PR review -1

Signed-off-by: Yi Rae Kim <[email protected]>
stolostron · Dec 1, 2023 · d5614ff · d5614ff
1 parent 09f0262
commit d5614ff
Show file tree

Hide file tree

Showing 14 changed files with 493 additions and 318 deletions.
diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml
@@ -92,7 +92,7 @@ jobs:
         echo "::group::Operator Logs"
         cat operator.log
         echo "::endgroup::"
-        
+
   gatekeeper-e2e-tests:
     name: Run gatekeeper e2e tests
     runs-on: ubuntu-latest

diff --git a/.github/workflows/olm_tests.yaml b/.github/workflows/olm_tests.yaml
@@ -59,13 +59,13 @@ jobs:
           echo "Waiting for operator deployment"; \
           sleep 2; \
         done
-        kubectl -n gatekeeper-system wait deployment/gatekeeper-operator-controller --for condition=Available --timeout=90s
+        kubectl -n mygatekeeper wait deployment/gatekeeper-operator-controller --for condition=Available --timeout=90s
 
     - name: E2E Tests
       run: |
-        kubectl -n gatekeeper-system logs deployment/gatekeeper-operator-controller -c manager -f > operator.log &
-        make test-e2e NAMESPACE=gatekeeper-system
-        kubectl delete --wait namespace gatekeeper-system
+        kubectl -n mygatekeeper logs deployment/gatekeeper-operator-controller -c manager -f > operator.log &
+        make test-e2e NAMESPACE=mygatekeeper
+        kubectl delete --wait namespace mygatekeeper
 
     - name: Debug
       if: ${{ failure() }}
@@ -75,5 +75,5 @@ jobs:
         echo "::endgroup::"
 
         echo "::group::Deployments"
-        kubectl -n gatekeeper-system get deployments -o yaml
+        kubectl -n mygatekeeper get deployments -o yaml
         echo "::endgroup::"
diff --git a/Makefile b/Makefile
@@ -182,22 +182,15 @@ download-binaries: kustomize go-bindata envtest controller-gen
 		rm -rf bats-core-${BATS_VERSION} v${BATS_VERSION}.tar.gz; \
 	fi
 
-DEV_IMG=localhost:5000/gatekeeper-operator:dev
 .PHONY: kind-bootstrap-cluster
 kind-bootstrap-cluster: test-cluster install dev-build
 	kubectl label ns $(NAMESPACE)  --overwrite pod-security.kubernetes.io/audit=privileged
 	kubectl label ns $(NAMESPACE)  --overwrite pod-security.kubernetes.io/enforce=privileged
 	kubectl label ns $(NAMESPACE)  --overwrite pod-security.kubernetes.io/warn=privileged
-	kind load docker-image $(DEV_IMG)
-	$(MAKE) deploy-ci NAMESPACE=$(NAMESPACE) IMG=$(DEV_IMG)
+	kind load docker-image $(IMG)
+	$(MAKE) deploy-ci NAMESPACE=$(NAMESPACE) IMG=$(IMG)
 	kubectl -n $(NAMESPACE) wait deployment/gatekeeper-operator-controller --for condition=Available --timeout=90s
 
-.PHONY: dev-build
-dev-build: export DOCKER_DEFAULT_PLATFORM=linux/amd64
-dev-build: ## Build docker image with the manager for Mac user
-	$(DOCKER) build --build-arg GOOS=linux --build-arg GOARCH=amd64 --build-arg LDFLAGS=${LDFLAGS} -t ${DEV_IMG} .
-##@ Build
-
 .PHONY: build
 build: generate fmt vet ## Build manager binary.
 	CGO_ENABLED=1 GOFLAGS=$(GOFLAGS) go build -ldflags $(LDFLAGS) -o bin/manager main.go

diff --git a/api/v1alpha1/gatekeeper_types.go b/api/v1alpha1/gatekeeper_types.go
@@ -92,6 +92,8 @@ type AuditConfig struct {
 	// +optional
 	ConstraintViolationLimit *uint64 `json:"constraintViolationLimit,omitempty"`
 	// +optional
+	// Setting Automatic lets the Gatekeeper operator manage syncOnly in the config resource.
+	// It is not recommended to use Automatic when using referential constraints since those are not detected.
 	AuditFromCache *AuditFromCacheMode `json:"auditFromCache,omitempty"`
 	// +kubebuilder:validation:Minimum:=0
 	// +optional

diff --git a/bundle/manifests/operator.gatekeeper.sh_gatekeepers.yaml b/bundle/manifests/operator.gatekeeper.sh_gatekeepers.yaml
@@ -864,6 +864,10 @@ spec:
                     minimum: 0
                     type: integer
                   auditFromCache:
+                    description: Setting Automatic lets the Gatekeeper operator manage
+                      syncOnly in the config resource. It is not recommended to use
+                      Automatic when using referential constraints since those are
+                      not detected.
                     enum:
                     - Enabled
                     - Disabled

diff --git a/config/crd/bases/operator.gatekeeper.sh_gatekeepers.yaml b/config/crd/bases/operator.gatekeeper.sh_gatekeepers.yaml
@@ -864,6 +864,10 @@ spec:
                     minimum: 0
                     type: integer
                   auditFromCache:
+                    description: Setting Automatic lets the Gatekeeper operator manage
+                      syncOnly in the config resource. It is not recommended to use
+                      Automatic when using referential constraints since those are
+                      not detected.
                     enum:
                     - Enabled
                     - Disabled