Skip to content

Commit

Permalink
Upgrade Gatekeeper image to v3.14.0
Browse files Browse the repository at this point in the history 
Signed-off-by: Yi Rae Kim <[email protected]>
  • Loading branch information
@yiraeChristineKim @openshift-merge-bot
yiraeChristineKim authored and openshift-merge-bot[bot] committed Dec 5, 2023
1 parent eebbde6 commit 47e04fc
Show file tree
Hide file tree
Showing 36 changed files with 1,644 additions and 153 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/ci_tests.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ jobs:
- name: Set Up Environment Variables
run: |
GATEKEEPER_VERSION=$(awk '/^GATEKEEPER_VERSION/ {print $3}' Makefile)
GATEKEEPER_VERSION=v$(cut -d '-' -f 1 VERSION)
echo "GATEKEEPER_VERSION=${GATEKEEPER_VERSION}" >> ${GITHUB_ENV}
# Checkout a local copy of Gatekeeper to use its bats e2e tests.
Expand All @@ -145,7 +145,7 @@ jobs:
# TODO: gatekeeper-operator does not --log-mutations nor --mutation-annotations
- name: Remove unhandled gatekeeper bats tests
run: |
sed -i -e '67,71d;80,83d' /home/runner/work/gatekeeper-operator/gatekeeper-operator/gatekeeper/test/bats/test.bats
sed -i -e '67,73d;82,85d' /home/runner/work/gatekeeper-operator/gatekeeper-operator/gatekeeper/test/bats/test.bats
- name: Gatekeeper E2E Tests
run: |
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/olm_tests.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ jobs:
REGISTRY_PORT=5000
REPO=localhost:${REGISTRY_PORT}
IMG=${REPO}/gatekeeper-operator:${GITHUB_SHA}
PREV_BUNDLE_INDEX_IMG=quay.io/gatekeeper/gatekeeper-operator-bundle-index:$(cat REPLACES_VERSION)
PREV_BUNDLE_INDEX_IMG=quay.io/gatekeeper/gatekeeper-operator-bundle-index:v$(cat REPLACES_VERSION)
make build-and-push-bundle-images IMG=${IMG} REPO=${REPO} VERSION=${GITHUB_SHA} OPERATOR_VERSION=$(cat VERSION)
- name: Deploy OLM
Expand Down
3 changes: 2 additions & 1 deletion .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,4 +20,5 @@ testbin/*

ci-tools/

.vscode/*
.vscode/
gatekeeper/
7 changes: 2 additions & 5 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,7 @@ tidy: ## Run go mod tidy

.PHONY: test
test: manifests generate fmt vet envtest ## Run tests.
KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" GOFLAGS=$(GOFLAGS) go test $(go list ./... | grep -v /test/) -coverprofile cover.out
KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" GOFLAGS=$(GOFLAGS) go test $$(go list ./... | grep -v /test/) -coverprofile cover.out

.PHONY: test-e2e
test-e2e: e2e-dependencies generate fmt vet ## Run e2e tests, using the configured Kubernetes cluster in ~/.kube/config
Expand Down Expand Up @@ -375,7 +375,7 @@ TMP_IMPORT_MANIFESTS_PATH := $(shell mktemp -d)
.PHONY: import-manifests
import-manifests: kustomize
if [[ $(IMPORT_MANIFESTS_PATH) =~ https://* ]]; then \
git clone --branch $(GATEKEEPER_VERSION) $(IMPORT_MANIFESTS_PATH) $(TMP_IMPORT_MANIFESTS_PATH) ; \
git clone --branch v$(shell cut -d '-' -f 1 VERSION) $(IMPORT_MANIFESTS_PATH) $(TMP_IMPORT_MANIFESTS_PATH) ; \
cd $(TMP_IMPORT_MANIFESTS_PATH) && make patch-image ; \
$(KUSTOMIZE) build --load-restrictor LoadRestrictionsNone $(TMP_IMPORT_MANIFESTS_PATH)/config/default -o $(MAKEFILE_DIR)/$(GATEKEEPER_MANIFEST_DIR); \
rm -rf "$${TMP_IMPORT_MANIFESTS_PATH}" ; \
Expand Down Expand Up @@ -443,9 +443,6 @@ $(OPERATOR_SDK):
curl -L $(OPERATOR_SDK_URL) -o $(OPERATOR_SDK) || (echo "curl returned $$? trying to fetch operator-sdk"; exit 1)
chmod +x $(OPERATOR_SDK)

