Merge branch 'master' into root-cmd

Makefile

@@ -180,7 +180,7 @@ install: manifests
 
 deploy-mutation: patch-image
 	@grep -q -v 'enable-mutation' ./config/overlays/dev_mutation/manager_image_patch.yaml && sed -i '/- --operation=webhook/a \ \ \ \ \ \ \ \ - --enable-mutation=true' ./config/overlays/dev_mutation/manager_image_patch.yaml && sed -i '/- --operation=status/a \ \ \ \ \ \ \ \ - --operation=mutation-status' ./config/overlays/dev_mutation/manager_image_patch.yaml
-	kustomize build config/overlays/dev_mutation | kubectl apply -f -
+	kustomize build --load_restrictor LoadRestrictionsNone config/overlays/dev_mutation | kubectl apply -f -
 	kustomize build --load_restrictor LoadRestrictionsNone config/overlays/mutation | kubectl apply -f -
 
 # Deploy controller in the configured Kubernetes cluster in ~/.kube/config
@@ -204,7 +204,7 @@ manifests: __controller-gen
 	mkdir -p manifest_staging/deploy
 	mkdir -p manifest_staging/charts/gatekeeper
 	docker run --rm -v $(shell pwd):/gatekeeper --entrypoint /usr/local/bin/kustomize line/kubectl-kustomize:${KUBECTL_KUSTOMIZE_VERSION} build /gatekeeper/config/default -o /gatekeeper/manifest_staging/deploy/gatekeeper.yaml
-	docker run --rm -v $(shell pwd):/gatekeeper --entrypoint /usr/local/bin/kustomize line/kubectl-kustomize:${KUBECTL_KUSTOMIZE_VERSION} build /gatekeeper/cmd/build/helmify | go run cmd/build/helmify/*.go
+	docker run --rm -v $(shell pwd):/gatekeeper --entrypoint /usr/local/bin/kustomize line/kubectl-kustomize:${KUBECTL_KUSTOMIZE_VERSION} build --load_restrictor LoadRestrictionsNone /gatekeeper/cmd/build/helmify | go run cmd/build/helmify/*.go
 
 # lint runs a dockerized golangci-lint, and should give consistent results
 # across systems.

config/crd/kustomization.yaml

@@ -16,6 +16,12 @@ resources:
 bases:
 - ../../vendor/github.com/open-policy-agent/frameworks/constraint/deploy
 
+patches:
+- target:
+    group: apiextensions.k8s.io
+    version: v1
+    kind: CustomResourceDefinition
+  path: patches/preserve_unknown_fields_false.yaml
 
 patchesStrategicMerge:
 #- patches/max_name_size_for_assign.yaml

config/crd/patches/preserve_unknown_fields_false.yaml

@@ -0,0 +1,6 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: foobar
+spec:
+  preserveUnknownFields: false

config/overlays/mutation/kustomization.yaml

@@ -16,6 +16,13 @@ resources:
 - ../../crd/bases/mutations.gatekeeper.sh_assignmetadata.yaml
 - ../../crd/bases/status.gatekeeper.sh_mutatorpodstatuses.yaml
 
+patches:
+- target:
+    group: apiextensions.k8s.io
+    version: v1
+    kind: CustomResourceDefinition
+  path: ../../crd/patches/preserve_unknown_fields_false.yaml
+
 patchesJson6902:
 - target:
     group: apiextensions.k8s.io

config/overlays/mutation_webhook/kustomization.yaml

@@ -13,6 +13,12 @@ resources:
   - mutations.gatekeeper.sh_assignmetadata.yaml
   - status.gatekeeper.sh_mutatorpodstatuses.yaml
 
+patches:
+- target:
+    group: apiextensions.k8s.io
+    version: v1
+    kind: CustomResourceDefinition
+  path: ../../crd/patches/preserve_unknown_fields_false.yaml
 
 patchesJson6902:
 - target:

manifest_staging/charts/gatekeeper/crds/assign-customresourcedefinition.yaml

@@ -13,6 +13,7 @@ spec:
     listKind: AssignList
     plural: assign
     singular: assign
+  preserveUnknownFields: false
   scope: Cluster
   versions:
   - name: v1alpha1

manifest_staging/charts/gatekeeper/crds/assignmetadata-customresourcedefinition.yaml

