Skip to content

Commit

Permalink
Merge branch 'master' into mutationfor
Browse files Browse the repository at this point in the history
  • Loading branch information
@ritazh
ritazh committed Nov 18, 2020
2 parents d98f7af + 3444c16 commit b3af09f
Show file tree
Hide file tree
Showing 62 changed files with 1,861 additions and 395 deletions.
5 changes: 3 additions & 2 deletions .github/workflows/workflow.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -168,7 +168,7 @@ jobs:
- name: Get tag
id: get_version
run: |
echo ::set-env name=TAG::${GITHUB_REF#refs/tags/}
echo "TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
echo $TAG
- name: Publish release
Expand Down Expand Up @@ -199,7 +199,8 @@ jobs:
make e2e-verify-release IMG=${{ env.IMAGE_REPO }}:${TAG} USE_LOCAL_IMG=false
- name: Create GitHub release
uses: "marvinpinto/action-automatic-releases@v1.1.0"
# using latest to fix set-env deprecation
uses: "marvinpinto/action-automatic-releases@latest"
with:
repo_token: "${{ secrets.GITHUB_TOKEN }}"
prerelease: false
Expand Down
21 changes: 9 additions & 12 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,7 @@ deploy: patch-image manifests
kustomize build config/overlays/dev | kubectl apply -f -

# Generate manifests e.g. CRD, RBAC etc.
manifests: controller-gen
manifests: __controller-gen
$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./apis/..." paths="./pkg/..." output:crd:artifacts:config=config/crd/bases
rm -rf manifest_staging
mkdir -p manifest_staging/deploy
Expand All @@ -160,7 +160,7 @@ lint:
golangci-lint -v run ./... --timeout 5m

# Generate code
generate: controller-gen target-template-source
generate: __controller-gen target-template-source
$(CONTROLLER_GEN) object:headerFile=./hack/boilerplate.go.txt paths="./apis/..." paths="./pkg/..."

# Docker Login
Expand Down Expand Up @@ -256,16 +256,13 @@ promote-staging-manifest:
uninstall:
kustomize build config/overlays/dev | kubectl delete -f -

# find or download controller-gen
# download controller-gen if necessary
controller-gen:
ifeq (, $(shell which controller-gen))
GO111MODULE=on go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.3.0
go mod tidy
CONTROLLER_GEN=$(GOBIN)/controller-gen
else
CONTROLLER_GEN=$(shell which controller-gen)
endif
__controller-gen: __tooling-image
CONTROLLER_GEN=docker run -v $(shell pwd):/gatekeeper gatekeeper-tooling controller-gen

__tooling-image:
docker build . \
-t gatekeeper-tooling \
-f build/tooling/Dockerfile

.PHONY: vendor
vendor:
Expand Down
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ Currently the most reliable way of installing Gatekeeper is to build and install
* Build and push your Docker image:
```sh
make docker-buildx REPOSITORY="$DESTINATION_GATEKEEPER_DOCKER_IMAGE"
make docker-push-release REPOSITORY="$DESTINATION_GATEKEEPER_DOCKER_IMAGE"
make docker-push REPOSITORY="$DESTINATION_GATEKEEPER_DOCKER_IMAGE"
```
* Finally, deploy:
```sh
Expand Down
9 changes: 9 additions & 0 deletions build/tooling/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
FROM golang:1.15-alpine

# Alpine lacks CGO libraries needed by `controller-gen`
RUN apk add --no-cache build-base

RUN GO111MODULE=on go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.3.0

RUN mkdir /gatekeeper
WORKDIR /gatekeeper
4 changes: 3 additions & 1 deletion cmd/build/helmify/replacements.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,9 @@ var replacements = map[string]string{
affinity:
{{ toYaml .Values.affinity | indent 8 }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}`,
{{ toYaml .Values.tolerations | indent 8 }}
imagePullSecrets:
{{ toYaml .Values.image.pullSecrets | indent 8 }}`,

"HELMSUBST_DEPLOYMENT_REPLICAS": `{{ .Values.replicas }}`,

Expand Down
3 changes: 2 additions & 1 deletion cmd/build/helmify/static/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,8 @@
| logLevel | Minimum log level | `INFO` |
| image.pullPolicy | The image pull policy | `IfNotPresent` |
| image.repository | Image repository | `openpolicyagent/gatekeeper` |
| image.release | The image release tag to use | Current release version: `v3.3.0-beta.1` |
| image.release | The image release tag to use | Current release version: `v3.3.0-beta.1` |
| image.pullSecrets | Specify an array of imagePullSecrets | `[]` |
| resources | The resource request/limits for the container image | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi |
| nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` |
| affinity | The node affinity to use for pod scheduling | `{}` |
Expand Down
1 change: 1 addition & 0 deletions cmd/build/helmify/static/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ image:
repository: openpolicyagent/gatekeeper
release: v3.3.0-beta.1
pullPolicy: IfNotPresent
pullSecrets: []
nodeSelector: { kubernetes.io/os: linux }
affinity: {}
tolerations: []
Expand Down
17 changes: 12 additions & 5 deletions config/crd/bases/config.gatekeeper.sh_configs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,14 @@ spec:
description: Config is the Schema for the configs API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
Expand Down Expand Up @@ -54,7 +58,8 @@ spec:
description: Configuration for syncing k8s objects
properties:
syncOnly:
description: If non-empty, only entries on this list will be replicated into OPA
description: If non-empty, only entries on this list will be replicated
into OPA
items:
properties:
group:
Expand All @@ -70,11 +75,13 @@ spec:
description: Configuration for validation
properties:
traces:
description: List of requests to trace. Both "user" and "kinds" must be specified
description: List of requests to trace. Both "user" and "kinds"
must be specified
items:
properties:
dump:
description: Also dump the state of OPA with the trace. Set to `All` to dump everything.
description: Also dump the state of OPA with the trace. Set
to `All` to dump everything.
type: string
kind:
description: Only trace requests of the following GroupVersionKind
Expand Down
Loading

0 comments on commit b3af09f

Please sign in to comment.