-
Notifications
You must be signed in to change notification settings - Fork 743
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
V1 constrainttemplate docs #1492
V1 constrainttemplate docs #1492
Conversation
Fixes open-policy-agent#1476 Signed-off-by: juliankatz <juliankatz@google.com>
… v1-constrainttemplate-docs Signed-off-by: juliankatz <juliankatz@google.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking good! Minor editorial feedback
website/docs/constrainttemplates.md
Outdated
|
||
## `v1` Constraint Template | ||
|
||
In release version (some version goes here), Gatekeeper included the `v1` version of `ConstraintTemplate`. Unlike past versions of `ConstraintTemplate`, `v1` requires the Constraint schema section to be [structural](https://kubernetes.io/blog/2019/06/20/crd-structural-schema/). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(some version goes here)
-> definitely put the version here before submitting :p
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also, let's lead with some of the benefits of structural schemas:
- We're aligning with the direction K8s is headed in
- It makes the expectation of what parameters are provided more explicit
- It helps detect errors like a typo in the parameters, which could lead to underenforcement.
It's okay to just mention the benefits here and elaborate later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should be 3.6.0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I forgot to add some of the things max suggested here. Will do now
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
added
# Note that "labels" is now an array item, rather than an object | ||
- labels: ["gatekeeper"] | ||
EOF | ||
The K8sRequiredLabels "ns-must-have-gk" is invalid: spec.parameters: Invalid value: "array": spec.parameters in body must be of type object: "array" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 on the example
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks!
… v1-constrainttemplate-docs Signed-off-by: juliankatz <juliankatz@google.com>
Signed-off-by: juliankatz <juliankatz@google.com>
… v1-constrainttemplate-docs Signed-off-by: juliankatz <juliankatz@google.com>
Signed-off-by: juliankatz <juliankatz@google.com>
Signed-off-by: juliankatz <juliankatz@google.com>
Signed-off-by: juliankatz <juliankatz@google.com>
@maxsmythe @ritazh This is ready for re-review. Thanks! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
… v1-constrainttemplate-docs Signed-off-by: juliankatz <juliankatz@google.com>
Signed-off-by: juliankatz <juliankatz@google.com>
…tekeeper into v1-constrainttemplate-docs Signed-off-by: juliankatz <juliankatz@google.com>
Signed-off-by: juliankatz <juliankatz@google.com>
… v1-constrainttemplate-docs Signed-off-by: juliankatz <juliankatz@google.com>
Add docs page about v1 Constraint Templates
Fixes #1476
Signed-off-by: juliankatz juliankatz@google.com