# Current Gatekeeper version
GATEKEEPER_VERSION ?= v3.11.1

# Default bundle index image tag
BUNDLE_INDEX_IMG ?= $(IMAGE_TAG_BASE)-bundle-index:v$(VERSION)
# Default previous bundle index image tag
Expand Down
2 changes: 1 addition & 1 deletion REPLACES_VERSION
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
0.2.6
3.11.1
2 changes: 1 addition & 1 deletion VERSION
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
3.11.1
3.14.0
12 changes: 12 additions & 0 deletions api/v1alpha1/gatekeeper_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,8 @@ type AuditConfig struct {
// +optional
EmitAuditEvents *EmitEventsMode `json:"emitAuditEvents,omitempty"`
// +optional
AuditEventsInvolvedNamespace *EventsInvolvedNsMode `json:"auditEventsInvolvedNamespace,omitempty"`
// +optional
Resources *corev1.ResourceRequirements `json:"resources,omitempty"`
}

Expand All @@ -123,6 +125,8 @@ type WebhookConfig struct {
// +optional
EmitAdmissionEvents *EmitEventsMode `json:"emitAdmissionEvents,omitempty"`
// +optional
AdmissionEventsInvolvedNamespace *EventsInvolvedNsMode `json:"admissionEventsInvolvedNamespace,omitempty"`
// +optional
FailurePolicy *admregv1.FailurePolicyType `json:"failurePolicy,omitempty"`
// +optional
NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"`
Expand Down Expand Up @@ -159,6 +163,14 @@ const (
EmitEventsDisabled EmitEventsMode = "Disabled"
)

// +kubebuilder:validation:Enum:=Enabled;Disabled
type EventsInvolvedNsMode string

const (
EventsInvolvedNsModeEnabled EventsInvolvedNsMode = "Enabled"
EventsInvolvedNsModeDisabled EventsInvolvedNsMode = "Disabled"
)

