-
Notifications
You must be signed in to change notification settings - Fork 743
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add PreserveUnknownFields: false to CRDs #1356
Add PreserveUnknownFields: false to CRDs #1356
Conversation
Codecov Report
@@ Coverage Diff @@
## master #1356 +/- ##
==========================================
+ Coverage 43.39% 49.53% +6.13%
==========================================
Files 47 68 +21
Lines 3173 4926 +1753
==========================================
+ Hits 1377 2440 +1063
- Misses 1599 2140 +541
- Partials 197 346 +149
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
@sozercan Should I add this patch to all the |
They're getting picked up. We can tell b/c they're showing up in the |
0811689
to
4150f0e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missing the mutation crd changes.
First commit, adds PreserveUnknownFields: false to the non-mutation CRDs. The kustomization pipeline is in a bit of a weird state given it being in alpha, so I'm not sure what else to add for that yet. Signed-off-by: juliankatz <juliankatz@google.com>
Signed-off-by: juliankatz <juliankatz@google.com>
The patching was in the wrong place. Per Rita's comment, I moved it from: config/overlays/mutation/kustomization.yaml to config/overlays/mutation_webhook/kustomization.yaml Now the CRDs are actually being kustomized. Signed-off-by: juliankatz <juliankatz@google.com>
First commit, adds PreserveUnknownFields: false to the non-mutation CRDs. The kustomization pipeline is in a bit of a weird state given it being in alpha, so I'm not sure what else to add for that yet. Signed-off-by: juliankatz <juliankatz@google.com>
06c7bed
to
a1dfc6b
Compare
Signed-off-by: juliankatz <juliankatz@google.com>
a1dfc6b
to
55b1477
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Signed-off-by: juliankatz <juliankatz@google.com>
c7a021b
to
8701dad
Compare
… PreserveUnknownFields-false Signed-off-by: juliankatz <juliankatz@google.com>
8701dad
to
2fef63f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
* Add PreserveUnknownFields: false to CRDs First commit, adds PreserveUnknownFields: false to the non-mutation CRDs. The kustomization pipeline is in a bit of a weird state given it being in alpha, so I'm not sure what else to add for that yet. Signed-off-by: juliankatz <juliankatz@google.com> * Preserve --> preserve Signed-off-by: juliankatz <juliankatz@google.com> * Fix mutation CRDs kustomization The patching was in the wrong place. Per Rita's comment, I moved it from: config/overlays/mutation/kustomization.yaml to config/overlays/mutation_webhook/kustomization.yaml Now the CRDs are actually being kustomized. Signed-off-by: juliankatz <juliankatz@google.com> * Add PreserveUnknownFields: false to CRDs First commit, adds PreserveUnknownFields: false to the non-mutation CRDs. The kustomization pipeline is in a bit of a weird state given it being in alpha, so I'm not sure what else to add for that yet. Signed-off-by: juliankatz <juliankatz@google.com> * Preserve --> preserve Signed-off-by: juliankatz <juliankatz@google.com> * Add load_restrictor LoadRestrictionsNone in deploy-mutation Signed-off-by: juliankatz <juliankatz@google.com> Co-authored-by: Sertaç Özercan <852750+sozercan@users.noreply.github.com> Signed-off-by: juliankatz <juliankatz@google.com>
This fails Raised in slack https://openpolicyagent.slack.com/archives/CDTN970AX/p1634649152271500
|
This is due to a security control that It can be disabled in your command by adding Caveat: I tried this with the full URL style ❯ kustomize build 'https://github.com/open-policy-agent/gatekeeper/config/overlays/mutation_webhook/?ref=v3.6.0' -o blabla.txt --load_restrictor LoadRestrictionsNone
Error: trouble configuring builtin PatchTransformer with config: `
path: ../../crd/patches/preserve_unknown_fields_false.yaml
target:
group: apiextensions.k8s.io
kind: CustomResourceDefinition
version: v1
`: security; file '/tmp/kustomize-241102815/config/crd/patches/preserve_unknown_fields_false.yaml' is not in or below '/tmp/kustomize-241102815/config/overlays/mutation_webhook' But, when I try the same thing after checking out the ❯ git status
HEAD detached at v3.6.0
nothing to commit, working tree clean
❯ kustomize build config/overlays/mutation_webhook -o blabla.txt --load_restrictor LoadRestrictionsNone
❯ echo $?
0 I'm using an old version of kustomize:
So perhaps this behavior has been fixed. Does that unblock you? @thomasmckay |
As described in open-policy-agent/frameworks#124,
spec.PreserveUnknownFields changed default values from
true
tofalse
(respectively) in v1beta1 and v1 CRD versions. This yields acosmetic issue: a CRD that was previously written as a v1beta1 CRD
will retain
spec.PreserveUnknownFields: true
, even when re-appliedas a v1 CRD.
This does not cause any failures, and should not block the release. It
does cause a warning, and should be fixed.
Signed-off-by: juliankatz juliankatz@google.com