Change Constraint Template CRD to apiextensions.k8s.io/v1 #114
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov Report
@@ Coverage Diff @@
## master #114 +/- ##
=======================================
Coverage 43.89% 43.89%
=======================================
Files 27 27
Lines 2383 2383
=======================================
Hits 1046 1046
Misses 1017 1017
Partials 320 320
Flags with carried forward coverage won't be shown. Click here to find out more. Continue to review full report at Codecov.
|
|
I don't think this entirely fixes open-policy-agent/gatekeeper#550 until the rest of the work has been done? Definitely change the wording in the description so GitHub doesn't try to autoclose that issue. |
maxsmythe
requested changes
May 5, 2021
julianKatz
force-pushed
the
switch-deploy-folder-to-v1-crd
branch
from
dcddaff
to
d50a5ea
Compare
v1beta1 CRDs will not be supported in upcoming k8s versions, so all our CRDs will have to be v1. This makes our toolchain output a v1 CRD for the Constraint Template kind. Contributes to open-policy-agent/gatekeeper#550 Signed-off-by: juliankatz <juliankatz@google.com>
julianKatz
force-pushed
the
switch-deploy-folder-to-v1-crd
branch
from
d50a5ea
to
6370717
Compare
ritazh
approved these changes
May 10, 2021
shomron
approved these changes
May 11, 2021
julianKatz
added a commit
to julianKatz/frameworks
that referenced
this pull request
May 12, 2021
This fixes the unit tests, which are currently broken. Somehow, I was able to merge my previous PR (open-policy-agent#114) with these tests broken. They passed in the GitHub actions, but are failing for me when I run them locally (without the change in this PR). I'm not sure how that happened. I tried upgrading all the way to controller-runtime 3.0.0, but the developers of that seem to have changed the way the package is delivered. Now, only the binary seems to available for download, instead of a folder full of binaries. Notably, this leaves out the binaries for the API server components (etcd, for example) that are used during unit test runs. Contributes to open-policy-agent/gatekeeper#550 Signed-off-by: juliankatz <juliankatz@google.com>
julianKatz
added a commit
that referenced
this pull request
May 12, 2021
This fixes the unit tests, which are currently broken. Somehow, I was able to merge my previous PR (#114) with these tests broken. They passed in the GitHub actions, but are failing for me when I run them locally (without the change in this PR). I'm not sure how that happened. I tried upgrading all the way to controller-runtime 3.0.0, but the developers of that seem to have changed the way the package is delivered. Now, only the binary seems to available for download, instead of a folder full of binaries. Notably, this leaves out the binaries for the API server components (etcd, for example) that are used during unit test runs. Contributes to open-policy-agent/gatekeeper#550 Signed-off-by: juliankatz <juliankatz@google.com>
julianKatz
added a commit
to julianKatz/gatekeeper
that referenced
this pull request
May 17, 2021
This PR changes the flags passed to controller-gen to generate v1 CRDs for the CRDs defined in this repository. It also includes changes from open-policy-agent/frameworks#114, which update the ConstraintTemplate CRD to v1. Contributes to open-policy-agent#550 Signed-off-by: juliankatz <juliankatz@google.com>
julianKatz
added a commit
to julianKatz/gatekeeper
that referenced
this pull request
May 18, 2021
Kubernetes v1 CRDs require structural schemas. This means that, where possible, JSONSchemas should identify the type of a field. Fields without this type information will require the key: value pair of x-kubernetes-unknown-fields: true to be set. This signals the API server to save the content found in that field to etcd without validation. This PR adds the remaining type information to the MatchSchema() function, rendering its output structural. This func's output is what populates the `match` section of the CRD for a Constraint kind. It also imports Constraint Framework, including the updates made in open-policy-agent/frameworks#114. This change transforms the schema information provided by users in a v1beta1 ConstraintTemplate to be structural. Contributes to open-policy-agent#550 Signed-off-by: juliankatz <juliankatz@google.com>
julianKatz
added a commit
to julianKatz/gatekeeper
that referenced
this pull request
May 18, 2021
Kubernetes v1 CRDs require structural schemas. This means that, where possible, JSONSchemas should identify the type of a field. Fields without this type information will require the key: value pair of x-kubernetes-unknown-fields: true to be set. This signals the API server to save the content found in that field to etcd without validation. This PR adds the remaining type information to the MatchSchema() function, rendering its output structural. This func's output is what populates the `match` section of the CRD for a Constraint kind. It also imports Constraint Framework, including the updates made in open-policy-agent/frameworks#114. This change transforms the schema information provided by users in a v1beta1 ConstraintTemplate to be structural. Contributes to open-policy-agent#550 Signed-off-by: juliankatz <juliankatz@google.com>
julianKatz
added a commit
to julianKatz/gatekeeper
that referenced
this pull request
May 18, 2021
This PR changes the flags passed to controller-gen to generate v1 CRDs for the CRDs defined in this repository. It also includes changes from open-policy-agent/frameworks#114, which update the ConstraintTemplate CRD to v1, and open-policy-agent/frameworks#117, which allowed Gatekeeper to add the Operations field to byPodStatus, which isn't built in to the byPodStatus golang struct. Contributes to open-policy-agent#550 Signed-off-by: juliankatz <juliankatz@google.com>
