Preserve unknown fields in ByPodStatus #117
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
julianKatz
force-pushed
the
byPodStatus-operations-unknown-fields
branch
from
e7c79b6
to
3be88ce
Compare
A Gatekeeper e2e test is currently failing in open-policy-agent/gatekeeper#1286 due to the use of the `operations` field. This field is added by Gatekeeper, under a ConstraintTemplate's `byPodsStatus`. This field relied on the v1beta1 CRD behavior, where unknown fields are preserved by default. As this field fundamentally has to do with gatekeeper, it's better not to define it in the Constraint Framework. Other CF consumers have no need for the Operations field. Even better, we may eventually define ConstraintTemplateSpec in Constraint Framework consumers, rather than in the library itself. For now, adding `x-kubernetes-preserve-unknown-fields: true` to ByPodStatus will solve our problem and maintain the existing behavior. Contributes to open-policy-agent/gatekeeper#550 Signed-off-by: juliankatz <juliankatz@google.com>
julianKatz
force-pushed
the
byPodStatus-operations-unknown-fields
branch
from
3be88ce
to
02fe192
Compare
sozercan
approved these changes
May 18, 2021
|
👍🏻 |
julianKatz
added a commit
to julianKatz/gatekeeper
that referenced
this pull request
May 18, 2021
This PR changes the flags passed to controller-gen to generate v1 CRDs for the CRDs defined in this repository. It also includes changes from open-policy-agent/frameworks#114, which update the ConstraintTemplate CRD to v1, and open-policy-agent/frameworks#117, which allowed Gatekeeper to add the Operations field to byPodStatus, which isn't built in to the byPodStatus golang struct. Contributes to open-policy-agent#550 Signed-off-by: juliankatz <juliankatz@google.com>
julianKatz
added a commit
to julianKatz/frameworks
that referenced
this pull request
May 18, 2021
The previous PR (open-policy-agent#117) put the `x-kubernetes-preserve-unknown-fields: true` key/value pair one level too deep. This moves it alongside `byPodStatus`' `properties`. Contributes to open-policy-agent/gatekeeper#550 Signed-off-by: juliankatz <juliankatz@google.com>
julianKatz
added a commit
to julianKatz/frameworks
that referenced
this pull request
May 18, 2021
The previous PR (open-policy-agent#117) put the `x-kubernetes-preserve-unknown-fields: true` key/value pair one level too deep. This moves it alongside `byPodStatus`' `properties`. Contributes to open-policy-agent/gatekeeper#550 Signed-off-by: juliankatz <juliankatz@google.com>
julianKatz
added a commit
to julianKatz/frameworks
that referenced
this pull request
May 18, 2021
The previous PR (open-policy-agent#117) put the `x-kubernetes-preserve-unknown-fields: true` key/value pair one level too deep. This moves it alongside `byPodStatus`' `properties`. Contributes to open-policy-agent/gatekeeper#550 Signed-off-by: juliankatz <juliankatz@google.com>
julianKatz
added a commit
to julianKatz/gatekeeper
that referenced
this pull request
May 18, 2021
This PR changes the flags passed to controller-gen to generate v1 CRDs for the CRDs defined in this repository. It also includes changes from open-policy-agent/frameworks#114, which update the ConstraintTemplate CRD to v1, and open-policy-agent/frameworks#117, which allowed Gatekeeper to add the Operations field to byPodStatus, which isn't built in to the byPodStatus golang struct. Contributes to open-policy-agent#550 Signed-off-by: juliankatz <juliankatz@google.com>
julianKatz
added a commit
to julianKatz/gatekeeper
that referenced
this pull request
May 18, 2021
This PR changes the flags passed to controller-gen to generate v1 CRDs for the CRDs defined in this repository. It also includes changes from open-policy-agent/frameworks#114, which update the ConstraintTemplate CRD to v1, and open-policy-agent/frameworks#117, which allowed Gatekeeper to add the Operations field to byPodStatus, which isn't built in to the byPodStatus golang struct. Contributes to open-policy-agent#550 Signed-off-by: juliankatz <juliankatz@google.com>
julianKatz
added a commit
to julianKatz/gatekeeper
that referenced
this pull request
May 20, 2021
This PR changes the flags passed to controller-gen to generate v1 CRDs for the CRDs defined in this repository. It also includes changes from open-policy-agent/frameworks#114, which update the ConstraintTemplate CRD to v1, and open-policy-agent/frameworks#117, which allowed Gatekeeper to add the Operations field to byPodStatus, which isn't built in to the byPodStatus golang struct. Contributes to open-policy-agent#550 Signed-off-by: juliankatz <juliankatz@google.com>
julianKatz
added a commit
to open-policy-agent/gatekeeper
that referenced
this pull request
May 20, 2021
This PR changes the flags passed to controller-gen to generate v1 CRDs for the CRDs defined in this repository. It also includes changes from open-policy-agent/frameworks#114, which update the ConstraintTemplate CRD to v1, and open-policy-agent/frameworks#117, which allowed Gatekeeper to add the Operations field to byPodStatus, which isn't built in to the byPodStatus golang struct. Contributes to #550 Signed-off-by: juliankatz <juliankatz@google.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
A Gatekeeper e2e test is currently failing in
open-policy-agent/gatekeeper#1286 due to the use of the
operationsfield. This field is added by Gatekeeper, under a ConstraintTemplate's
byPodsStatus. This field relied on the v1beta1 CRD behavior, whereunknown fields are preserved by default.
As this field fundamentally has to do with gatekeeper, it's better not
to define it in the Constraint Framework. Other CF consumers have no
need for the Operations field.
Even better, we may eventually define ConstraintTemplateSpec in
Constraint Framework consumers, rather than in the library itself.
For now, adding
x-kubernetes-preserve-unknown-fields: truetoByPodStatus will solve our problem and maintain the existing behavior.
Contributes to open-policy-agent/gatekeeper#550
Signed-off-by: juliankatz juliankatz@google.com