// GatekeeperStatus defines the observed state of Gatekeeper
type GatekeeperStatus struct {
// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
Expand Down
10 changes: 10 additions & 0 deletions api/v1alpha1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion bundle.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1
LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/
LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
LABEL operators.operatorframework.io.bundle.package.v1=gatekeeper-operator
LABEL operators.operatorframework.io.bundle.channels.v1=stable,3.11
LABEL operators.operatorframework.io.bundle.channels.v1=stable,3.14
LABEL operators.operatorframework.io.bundle.channel.default.v1=stable
LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.31.0
LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1
Expand Down
27 changes: 20 additions & 7 deletions bundle/manifests/gatekeeper-operator.clusterserviceversion.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,10 @@ metadata:
}
]
capabilities: Basic Install
olm.skipRange: "<3.11.0"
olm.skipRange: "<3.14.0"
operators.operatorframework.io/builder: operator-sdk-v1.31.0
operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
name: gatekeeper-operator.v3.11.1
name: gatekeeper-operator.v3.14.0
namespace: placeholder
spec:
apiservicedefinitions: {}
Expand Down Expand Up @@ -196,6 +196,7 @@ spec:
- apiGroups:
- ""
resources:
- events
- namespaces
verbs:
- create
Expand All @@ -205,6 +206,18 @@ spec:
- patch
- update
- watch
- apiGroups:
- expansion.gatekeeper.sh
resources:
- '*'
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- externaldata.gatekeeper.sh
resources:
Expand Down Expand Up @@ -377,8 +390,8 @@ spec:
- /manager
env:
- name: RELATED_IMAGE_GATEKEEPER
value: openpolicyagent/gatekeeper:v3.11.1
image: quay.io/gatekeeper/gatekeeper-operator:v3.11.1
value: openpolicyagent/gatekeeper:v3.14.0
image: quay.io/gatekeeper/gatekeeper-operator:v3.14.0
imagePullPolicy: Always
livenessProbe:
httpGet:
Expand Down Expand Up @@ -514,7 +527,7 @@ spec:
provider:
name: Red Hat
relatedImages:
- image: openpolicyagent/gatekeeper:v3.11.1
- image: openpolicyagent/gatekeeper:v3.14.0
name: gatekeeper
replaces: gatekeeper-operator.v0.2.6
version: "3.11.1"
replaces: gatekeeper-operator.v3.11.1
version: "3.14.0"
10 changes: 10 additions & 0 deletions bundle/manifests/operator.gatekeeper.sh_gatekeepers.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -863,6 +863,11 @@ spec:
format: int64
minimum: 0
type: integer
auditEventsInvolvedNamespace:
enum:
- Enabled
- Disabled
type: string
auditFromCache:
description: Setting Automatic lets the Gatekeeper operator manage
syncOnly in the config resource. It is not recommended to use
Expand Down Expand Up @@ -1021,6 +1026,11 @@ spec:
type: string
webhook:
properties:
admissionEventsInvolvedNamespace:
enum:
- Enabled
- Disabled
type: string
disabledBuiltins:
items:
type: string
Expand Down
2 changes: 1 addition & 1 deletion bundle/metadata/annotations.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ annotations:
operators.operatorframework.io.bundle.manifests.v1: manifests/
operators.operatorframework.io.bundle.metadata.v1: metadata/
operators.operatorframework.io.bundle.package.v1: gatekeeper-operator
operators.operatorframework.io.bundle.channels.v1: "stable,3.11"
operators.operatorframework.io.bundle.channels.v1: "stable,3.14"
operators.operatorframework.io.bundle.channel.default.v1: stable
operators.operatorframework.io.metrics.builder: operator-sdk-v1.31.0
operators.operatorframework.io.metrics.mediatype.v1: metrics+v1
Expand Down
10 changes: 10 additions & 0 deletions config/crd/bases/operator.gatekeeper.sh_gatekeepers.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -863,6 +863,11 @@ spec:
format: int64
minimum: 0
type: integer
auditEventsInvolvedNamespace:
enum:
- Enabled
- Disabled
type: string
auditFromCache:
description: Setting Automatic lets the Gatekeeper operator manage
syncOnly in the config resource. It is not recommended to use
Expand Down Expand Up @@ -1021,6 +1026,11 @@ spec:
type: string
webhook:
properties:
admissionEventsInvolvedNamespace:
enum:
- Enabled
- Disabled
type: string
disabledBuiltins:
items:
type: string
Expand Down
18 changes: 9 additions & 9 deletions ...eper/apiextensions.k8s.io_v1_customresourcedefinition_assign.mutations.gatekeeper.sh.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ spec:
end. Ex: "kube-*" will match "kube-system" or "kube-public",
"*-system" will match "kube-system" or "gatekeeper-system". The
asterisk is required for wildcard matching.'
pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$
type: string
type: array
kinds:
Expand Down Expand Up @@ -164,7 +164,7 @@ spec:
a prefix or suffix glob. For example, `name: pod-*` would match
both `pod-a` and `pod-b`, and `name: *-pod` would match both
`a-pod` and `b-pod`.'
pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$
type: string
namespaceSelector:
description: NamespaceSelector is a label selector against an
Expand Down Expand Up @@ -223,7 +223,7 @@ spec:
end. Ex: "kube-*" will match "kube-system" or "kube-public",
"*-system" will match "kube-system" or "gatekeeper-system". The
asterisk is required for wildcard matching.'
pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$
type: string
type: array
scope:
Expand Down Expand Up @@ -432,7 +432,7 @@ spec:
end. Ex: "kube-*" will match "kube-system" or "kube-public",
"*-system" will match "kube-system" or "gatekeeper-system". The
asterisk is required for wildcard matching.'
pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$
type: string
type: array
kinds:
Expand Down Expand Up @@ -511,7 +511,7 @@ spec:
a prefix or suffix glob. For example, `name: pod-*` would match
both `pod-a` and `pod-b`, and `name: *-pod` would match both
`a-pod` and `b-pod`.'
pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$
type: string
namespaceSelector:
description: NamespaceSelector is a label selector against an
Expand Down Expand Up @@ -570,7 +570,7 @@ spec:
end. Ex: "kube-*" will match "kube-system" or "kube-public",
"*-system" will match "kube-system" or "gatekeeper-system". The
asterisk is required for wildcard matching.'
pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$
type: string
type: array
scope:
Expand Down Expand Up @@ -779,7 +779,7 @@ spec:
end. Ex: "kube-*" will match "kube-system" or "kube-public",
"*-system" will match "kube-system" or "gatekeeper-system". The
asterisk is required for wildcard matching.'
pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$
type: string
type: array
kinds:
Expand Down Expand Up @@ -858,7 +858,7 @@ spec:
a prefix or suffix glob. For example, `name: pod-*` would match
both `pod-a` and `pod-b`, and `name: *-pod` would match both
`a-pod` and `b-pod`.'
pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$
type: string
namespaceSelector:
description: NamespaceSelector is a label selector against an
Expand Down Expand Up @@ -917,7 +917,7 @@ spec:
end. Ex: "kube-*" will match "kube-system" or "kube-public",
"*-system" will match "kube-system" or "gatekeeper-system". The
asterisk is required for wildcard matching.'
pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$
type: string
type: array
scope:
Expand Down
Loading

0 comments on commit 47e04fc

Please sign in to comment.