Flexibility to use Image SHA for gatekeeper and gatekeeper-crd images… #1674
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… Gatekeeper helm charts open-policy-agent#1659 This commit checks if image.release is defined in the values.yaml if not defined it will ignore the image.release field and only use the values of image.repository and image.crdRepository to set the "image" in gatekeeper audit /controller deployment yamls. With the current implementation there is only one field defined "image.release" which restrics the use of image-tag:release and not allowing SHA along with "image"(e.g image@SHA) for GK and GK-CRD repository Signed-off-by: Priya Shet <priya.shet@gmail.com>
|
@priyamshet Thank you for the PR! looks like there are lint issues and e2e failures. Don't forget to run |
|
@ritazh Thank you for the inputs. updated with gofmt and make manifests. Although "make manifests" forced the inclusion of image: openpolicyagent/gatekeeper:v3.7.0 in gatekeeper-audit-deployment.yaml and gatekeeper-controller-manager-deployment.yaml. Is there any suggestion on how that can be avoided and consider the snippet updated as part of this PR |
|
@ritazh Are there any additional steps to be followed to get reviews /feedback on this PR. |
|
@priyamshet i think we'll need the |
|
@sozercan thank you for the inputs . The "image" was templated in line 43-48 , but "make manifests" generated the charts with hardcoded "image" along with the template changes , Are you suggesting to support the templated image , will need changes in the "make manifests" . If there is an alternate approach please let me know |
priyamshet
force-pushed
the
patch1
branch
4 times, most recently
from
32a72b7
to
4556ecc
Compare
… Gatekeeper helm charts open-policy-agent#1659 This commit checks if image.release is defined in the values.yaml if not defined it will ignore the image.release field and only use the values of image.repository and image.crdRepository to set the "image" in gatekeeper audit /controller deployment yamls. With the current implementation there is only one field defined "image.release" which restrics the use of image-tag:release and not allowing SHA along with "image"(e.g image@SHA) for GK and GK-CRD repository Signed-off-by: Priya Shetpriya.shet@gmail.com <priya.shet@gmail.com>
* Upgrade dependencies Upgrade gatekeeper dependencies to the most recent libraries under which all code compiles and all tests pass. Signed-off-by: Will Beason <willbeason@google.com> * Fix lint issue Signed-off-by: Will Beason <willbeason@google.com>
* Improve error messages for Assertions Specifically for Assertions which define "Message". Now the test failure properly notifies the user that the Assertion was looking for violations for a particular message. Also add several unit tests for Assertions to cover these cases. Unit test coverage is now 100% for assertions.go. We could probably add more tests for assertions, but I'd rather that be its own PR. What I've added is for the behavior changed by this PR. Also add validation that "violations" isn't set to a negative number. Fixes open-policy-agent#1639 Signed-off-by: Will Beason <willbeason@google.com> * Fix linter errors Signed-off-by: Will Beason <willbeason@google.com>
* Make file traversal deterministic Signed-off-by: Will Beason <willbeason@google.com> * Remove redundant path parameter Since it is part of suite, we don't need to pass the Suite's path as a separate parameter. Signed-off-by: Will Beason <willbeason@google.com>
Fixes open-policy-agent#1537 Signed-off-by: Will Beason <willbeason@google.com>
- also moves v1beta1 CRD deprecation doc into the "Implemented" category, as we've already finished it Signed-off-by: juliankatz <juliankatz@google.com>
* Fix ModifySet documentation The list of values is in `spec.parameters.values.fromList` and not directly in `spec.parameters.values`. Reference: https://github.com/open-policy-agent/gatekeeper/blob/master/apis/mutations/v1beta1/modifyset_types.go#L80 Signed-off-by: Bastian Hofmann <bashofmann@gmail.com> * Fix name of ModifySet docs example Signed-off-by: Bastian Hofmann <bashofmann@gmail.com> Co-authored-by: Rita Zhang <rita.z.zhang@gmail.com> Co-authored-by: Max Smythe <smythe@google.com>