julianKatz
added a commit
to julianKatz/gatekeeper
that referenced
this pull request
May 18, 2021
Kubernetes v1 CRDs require structural schemas. This means that, where possible, JSONSchemas should identify the type of a field. Fields without this type information will require the key: value pair of x-kubernetes-unknown-fields: true to be set. This signals the API server to save the content found in that field to etcd without validation. This PR adds the remaining type information to the MatchSchema() function, rendering its output structural. This func's output is what populates the `match` section of the CRD for a Constraint kind. It also imports Constraint Framework, including the updates made in open-policy-agent/frameworks#114. This change transforms the schema information provided by users in a v1beta1 ConstraintTemplate to be structural. Contributes to open-policy-agent#550 Signed-off-by: juliankatz <juliankatz@google.com>
julianKatz
added a commit
to julianKatz/gatekeeper
that referenced
this pull request
May 18, 2021
This PR changes the flags passed to controller-gen to generate v1 CRDs for the CRDs defined in this repository. It also includes changes from open-policy-agent/frameworks#114, which update the ConstraintTemplate CRD to v1, and open-policy-agent/frameworks#117, which allowed Gatekeeper to add the Operations field to byPodStatus, which isn't built in to the byPodStatus golang struct. Contributes to open-policy-agent#550 Signed-off-by: juliankatz <juliankatz@google.com>
julianKatz
added a commit
to julianKatz/gatekeeper
that referenced
this pull request
May 18, 2021
This PR changes the flags passed to controller-gen to generate v1 CRDs for the CRDs defined in this repository. It also includes changes from open-policy-agent/frameworks#114, which update the ConstraintTemplate CRD to v1, and open-policy-agent/frameworks#117, which allowed Gatekeeper to add the Operations field to byPodStatus, which isn't built in to the byPodStatus golang struct. Contributes to open-policy-agent#550 Signed-off-by: juliankatz <juliankatz@google.com>
julianKatz
added a commit
to julianKatz/gatekeeper
that referenced
this pull request
May 18, 2021
Kubernetes v1 CRDs require structural schemas. This means that, where possible, JSONSchemas should identify the type of a field. Fields without this type information will require the key: value pair of x-kubernetes-unknown-fields: true to be set. This signals the API server to save the content found in that field to etcd without validation. This PR adds the remaining type information to the MatchSchema() function, rendering its output structural. This func's output is what populates the `match` section of the CRD for a Constraint kind. It also imports Constraint Framework, including the updates made in open-policy-agent/frameworks#114. This change transforms the schema information provided by users in a v1beta1 ConstraintTemplate to be structural. Contributes to open-policy-agent#550 Signed-off-by: juliankatz <juliankatz@google.com>
julianKatz
added a commit
to julianKatz/gatekeeper
that referenced
this pull request
May 18, 2021
Kubernetes v1 CRDs require structural schemas. This means that, where possible, JSONSchemas should identify the type of a field. Fields without this type information will require the key: value pair of x-kubernetes-unknown-fields: true to be set. This signals the API server to save the content found in that field to etcd without validation. This PR adds the remaining type information to the MatchSchema() function, rendering its output structural. This func's output is what populates the `match` section of the CRD for a Constraint kind. It also imports Constraint Framework, including the updates made in open-policy-agent/frameworks#114. This change transforms the schema information provided by users in a v1beta1 ConstraintTemplate to be structural. Contributes to open-policy-agent#550 Signed-off-by: juliankatz <juliankatz@google.com>
julianKatz
added a commit
to julianKatz/gatekeeper
that referenced
this pull request
May 18, 2021
Kubernetes v1 CRDs require structural schemas. This means that, where possible, JSONSchemas should identify the type of a field. Fields without this type information will require the key: value pair of x-kubernetes-unknown-fields: true to be set. This signals the API server to save the content found in that field to etcd without validation. This PR adds the remaining type information to the MatchSchema() function, rendering its output structural. This func's output is what populates the `match` section of the CRD for a Constraint kind. It also imports Constraint Framework, including the updates made in open-policy-agent/frameworks#114. This change transforms the schema information provided by users in a v1beta1 ConstraintTemplate to be structural. Contributes to open-policy-agent#550 Signed-off-by: juliankatz <juliankatz@google.com>
julianKatz
added a commit
to julianKatz/gatekeeper
that referenced
this pull request
May 19, 2021
