors:
items:
description: CreateCRDError represents a single error caught
during parsing, compiling, etc.
description: CreateCRDError represents a single error caught during parsing, compiling, etc.
properties:
code:
type: string
Expand All @@ -203,8 +188,7 @@ spec:
type: object
type: array
id:
description: a unique identifier for the pod that wrote the
status
description: a unique identifier for the pod that wrote the status
type: string
observedGeneration:
format: int64
Expand All @@ -223,18 +207,13 @@ spec:
- name: v1beta1
schema:
openAPIV3Schema:
description: ConstraintTemplate is the Schema for the constrainttemplates
API
description: ConstraintTemplate is the Schema for the constrainttemplates API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
Expand Down Expand Up @@ -286,13 +265,11 @@ spec:
properties:
byPod:
items:
description: ByPodStatus defines the observed state of ConstraintTemplate
as seen by an individual controller
description: ByPodStatus defines the observed state of ConstraintTemplate as seen by an individual controller
properties:
errors:
items:
description: CreateCRDError represents a single error caught
during parsing, compiling, etc.
description: CreateCRDError represents a single error caught during parsing, compiling, etc.
properties:
code:
type: string
Expand All @@ -306,8 +283,7 @@ spec:
type: object
type: array
id:
description: a unique identifier for the pod that wrote the
status
description: a unique identifier for the pod that wrote the status
type: string
observedGeneration:
format: int64
Expand All @@ -323,18 +299,12 @@ spec:
storage: false
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.8.0
controller-gen.kubebuilder.io/version: v0.10.0
creationTimestamp: null
name: providers.externaldata.gatekeeper.sh
spec:
Expand All @@ -346,49 +316,63 @@ spec:
singular: provider
scope: Cluster
versions:
- name: v1alpha1
- deprecated: true
deprecationWarning: externaldata.gatekeeper.sh/v1alpha1 is deprecated. Use externaldata.gatekeeper.sh/v1beta1 instead.
name: v1alpha1
schema:
openAPIV3Schema:
description: Provider is the Schema for the Provider API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec defines the Provider specifications.
properties:
caBundle:
description: CABundle is a base64-encoded string that contains the
TLS CA bundle in PEM format. It is used to verify the signature
of the provider's certificate.
description: CABundle is a base64-encoded string that contains the TLS CA bundle in PEM format. It is used to verify the signature of the provider's certificate.
type: string
insecureTLSSkipVerify:
description: InsecureTLSSkipVerify skips the verification of Provider's
certificate if enabled.
type: boolean
timeout:
description: Timeout is the timeout when querying the provider.
type: integer
url:
description: URL is the url for the provider. URL is prefixed with
http:// or https://.
description: URL is the url for the provider. URL is prefixed with http:// or https://.
type: string
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
- name: v1beta1
schema:
openAPIV3Schema:
description: Provider is the Schema for the providers API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec defines the Provider specifications.
properties:
caBundle:
description: CABundle is a base64-encoded string that contains the TLS CA bundle in PEM format. It is used to verify the signature of the provider's certificate.
type: string
timeout:
description: Timeout is the timeout when querying the provider.
type: integer
url:
description: URL is the url for the provider. URL is prefixed with http:// or https://.
type: string
type: object
type: object
served: true
storage: false

0 comments on commit b745745

Please sign in to comment.