Skip to content

Commit

Permalink
Upgrade v1beta1 CRD yamls to v1 (#1286)
Browse files Browse the repository at this point in the history 
This PR changes the flags passed to controller-gen to generate v1 CRDs
for the CRDs defined in this repository.

It also includes changes from open-policy-agent/frameworks#114, which
update the ConstraintTemplate CRD to v1, and
open-policy-agent/frameworks#117, which allowed Gatekeeper to add the
Operations field to byPodStatus, which isn't built in to the byPodStatus
golang struct.

Contributes to #550

Signed-off-by: juliankatz <juliankatz@google.com>
  • Loading branch information
@julianKatz
julianKatz committed May 20, 2021
1 parent 92bf487 commit a2a42df
Show file tree
Hide file tree
Showing 33 changed files with 1,617 additions and 1,623 deletions.
16 changes: 12 additions & 4 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,9 +67,6 @@ MANAGER_IMAGE_PATCH := "apiVersion: apps/v1\

FRAMEWORK_PACKAGE := github.com/open-policy-agent/frameworks/constraint

# Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
CRD_OPTIONS ?= crd:trivialVersions=true,crdVersions=v1beta1

# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
ifeq (,$(shell go env GOBIN))
GOBIN=$(shell go env GOPATH)/bin
Expand Down Expand Up @@ -175,7 +172,17 @@ deploy: patch-image manifests

# Generate manifests e.g. CRD, RBAC etc.
manifests: __controller-gen
$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./apis/..." paths="./pkg/..." output:crd:artifacts:config=config/crd/bases
$(CONTROLLER_GEN) \
crd \
rbac:roleName=manager-role \
webhook \
paths="./apis/..." \
paths="./pkg/..." \
output:crd:artifacts:config=config/crd/bases
# As mutation CRDs are not ready to be included in our final gatekeeper.yaml, we leave them out of config/crd/kustomization.yaml.
# This makes these files unavailable to the helmify step below. The solve for this was to copy the mutation CRDs into
# config/overlays/mutation_webhook/. To maintain the generation pipeline, we do that copy step here.
cp config/crd/bases/mutations* config/overlays/mutation_webhook/
rm -rf manifest_staging
mkdir -p manifest_staging/deploy
mkdir -p manifest_staging/charts/gatekeeper
Expand Down Expand Up @@ -295,3 +302,4 @@ __tooling-image:
.PHONY: vendor
vendor:
go mod vendor
go mod tidy
12 changes: 6 additions & 6 deletions cmd/build/helmify/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,37 +17,37 @@ patchesJson6902:
path: labels_patch.yaml
- target:
group: apiextensions.k8s.io
version: v1beta1
version: v1
kind: CustomResourceDefinition
name: constraintpodstatuses.status.gatekeeper.sh
path: labels_patch.yaml
- target:
group: apiextensions.k8s.io
version: v1beta1
version: v1
kind: CustomResourceDefinition
name: constrainttemplatepodstatuses.status.gatekeeper.sh
path: labels_patch.yaml
- target:
group: apiextensions.k8s.io
version: v1beta1
version: v1
kind: CustomResourceDefinition
name: mutatorpodstatuses.status.gatekeeper.sh
path: labels_patch.yaml
- target:
group: apiextensions.k8s.io
version: v1beta1
version: v1
kind: CustomResourceDefinition
name: configs.config.gatekeeper.sh
path: labels_patch.yaml
- target:
group: apiextensions.k8s.io
version: v1beta1
version: v1
kind: CustomResourceDefinition
name: assignmetadata.mutations.gatekeeper.sh
path: labels_patch.yaml
- target:
group: apiextensions.k8s.io
version: v1beta1
version: v1
kind: CustomResourceDefinition
name: assign.mutations.gatekeeper.sh
path: labels_patch.yaml
Expand Down
10 changes: 5 additions & 5 deletions cmd/build/helmify/kustomize-for-helm.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ metadata:
spec:
HELMSUBST_SERVICE_TYPE: ""
---
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: configs.config.gatekeeper.sh
Expand All @@ -18,25 +18,25 @@ metadata:
name: constrainttemplates.templates.gatekeeper.sh
status: null
---
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: constrainttemplatepodstatuses.status.gatekeeper.sh
status: null
---
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: constraintpodstatuses.status.gatekeeper.sh
status: null
---
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: assignmetadata.mutations.gatekeeper.sh
status: null
---
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: assign.mutations.gatekeeper.sh
Expand Down
4 changes: 2 additions & 2 deletions cmd/build/helmify/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ import (
"strings"

"gopkg.in/yaml.v2"
apiextensionsv1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1"
apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
)

var (
Expand Down Expand Up @@ -40,7 +40,7 @@ func extractName(s string) (string, error) {
}

func extractCRDKind(obj string) (string, error) {
crd := &apiextensionsv1beta1.CustomResourceDefinition{}
crd := &apiextensionsv1.CustomResourceDefinition{}
if err := yaml.Unmarshal([]byte(obj), crd); err != nil {
return "", err
}
Expand Down
159 changes: 79 additions & 80 deletions config/crd/bases/config.gatekeeper.sh_configs.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@

---
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
Expand All @@ -15,91 +15,90 @@ spec:
plural: configs
singular: config
scope: Namespaced
validation:
openAPIV3Schema:
description: Config is the Schema for the configs API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ConfigSpec defines the desired state of Config
properties:
match:
description: Configuration for namespace exclusion
items:
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: Config is the Schema for the configs API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ConfigSpec defines the desired state of Config
properties:
match:
description: Configuration for namespace exclusion
items:
properties:
excludedNamespaces:
items:
type: string
type: array
processes:
items:
type: string
type: array
type: object
type: array
readiness:
description: Configuration for readiness tracker
properties:
excludedNamespaces:
statsEnabled:
type: boolean
type: object
sync:
description: Configuration for syncing k8s objects
properties:
syncOnly:
description: If non-empty, only entries on this list will be replicated into OPA
items:
type: string
properties:
group:
type: string
kind:
type: string
version:
type: string
type: object
type: array
processes:
type: object
validation:
description: Configuration for validation
properties:
traces:
description: List of requests to trace. Both "user" and "kinds" must be specified
items:
type: string
properties:
dump:
description: Also dump the state of OPA with the trace. Set to `All` to dump everything.
type: string
kind:
description: Only trace requests of the following GroupVersionKind
properties:
group:
type: string
kind:
type: string
version:
type: string
type: object
user:
description: Only trace requests from the specified user
type: string
type: object
type: array
type: object
type: array
readiness:
description: Configuration for readiness tracker
properties:
statsEnabled:
type: boolean
type: object
sync:
description: Configuration for syncing k8s objects
properties:
syncOnly:
description: If non-empty, only entries on this list will be replicated into OPA
items:
properties:
group:
type: string
kind:
type: string
version:
type: string
type: object
type: array
type: object
validation:
description: Configuration for validation
properties:
traces:
description: List of requests to trace. Both "user" and "kinds" must be specified
items:
properties:
dump:
description: Also dump the state of OPA with the trace. Set to `All` to dump everything.
type: string
kind:
description: Only trace requests of the following GroupVersionKind
properties:
group:
type: string
kind:
type: string
version:
type: string
type: object
user:
description: Only trace requests from the specified user
type: string
type: object
type: array
type: object
type: object
status:
description: ConfigStatus defines the observed state of Config
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
type: object
status:
description: ConfigStatus defines the observed state of Config
type: object
type: object
served: true
storage: true
status:
Expand Down

0 comments on commit a2a42df

Please sign in to comment.