@@ -13,6 +13,7 @@ spec:
     listKind: AssignMetadataList
     plural: assignmetadata
     singular: assignmetadata
+  preserveUnknownFields: false
   scope: Cluster
   versions:
   - name: v1alpha1

manifest_staging/charts/gatekeeper/crds/config-customresourcedefinition.yaml

@@ -13,6 +13,7 @@ spec:
     listKind: ConfigList
     plural: configs
     singular: config
+  preserveUnknownFields: false
   scope: Namespaced
   versions:
   - name: v1alpha1

manifest_staging/charts/gatekeeper/crds/constraintpodstatus-customresourcedefinition.yaml

@@ -13,6 +13,7 @@ spec:
     listKind: ConstraintPodStatusList
     plural: constraintpodstatuses
     singular: constraintpodstatus
+  preserveUnknownFields: false
   scope: Namespaced
   versions:
   - name: v1beta1

manifest_staging/charts/gatekeeper/crds/constrainttemplate-customresourcedefinition.yaml

@@ -13,6 +13,7 @@ spec:
     listKind: ConstraintTemplateList
     plural: constrainttemplates
     singular: constrainttemplate
+  preserveUnknownFields: false
   scope: Cluster
   versions:
   - name: v1alpha1

manifest_staging/charts/gatekeeper/crds/constrainttemplatepodstatus-customresourcedefinition.yaml

@@ -13,6 +13,7 @@ spec:
     listKind: ConstraintTemplatePodStatusList
     plural: constrainttemplatepodstatuses
     singular: constrainttemplatepodstatus
+  preserveUnknownFields: false
   scope: Namespaced
   versions:
   - name: v1beta1

manifest_staging/charts/gatekeeper/crds/mutatorpodstatus-customresourcedefinition.yaml

@@ -13,6 +13,7 @@ spec:
     listKind: MutatorPodStatusList
     plural: mutatorpodstatuses
     singular: mutatorpodstatus
+  preserveUnknownFields: false
   scope: Namespaced
   versions:
   - name: v1beta1

manifest_staging/deploy/gatekeeper.yaml

@@ -29,7 +29,6 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.5.0
-  creationTimestamp: null
   labels:
     gatekeeper.sh/system: "yes"
   name: configs.config.gatekeeper.sh
@@ -40,6 +39,7 @@ spec:
     listKind: ConfigList
     plural: configs
     singular: config
+  preserveUnknownFields: false
   scope: Namespaced
   versions:
   - name: v1alpha1
@@ -139,7 +139,6 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.5.0
-  creationTimestamp: null
   labels:
     gatekeeper.sh/system: "yes"
   name: constraintpodstatuses.status.gatekeeper.sh
@@ -150,6 +149,7 @@ spec:
     listKind: ConstraintPodStatusList
     plural: constraintpodstatuses
     singular: constraintpodstatus
+  preserveUnknownFields: false
   scope: Namespaced
   versions:
   - name: v1beta1
@@ -213,7 +213,6 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.5.0
-  creationTimestamp: null
   labels:
     gatekeeper.sh/system: "yes"
   name: constrainttemplatepodstatuses.status.gatekeeper.sh
@@ -224,6 +223,7 @@ spec:
     listKind: ConstraintTemplatePodStatusList
     plural: constrainttemplatepodstatuses
     singular: constrainttemplatepodstatus
+  preserveUnknownFields: false
   scope: Namespaced
   versions:
   - name: v1beta1
@@ -286,7 +286,6 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.5.0
-  creationTimestamp: null
   labels:
     gatekeeper.sh/system: "yes"
   name: constrainttemplates.templates.gatekeeper.sh
@@ -297,6 +296,7 @@ spec:
     listKind: ConstraintTemplateList
     plural: constrainttemplates
     singular: constrainttemplate
+  preserveUnknownFields: false
   scope: Cluster
   versions:
   - name: v1alpha1