…ebsite (open-policy-agent#1745) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sertaç Özercan <852750+sozercan@users.noreply.github.com>
…a.13 in /website (open-policy-agent#1744) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Add test-gator make target Signed-off-by: Will Beason <willbeason@google.com> * Add test for gator CLI to CI Signed-off-by: Will Beason <willbeason@google.com> * Explicitly call bin-gator with args Signed-off-by: Will Beason <willbeason@google.com> * Change location of referenced binary Signed-off-by: Will Beason <willbeason@google.com> * Update test/gator/template.yaml to v1 Co-authored-by: Rita Zhang <rita.z.zhang@gmail.com> Signed-off-by: Will Beason <willbeason@google.com> Co-authored-by: Rita Zhang <rita.z.zhang@gmail.com>
* build: Upgrade frameworks to context change We were able to remove several unnecessary uses of Context in frameworks, resulting in simplifying the interfaces and requiring gatekeeper to need less context-handling code. This commit makes gatekeeper compile with the latest frameworks and removes the now-unnecessary Contexts. Signed-off-by: Will Beason <willbeason@google.com> * build: go mod tidy Signed-off-by: Will Beason <willbeason@google.com> Co-authored-by: Sertaç Özercan <852750+sozercan@users.noreply.github.com>
priyamshet
added a commit
to priyamshet/gatekeeper-1
that referenced
this pull request
Dec 14, 2021
…open-policy-agent#1674 This commit checks if image.release is defined in the values.yaml if not defined it will ignore the image.release field and only use the values of image.repository and image.crdRepository to set the "image" in gatekeeper audit /controller deployment yamls. With the current implementation there is only one field defined "image.release" which restrics the use of image-tag:release and not allowing SHA along with "image"(e.g image@SHA) for GK and GK-CRD repository Signed-off-by: Priya Shet priya.shet@gmail.com
priyamshet
added a commit
to priyamshet/gatekeeper-1
that referenced
this pull request
Dec 14, 2021
…open-policy-agent#1674 This commit checks if image.release is defined in the values.yaml if not defined it will ignore the image.release field and only use the values of image.repository and image.crdRepository to set the "image" in gatekeeper audit /controller deployment yamls. With the current implementation there is only one field defined "image.release" which restrics the use of image-tag:release and not allowing SHA along with "image"(e.g image@SHA) for GK and GK-CRD repository Signed-off-by: Priya Shet priya.shet@gmail.com Signed-off-by: Priya Shetpriya.shet@gmail.com <priya.shet@gmail.com>
|
closing, looks like it got replaced with #1759 |
maxsmythe
pushed a commit
that referenced
this pull request
Dec 17, 2021
…#1674 (#1759) This commit checks if image.release is defined in the values.yaml if not defined it will ignore the image.release field and only use the values of image.repository and image.crdRepository to set the "image" in gatekeeper audit /controller deployment yamls. With the current implementation there is only one field defined "image.release" which restrics the use of image-tag:release and not allowing SHA along with "image"(e.g image@SHA) for GK and GK-CRD repository Signed-off-by: Priya Shet priya.shet@gmail.com Signed-off-by: Priya Shetpriya.shet@gmail.com <priya.shet@gmail.com> Co-authored-by: Sertaç Özercan <852750+sozercan@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
… Gatekeeper helm charts #1659
This commit checks if image.release is defined in the values.yaml
if not defined it will ignore the image.release field and only use the values of
image.repository and image.crdRepository to set the "image" in gatekeeper audit /controller
deployment yamls.
With the current implementation there is only one field defined "image.release" which restrics the use of
image-tag:release and not allowing SHA along with "image"(e.g image@SHA) for GK and GK-CRD repository
Signed-off-by: Priya Shet priya.shet@gmail.com
What this PR does / why we need it:
Which issue(s) this PR fixes (optional, using
fixes #1659 (, fixes #1659)format, will close the issue(s) when the PR gets merged):Fixes #1659
Special notes for your reviewer: