New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Flexibility to use Image SHA for gatekeeper and gatekeeper-crd images… #1674
Conversation
… Gatekeeper helm charts open-policy-agent#1659 This commit checks if image.release is defined in the values.yaml if not defined it will ignore the image.release field and only use the values of image.repository and image.crdRepository to set the "image" in gatekeeper audit /controller deployment yamls. With the current implementation there is only one field defined "image.release" which restrics the use of image-tag:release and not allowing SHA along with "image"(e.g image@SHA) for GK and GK-CRD repository Signed-off-by: Priya Shet <priya.shet@gmail.com>
@priyamshet Thank you for the PR! looks like there are lint issues and e2e failures. Don't forget to run |
@ritazh Thank you for the inputs. updated with gofmt and make manifests. Although "make manifests" forced the inclusion of image: openpolicyagent/gatekeeper:v3.7.0 in gatekeeper-audit-deployment.yaml and gatekeeper-controller-manager-deployment.yaml. Is there any suggestion on how that can be avoided and consider the snippet updated as part of this PR |
@ritazh Are there any additional steps to be followed to get reviews /feedback on this PR. |
@priyamshet i think we'll need the |
@sozercan thank you for the inputs . The "image" was templated in line 43-48 , but "make manifests" generated the charts with hardcoded "image" along with the template changes , Are you suggesting to support the templated image , will need changes in the "make manifests" . If there is an alternate approach please let me know |
32a72b7
to
4556ecc
Compare
… Gatekeeper helm charts open-policy-agent#1659 This commit checks if image.release is defined in the values.yaml if not defined it will ignore the image.release field and only use the values of image.repository and image.crdRepository to set the "image" in gatekeeper audit /controller deployment yamls. With the current implementation there is only one field defined "image.release" which restrics the use of image-tag:release and not allowing SHA along with "image"(e.g image@SHA) for GK and GK-CRD repository Signed-off-by: Priya Shetpriya.shet@gmail.com <priya.shet@gmail.com>
* Upgrade dependencies Upgrade gatekeeper dependencies to the most recent libraries under which all code compiles and all tests pass. Signed-off-by: Will Beason <willbeason@google.com> * Fix lint issue Signed-off-by: Will Beason <willbeason@google.com>
* Improve error messages for Assertions Specifically for Assertions which define "Message". Now the test failure properly notifies the user that the Assertion was looking for violations for a particular message. Also add several unit tests for Assertions to cover these cases. Unit test coverage is now 100% for assertions.go. We could probably add more tests for assertions, but I'd rather that be its own PR. What I've added is for the behavior changed by this PR. Also add validation that "violations" isn't set to a negative number. Fixes open-policy-agent#1639 Signed-off-by: Will Beason <willbeason@google.com> * Fix linter errors Signed-off-by: Will Beason <willbeason@google.com>
* Make file traversal deterministic Signed-off-by: Will Beason <willbeason@google.com> * Remove redundant path parameter Since it is part of suite, we don't need to pass the Suite's path as a separate parameter. Signed-off-by: Will Beason <willbeason@google.com>
Fixes open-policy-agent#1537 Signed-off-by: Will Beason <willbeason@google.com>
- also moves v1beta1 CRD deprecation doc into the "Implemented" category, as we've already finished it Signed-off-by: juliankatz <juliankatz@google.com>
* Fix ModifySet documentation The list of values is in `spec.parameters.values.fromList` and not directly in `spec.parameters.values`. Reference: https://github.com/open-policy-agent/gatekeeper/blob/master/apis/mutations/v1beta1/modifyset_types.go#L80 Signed-off-by: Bastian Hofmann <bashofmann@gmail.com> * Fix name of ModifySet docs example Signed-off-by: Bastian Hofmann <bashofmann@gmail.com> Co-authored-by: Rita Zhang <rita.z.zhang@gmail.com> Co-authored-by: Max Smythe <smythe@google.com>
…ebsite (open-policy-agent#1745) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sertaç Özercan <852750+sozercan@users.noreply.github.com>
…a.13 in /website (open-policy-agent#1744) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Add test-gator make target Signed-off-by: Will Beason <willbeason@google.com> * Add test for gator CLI to CI Signed-off-by: Will Beason <willbeason@google.com> * Explicitly call bin-gator with args Signed-off-by: Will Beason <willbeason@google.com> * Change location of referenced binary Signed-off-by: Will Beason <willbeason@google.com> * Update test/gator/template.yaml to v1 Co-authored-by: Rita Zhang <rita.z.zhang@gmail.com> Signed-off-by: Will Beason <willbeason@google.com> Co-authored-by: Rita Zhang <rita.z.zhang@gmail.com>
* build: Upgrade frameworks to context change We were able to remove several unnecessary uses of Context in frameworks, resulting in simplifying the interfaces and requiring gatekeeper to need less context-handling code. This commit makes gatekeeper compile with the latest frameworks and removes the now-unnecessary Contexts. Signed-off-by: Will Beason <willbeason@google.com> * build: go mod tidy Signed-off-by: Will Beason <willbeason@google.com> Co-authored-by: Sertaç Özercan <852750+sozercan@users.noreply.github.com>
…open-policy-agent#1674 This commit checks if image.release is defined in the values.yaml if not defined it will ignore the image.release field and only use the values of image.repository and image.crdRepository to set the "image" in gatekeeper audit /controller deployment yamls. With the current implementation there is only one field defined "image.release" which restrics the use of image-tag:release and not allowing SHA along with "image"(e.g image@SHA) for GK and GK-CRD repository Signed-off-by: Priya Shet priya.shet@gmail.com
…open-policy-agent#1674 This commit checks if image.release is defined in the values.yaml if not defined it will ignore the image.release field and only use the values of image.repository and image.crdRepository to set the "image" in gatekeeper audit /controller deployment yamls. With the current implementation there is only one field defined "image.release" which restrics the use of image-tag:release and not allowing SHA along with "image"(e.g image@SHA) for GK and GK-CRD repository Signed-off-by: Priya Shet priya.shet@gmail.com Signed-off-by: Priya Shetpriya.shet@gmail.com <priya.shet@gmail.com>
closing, looks like it got replaced with #1759 |
…#1674 (#1759) This commit checks if image.release is defined in the values.yaml if not defined it will ignore the image.release field and only use the values of image.repository and image.crdRepository to set the "image" in gatekeeper audit /controller deployment yamls. With the current implementation there is only one field defined "image.release" which restrics the use of image-tag:release and not allowing SHA along with "image"(e.g image@SHA) for GK and GK-CRD repository Signed-off-by: Priya Shet priya.shet@gmail.com Signed-off-by: Priya Shetpriya.shet@gmail.com <priya.shet@gmail.com> Co-authored-by: Sertaç Özercan <852750+sozercan@users.noreply.github.com>
… Gatekeeper helm charts #1659
This commit checks if image.release is defined in the values.yaml
if not defined it will ignore the image.release field and only use the values of
image.repository and image.crdRepository to set the "image" in gatekeeper audit /controller
deployment yamls.
With the current implementation there is only one field defined "image.release" which restrics the use of
image-tag:release and not allowing SHA along with "image"(e.g image@SHA) for GK and GK-CRD repository
Signed-off-by: Priya Shet priya.shet@gmail.com
What this PR does / why we need it:
Which issue(s) this PR fixes (optional, using
fixes #1659 (, fixes #1659)
format, will close the issue(s) when the PR gets merged):Fixes #1659
Special notes for your reviewer: