Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add support for CONNECT operations #3459

Merged
merged 13 commits into from
Jul 31, 2024
Merged

feat: add support for CONNECT operations #3459

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
3672db3
feat: add support for CONNECT operations
thomaschaplin Jul 24, 2024
8ce3a9c
chore: run make manifests
thomaschaplin Jul 24, 2024
bae7732
update readmes
thomaschaplin Jul 24, 2024
bec3ab0
revert /charts changes
thomaschaplin Jul 24, 2024
bfbae37
revert /charts changes
thomaschaplin Jul 24, 2024
c3578b6
revert /charts changes
thomaschaplin Jul 24, 2024
944967a
Merge branch 'master' into master
thomaschaplin Jul 24, 2024
24727a9
Merge branch 'master' into master
thomaschaplin Jul 25, 2024
f9ef412
Update cmd/build/helmify/static/README.md
thomaschaplin Jul 26, 2024
a220204
typo
thomaschaplin Jul 26, 2024
b1d1cb8
Merge branch 'master' into master
ritazh Jul 31, 2024
0513434
Merge branch 'master' into master
thomaschaplin Jul 31, 2024
bc57c03
Merge branch 'master' into master
JaydipGabani Jul 31, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions charts/gatekeeper/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,7 @@ information._
| validatingWebhookCustomRules | Custom rules for selecting which API resources trigger the webhook. Mutually exclusive with `enableDeleteOperations`. NOTE: If you change this, ensure all your constraints are still being enforced. | `{}` |
| validatingWebhookURL | Custom URL for Kubernetes API server to use to reach the validating webhook pod. If not set, the default of connecting via the kubernetes service endpoint is used. | `null` |
| enableDeleteOperations | Enable validating webhook for delete operations. Does not work with `validatingWebhookCustomRules` | `false` |
| enableCreateOperations | Enable validating webhook for create operations. | `false` | |
| enableExternalData | Enable external data | `true` |
| enableGeneratorResourceExpansion | Enable generator resource expansion (beta feature) | `true` |
| enableTLSHealthcheck | Enable probing webhook API with certificate stored in certDir | `false` |
Expand Down
5 changes: 4 additions & 1 deletion ...templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ webhooks:
operator: NotIn
values:
- {{ .Release.Namespace }}

{{- range $key, $value := .Values.validatingWebhookExemptNamespacesLabels}}
- key: {{ $key }}
operator: NotIn
Expand All @@ -61,6 +61,9 @@ webhooks:
{{- if .Values.enableDeleteOperations }}
- DELETE
{{- end }}
{{- if .Values.enableConnectOperations }}
Copy link
Member

@sozercan sozercan Jul 24, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@thomaschaplin can you revert changes in /charts? /manifest_staging/charts is automatically promoted to /charts when we cut a release

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sozercan I've done that now, thanks for confirming - I wasn't sure as the docs wasn't clear to me if this was auto-generated or not.

- CONNECT
{{- end }}
resources:
- '*'
# Explicitly list all known subresources except "status" (to avoid destabilizing the cluster and increasing load on gatekeeper).
Expand Down
1 change: 1 addition & 0 deletions charts/gatekeeper/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ validatingWebhookCheckIgnoreFailurePolicy: Fail
validatingWebhookCustomRules: {}
validatingWebhookURL: null
enableDeleteOperations: false
enableConnectOperations: false
enableExternalData: true
enableGeneratorResourceExpansion: true
enableTLSHealthcheck: false
Expand Down
3 changes: 3 additions & 0 deletions cmd/build/helmify/replacements.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -212,6 +212,9 @@ var replacements = map[string]string{
{{- if .Values.enableDeleteOperations }}
- DELETE
{{- end }}
{{- if .Values.enableConnectOperations }}
- CONNECT
{{- end }}
resources:
- '*'
# Explicitly list all known subresources except "status" (to avoid destabilizing the cluster and increasing load on gatekeeper).
Expand Down
1 change: 1 addition & 0 deletions cmd/build/helmify/static/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,7 @@ information._
| validatingWebhookCustomRules | Custom rules for selecting which API resources trigger the webhook. Mutually exclusive with `enableDeleteOperations`. NOTE: If you change this, ensure all your constraints are still being enforced. | `{}` |
| validatingWebhookURL | Custom URL for Kubernetes API server to use to reach the validating webhook pod. If not set, the default of connecting via the kubernetes service endpoint is used. | `null` |
| enableDeleteOperations | Enable validating webhook for delete operations. Does not work with `validatingWebhookCustomRules` | `false` |
| enableCreateOperations | Enable validating webhook for create operations. | `false` |
thomaschaplin marked this conversation as resolved.
Show resolved Hide resolved
| enableExternalData | Enable external data | `true` |
| enableGeneratorResourceExpansion | Enable generator resource expansion (beta feature) | `true` |
| enableTLSHealthcheck | Enable probing webhook API with certificate stored in certDir | `false` |
Expand Down
1 change: 1 addition & 0 deletions cmd/build/helmify/static/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ validatingWebhookCheckIgnoreFailurePolicy: Fail
validatingWebhookCustomRules: {}
validatingWebhookURL: null
enableDeleteOperations: false
enableConnectOperations: false
enableExternalData: true
enableGeneratorResourceExpansion: true
enableTLSHealthcheck: false
Expand Down
1 change: 1 addition & 0 deletions manifest_staging/charts/gatekeeper/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,7 @@ information._
| validatingWebhookCustomRules | Custom rules for selecting which API resources trigger the webhook. Mutually exclusive with `enableDeleteOperations`. NOTE: If you change this, ensure all your constraints are still being enforced. | `{}` |
| validatingWebhookURL | Custom URL for Kubernetes API server to use to reach the validating webhook pod. If not set, the default of connecting via the kubernetes service endpoint is used. | `null` |
| enableDeleteOperations | Enable validating webhook for delete operations. Does not work with `validatingWebhookCustomRules` | `false` |
| enableCreateOperations | Enable validating webhook for create operations. | `false` |
| enableExternalData | Enable external data | `true` |
| enableGeneratorResourceExpansion | Enable generator resource expansion (beta feature) | `true` |
| enableTLSHealthcheck | Enable probing webhook API with certificate stored in certDir | `false` |
Expand Down
3 changes: 3 additions & 0 deletions ...templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,9 @@ webhooks:
{{- if .Values.enableDeleteOperations }}
- DELETE
{{- end }}
{{- if .Values.enableConnectOperations }}
- CONNECT
{{- end }}
resources:
- '*'
# Explicitly list all known subresources except "status" (to avoid destabilizing the cluster and increasing load on gatekeeper).
Expand Down
1 change: 1 addition & 0 deletions manifest_staging/charts/gatekeeper/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ validatingWebhookCheckIgnoreFailurePolicy: Fail
validatingWebhookCustomRules: {}
validatingWebhookURL: null
enableDeleteOperations: false
enableConnectOperations: false
enableExternalData: true
enableGeneratorResourceExpansion: true
enableTLSHealthcheck: false
Expand Down