From 9fff28f5f9c59252c06eb7c7ac017e54a86a659f Mon Sep 17 00:00:00 2001 From: David Lee Date: Tue, 30 Jul 2024 13:11:16 -0700 Subject: [PATCH] fix: Remove crashOnFailureFetchingExpectations flag (#3453) Signed-off-by: David-Jaeyoon-Lee Co-authored-by: Rita Zhang --- pkg/readiness/ready_tracker.go | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/pkg/readiness/ready_tracker.go b/pkg/readiness/ready_tracker.go index 4c806b888f9..36a1ce7958c 100644 --- a/pkg/readiness/ready_tracker.go +++ b/pkg/readiness/ready_tracker.go @@ -17,7 +17,6 @@ package readiness import ( "context" - "flag" "fmt" "net/http" "sync" @@ -46,7 +45,9 @@ import ( var log = logf.Log.WithName("readiness-tracker") -var crashOnFailureFetchingExpectations = flag.Bool("crash-on-failure-fetching-expectations", false, "Unless set (defaults to false), gatekeeper will ignore errors that occur when gathering expectations. This prevents bootstrapping errors from crashing Gatekeeper at the cost of increasing the risk Gatekeeper will under-enforce policy by serving before it has loaded in all policies. Enabling this will help prevent under-enforcement at the risk of crashing during startup for issues like network errors. Note that enabling this flag currently does not achieve the aforementioned effect since fetching expectations are set to retry until success so failures during fetching expectations currently do not occur.") +// TODO: Uncomment the flag and deleted the boolean constant when we support retry limits (currently the value of the flag is moot without a retry limit since failure won't happen due to unlimited retries) +// var crashOnFailureFetchingExpectations = flag.Bool("crash-on-failure-fetching-expectations", false, "Unless set (defaults to false), gatekeeper will ignore errors when gathering expectations. This prevents bootstrapping errors from crashing Gatekeeper at the cost of increasing the risk Gatekeeper will under-enforce policy. Enabling this will help prevent under-enforcement at the risk of crashing during startup. Note that enabling this flag currently does not achieve the aforementioned effect since fetching expectations will retry until success.") +const crashOnFailureFetchingExpectations = false const ( constraintGroup = "constraints.gatekeeper.sh" @@ -90,7 +91,8 @@ type Tracker struct { // NewTracker creates a new Tracker and initializes the internal trackers. func NewTracker(lister Lister, mutationEnabled, externalDataEnabled, expansionEnabled bool) *Tracker { - return newTracker(lister, mutationEnabled, externalDataEnabled, expansionEnabled, *crashOnFailureFetchingExpectations, nil, nil) + // TODO: Dereference crashOnFailureFetchingExpectations when we change crashOnFailureFetchingExpectations to a flag + return newTracker(lister, mutationEnabled, externalDataEnabled, expansionEnabled, crashOnFailureFetchingExpectations, nil, nil) } func newTracker(lister Lister, mutationEnabled, externalDataEnabled, expansionEnabled bool, crashOnFailure bool, trackListerPredicateOverride retryPredicate, fn objDataFactory) *Tracker {