Skip to content

Commit

Permalink
Set sync setting in config automatically
Browse files Browse the repository at this point in the history
Signed-off-by: Yi Rae Kim <[email protected]>
  • Loading branch information
yiraeChristineKim committed Oct 7, 2023
1 parent eb4ad5a commit c774fb1
Show file tree
Hide file tree
Showing 28 changed files with 951 additions and 251 deletions.
42 changes: 41 additions & 1 deletion .github/workflows/ci_tests.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,47 @@ jobs:
kubectl -n mygatekeeper wait deployment/gatekeeper-operator-controller --for condition=Available --timeout=90s
kubectl -n mygatekeeper logs deployment/gatekeeper-operator-controller -c manager -f > operator.log &
make test-e2e NAMESPACE=mygatekeeper
kubectl delete --wait namespace mygatekeeper
- name: Debug
if: ${{ failure() }}
run: |
echo "::group::Operator Logs"
cat operator.log
echo "::endgroup::"
configsync-e2e-test:
name: Run configsync e2e tests
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0 # Fetch all history for all tags and branches

- uses: actions/setup-go@v3
with:
go-version-file: go.mod

- name: Download binaries
run: |
make download-binaries
- name: Create K8s KinD Cluster
run: |
kind version
make test-cluster
- name: Build and Push Test Container Image to KIND node
run: |
make docker-build IMG=localhost:5000/gatekeeper-operator:$GITHUB_SHA
kind load docker-image localhost:5000/gatekeeper-operator:$GITHUB_SHA
- name: E2E Tests
run: |
make deploy-ci NAMESPACE=mygatekeeper IMG=localhost:5000/gatekeeper-operator:$GITHUB_SHA
kubectl -n mygatekeeper wait deployment/gatekeeper-operator-controller --for condition=Available --timeout=90s
kubectl -n mygatekeeper logs deployment/gatekeeper-operator-controller -c manager -f > operator.log &
make test-e2e NAMESPACE=mygatekeeper LABEL_FILTER=configSync
- name: Debug
if: ${{ failure() }}
Expand Down
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,5 @@ testbin/*
!vendor/**/zz_generated.*

ci-tools/

.vscode/*
41 changes: 33 additions & 8 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ IMG ?= $(IMAGE_TAG_BASE):v$(VERSION)
# Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
CRD_OPTIONS ?= "crd:trivialVersions=true,preserveUnknownFields=false"
# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
ENVTEST_K8S_VERSION = 1.21
ENVTEST_K8S_VERSION = 1.28.0

# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
ifeq (,$(shell go env GOBIN))
Expand Down Expand Up @@ -107,12 +107,25 @@ CONTROLLER_GEN = $(LOCAL_BIN)/controller-gen
KUSTOMIZE = $(LOCAL_BIN)/kustomize
ENVTEST = $(LOCAL_BIN)/setup-envtest
GO_BINDATA = $(LOCAL_BIN)/go-bindata
GINKGO = $(LOCAL_BIN)/ginkgo
KUSTOMIZE_VERSION ?= v5.0.1
OPM_VERSION ?= v1.27.0
GO_BINDATA_VERSION ?= v3.1.2+incompatible
BATS_VERSION ?= 1.2.1
OLM_VERSION ?= v0.18.2
KUBERNETES_VERSION ?= v1.26.4
OLM_VERSION ?= v0.25.0
KUBERNETES_VERSION ?= v1.28.0

.PHONY: e2e-dependencies
e2e-dependencies:
$(call go-get-tool,github.com/onsi/ginkgo/v2/ginkgo@$(shell awk '/github.com\/onsi\/ginkgo\/v2/ {print $$2}' go.mod))

.PHONY: install-crds
install-crds:
## add config and constraintpodstatuses crds
@echo installing external crds
kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper/master/config/crd/bases/config.gatekeeper.sh_configs.yaml
kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper/master/config/crd/bases/status.gatekeeper.sh_constraintpodstatuses.yaml


.PHONY: manifests
manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
Expand All @@ -136,11 +149,12 @@ tidy: ## Run go mod tidy

.PHONY: test
test: manifests generate fmt vet envtest ## Run tests.
KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" GOFLAGS=$(GOFLAGS) go test ./... -coverprofile cover.out
KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" GOFLAGS=$(GOFLAGS) go test $(go list ./... | grep -v /test/) -coverprofile cover.out

LABEL_FILTER=gatekeeper-controller
.PHONY: test-e2e
test-e2e: generate fmt vet ## Run e2e tests, using the configured Kubernetes cluster in ~/.kube/config
GOFLAGS=$(GOFLAGS) USE_EXISTING_CLUSTER=true go test -v ./test/e2e -coverprofile cover.out -race -args -ginkgo.v -ginkgo.progress -ginkgo.trace -namespace $(NAMESPACE) -timeout 5m -delete-timeout 10m
test-e2e: e2e-dependencies generate fmt vet install-crds ## Run e2e tests, using the configured Kubernetes cluster in ~/.kube/config
GOFLAGS=$(GOFLAGS) USE_EXISTING_CLUSTER=true $(GINKGO) ./test/e2e --trace --label-filter=$(LABEL_FILTER) --fail-fast -- --namespace $(NAMESPACE) --timeout="5m" --delete-timeout="10m"

.PHONY: test-cluster
test-cluster: ## Create a local kind cluster with a registry for testing
Expand All @@ -158,6 +172,17 @@ download-binaries: kustomize go-bindata envtest controller-gen
curl -sSLO https://github.com/bats-core/bats-core/archive/v${BATS_VERSION}.tar.gz && tar -zxvf v${BATS_VERSION}.tar.gz && bash bats-core-${BATS_VERSION}/install.sh $(PWD)/ci-tools
rm -rf bats-core-${BATS_VERSION} v${BATS_VERSION}.tar.gz