Kubernetes v1 CRDs require structural schemas. This means that, where possible, JSONSchemas should identify the type of a field. Fields without this type information will require the key: value pair of x-kubernetes-unknown-fields: true to be set. This signals the API server to save the content found in that field to etcd without validation. This PR adds the remaining type information to the MatchSchema() function, rendering its output structural. This func's output is what populates the `match` section of the CRD for a Constraint kind. It also imports Constraint Framework, including the updates made in open-policy-agent/frameworks#114. This change transforms the schema information provided by users in a v1beta1 ConstraintTemplate to be structural. Contributes to open-policy-agent#550 Signed-off-by: juliankatz <juliankatz@google.com>
julianKatz
added a commit
to julianKatz/gatekeeper
that referenced
this pull request
May 19, 2021
Kubernetes v1 CRDs require structural schemas. This means that, where possible, JSONSchemas should identify the type of a field. Fields without this type information will require the key: value pair of x-kubernetes-unknown-fields: true to be set. This signals the API server to save the content found in that field to etcd without validation. This PR adds the remaining type information to the MatchSchema() function, rendering its output structural. This func's output is what populates the `match` section of the CRD for a Constraint kind. It also imports Constraint Framework, including the updates made in open-policy-agent/frameworks#114. This change transforms the schema information provided by users in a v1beta1 ConstraintTemplate to be structural. Contributes to open-policy-agent#550 Signed-off-by: juliankatz <juliankatz@google.com>
julianKatz
added a commit
to julianKatz/gatekeeper
that referenced
this pull request
May 19, 2021
Kubernetes v1 CRDs require structural schemas. This means that, where possible, JSONSchemas should identify the type of a field. Fields without this type information will require the key: value pair of x-kubernetes-unknown-fields: true to be set. This signals the API server to save the content found in that field to etcd without validation. This PR adds the remaining type information to the MatchSchema() function, rendering its output structural. This func's output is what populates the `match` section of the CRD for a Constraint kind. It also imports Constraint Framework, including the updates made in open-policy-agent/frameworks#114. This change transforms the schema information provided by users in a v1beta1 ConstraintTemplate to be structural. Contributes to open-policy-agent#550 Signed-off-by: juliankatz <juliankatz@google.com>
julianKatz
added a commit
to julianKatz/gatekeeper
that referenced
this pull request
May 20, 2021
Kubernetes v1 CRDs require structural schemas. This means that, where possible, JSONSchemas should identify the type of a field. Fields without this type information will require the key: value pair of x-kubernetes-unknown-fields: true to be set. This signals the API server to save the content found in that field to etcd without validation. This PR adds the remaining type information to the MatchSchema() function, rendering its output structural. This func's output is what populates the `match` section of the CRD for a Constraint kind. It also imports Constraint Framework, including the updates made in open-policy-agent/frameworks#114. This change transforms the schema information provided by users in a v1beta1 ConstraintTemplate to be structural. Contributes to open-policy-agent#550 Signed-off-by: juliankatz <juliankatz@google.com>
julianKatz
added a commit
to open-policy-agent/gatekeeper
that referenced
this pull request
May 20, 2021
Kubernetes v1 CRDs require structural schemas. This means that, where possible, JSONSchemas should identify the type of a field. Fields without this type information will require the key: value pair of x-kubernetes-unknown-fields: true to be set. This signals the API server to save the content found in that field to etcd without validation. This PR adds the remaining type information to the MatchSchema() function, rendering its output structural. This func's output is what populates the `match` section of the CRD for a Constraint kind. It also imports Constraint Framework, including the updates made in open-policy-agent/frameworks#114. This change transforms the schema information provided by users in a v1beta1 ConstraintTemplate to be structural. Contributes to #550 Signed-off-by: juliankatz <juliankatz@google.com>
julianKatz
added a commit
to julianKatz/gatekeeper
that referenced
this pull request
May 20, 2021
This PR changes the flags passed to controller-gen to generate v1 CRDs for the CRDs defined in this repository. It also includes changes from open-policy-agent/frameworks#114, which update the ConstraintTemplate CRD to v1, and open-policy-agent/frameworks#117, which allowed Gatekeeper to add the Operations field to byPodStatus, which isn't built in to the byPodStatus golang struct. Contributes to open-policy-agent#550 Signed-off-by: juliankatz <juliankatz@google.com>
julianKatz
added a commit
to open-policy-agent/gatekeeper
that referenced
this pull request
May 20, 2021
This PR changes the flags passed to controller-gen to generate v1 CRDs for the CRDs defined in this repository. It also includes changes from open-policy-agent/frameworks#114, which update the ConstraintTemplate CRD to v1, and open-policy-agent/frameworks#117, which allowed Gatekeeper to add the Operations field to byPodStatus, which isn't built in to the byPodStatus golang struct. Contributes to #550 Signed-off-by: juliankatz <juliankatz@google.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
v1beta1 CRDs will not be supported in upcoming k8s versions, so all our
CRDs will have to be v1. This makes our toolchain output a v1 CRD for
the Constraint Template kind.
Contributes to open-policy-agent/gatekeeper#550
Signed-off-by: juliankatz juliankatz@google.com