DEV_IMG=localhost:5000/gatekeeper-operator:dev
.PHONY: kind-bootstrap-cluster
kind-bootstrap-cluster: test-cluster install-crds dev-build
kind load docker-image $(DEV_IMG)
$(MAKE) deploy-ci NAMESPACE=$(NAMESPACE) IMG=$(DEV_IMG)
kubectl -n $(NAMESPACE) wait deployment/gatekeeper-operator-controller --for condition=Available --timeout=90s

.PHONY: dev-build
dev-build: export DOCKER_DEFAULT_PLATFORM=linux/amd64
dev-build: ## Build docker image with the manager for Mac user
$(DOCKER) build --build-arg GOOS=linux --build-arg GOARCH=amd64 --build-arg LDFLAGS=${LDFLAGS} -t ${DEV_IMG} .
##@ Build

.PHONY: build
Expand Down Expand Up @@ -220,7 +245,7 @@ release: manifests kustomize
##@ Deployment

.PHONY: install
install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
install: manifests kustomize install-crds ## Install CRDs into the K8s cluster specified in ~/.kube/config.
$(KUSTOMIZE) build config/crd | kubectl apply -f -

.PHONY: uninstall
Expand Down Expand Up @@ -383,7 +408,7 @@ catalog-push: ## Push a catalog image.

# operator-sdk variables
# ======================
OPERATOR_SDK_VERSION ?= v1.28.1
OPERATOR_SDK_VERSION ?= v1.31.0
OPERATOR_SDK = $(LOCAL_BIN)/operator-sdk
OPERATOR_SDK_URL := https://github.com/operator-framework/operator-sdk/releases/download/$(OPERATOR_SDK_VERSION)/operator-sdk_$(GOOS)_$(GOARCH)

Expand Down
7 changes: 4 additions & 3 deletions api/v1alpha1/gatekeeper_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -140,12 +140,13 @@ const (
LogLevelError LogLevelMode = "ERROR"
)

// +kubebuilder:validation:Enum:=Enabled;Disabled
// +kubebuilder:validation:Enum:=Enabled;Disabled;Automatic
type AuditFromCacheMode string

const (
AuditFromCacheEnabled AuditFromCacheMode = "Enabled"
AuditFromCacheDisabled AuditFromCacheMode = "Disabled"
AuditFromCacheEnabled AuditFromCacheMode = "Enabled"
AuditFromCacheDisabled AuditFromCacheMode = "Disabled"
AuditFromCacheAutomatic AuditFromCacheMode = "Automatic"
)

// +kubebuilder:validation:Enum:=Enabled;Disabled
Expand Down
6 changes: 6 additions & 0 deletions api/v1alpha1/groupversion_info.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,4 +33,10 @@ var (

// AddToScheme adds the types in this group-version to the given scheme.
AddToScheme = SchemeBuilder.AddToScheme

GatekeeperGVR = schema.GroupVersionResource{
Group: GroupVersion.Group,
Version: GroupVersion.Version,
Resource: "gatekeeper",
}
)
2 changes: 1 addition & 1 deletion bundle.Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
LABEL operators.operatorframework.io.bundle.package.v1=gatekeeper-operator
LABEL operators.operatorframework.io.bundle.channels.v1=3.11
LABEL operators.operatorframework.io.bundle.channel.default.v1=3.11
LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.28.1
LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.31.0
LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1
LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v3

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ metadata:
]
capabilities: Basic Install
olm.skipRange: "<3.11.1"
operators.operatorframework.io/builder: operator-sdk-v1.28.1
operators.operatorframework.io/builder: operator-sdk-v1.31.0
operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
name: gatekeeper-operator.v3.11.1
namespace: placeholder
Expand Down Expand Up @@ -377,7 +377,7 @@ spec:
- name: RELATED_IMAGE_GATEKEEPER
value: openpolicyagent/gatekeeper:v3.11.1
image: quay.io/gatekeeper/gatekeeper-operator:v3.11.1
imagePullPolicy: Always
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /healthz
Expand Down
1 change: 1 addition & 0 deletions bundle/manifests/operator.gatekeeper.sh_gatekeepers.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -867,6 +867,7 @@ spec:
enum:
- Enabled
- Disabled
- Automatic
type: string
auditInterval:
type: string
Expand Down
2 changes: 1 addition & 1 deletion bundle/metadata/annotations.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ annotations:
operators.operatorframework.io.bundle.package.v1: gatekeeper-operator
operators.operatorframework.io.bundle.channels.v1: "3.11"
operators.operatorframework.io.bundle.channel.default.v1: "3.11"
operators.operatorframework.io.metrics.builder: operator-sdk-v1.28.1
operators.operatorframework.io.metrics.builder: operator-sdk-v1.31.0
operators.operatorframework.io.metrics.mediatype.v1: metrics+v1
operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3

Expand Down
1 change: 1 addition & 0 deletions config/crd/bases/operator.gatekeeper.sh_gatekeepers.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -867,6 +867,7 @@ spec:
enum:
- Enabled
- Disabled
- Automatic
type: string
auditInterval:
type: string
Expand Down
2 changes: 1 addition & 1 deletion config/manager/manager.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ spec:
- --leader-elect
image: controller:latest
name: manager
imagePullPolicy: Always
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false
capabilities:
Expand Down
Loading

0 comments on commit c774fb1

Please sign in to comment.