Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NDEV-19725 (fix): default wildcard cluserrole assignment for n4k-1.11 #138

Open
wants to merge 11 commits into
base: release-1.11-n4k
Choose a base branch
from
Open

NDEV-19725 (fix): default wildcard cluserrole assignment for n4k-1.11 #138

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
e51f774
default wildcard cluserrole assignment for n4k-1.11
VedRatan Jul 17, 2024
fab43f9
fix: codegen
VedRatan Jul 17, 2024
43bfd7a
fixed the default wildcard cluserrole assignment
VedRatan Jul 17, 2024
11665e2
fix: chainsaw conformance failure and codegen tests
VedRatan Jul 18, 2024
e705e0d
fix: codegen
VedRatan Jul 18, 2024
fef0f2d
fix: unit tests
VedRatan Jul 23, 2024
841b227
fix: unit tests repository
VedRatan Jul 23, 2024
a211e93
fix: notary unit tests
VedRatan Jul 24, 2024
7a1dc08
fix: custom-sigstore chainsaw
VedRatan Jul 24, 2024
6a4add8
fix: update sigstore/scaffolding(custom-sigstore)
VedRatan Jul 25, 2024
705f36e
fix: custom-sigstore
VedRatan Jul 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 3 additions & 7 deletions .github/workflows/conformance.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -513,10 +513,6 @@ jobs:
- standard
- custom-sigstore
k8s-version:
- name: v1.25
version: v1.25.x
- name: v1.26
version: v1.26.x
- name: v1.27
version: v1.27.x
- name: v1.28
Expand All @@ -534,9 +530,9 @@ jobs:
with:
build-cache-key: run-conformance
- name: Create kind cluster and setup Sigstore Scaffolding
uses: sigstore/scaffolding/actions/setup@d120ad89e1f5c9d4a0bbd92959c6874be2a2131d
uses: sigstore/scaffolding/actions/setup@26f31cb72ca848bb0273fcbd7a4ebf187ec4d711
with:
version: 'v0.6.8'
version: main
k8s-version: ${{ matrix.k8s-version.version }}
knative-version: '1.10.0'
- name: Create TUF values config map
Expand Down Expand Up @@ -571,7 +567,7 @@ jobs:
TEST_IMAGE_URL=ttl.sh/${IMAGE_NAME}:1h
crane copy cgr.dev/chainguard/static@$DIGEST $TEST_IMAGE_URL
cosign initialize --mirror $TUF_MIRROR --root $TUF_MIRROR/root.json
COSIGN_EXPERIMENTAL=1 cosign sign --rekor-url $REKOR_URL --fulcio-url $FULCIO_URL $TEST_IMAGE_URL --identity-token `curl -s $ISSUER_URL` -y
COSIGN_EXPERIMENTAL=1 cosign sign --rekor-url $REKOR_URL --fulcio-url $FULCIO_URL $TEST_IMAGE_URL --identity-token $OIDC_TOKEN -y
echo "TEST_IMAGE_URL=$TEST_IMAGE_URL" >> $GITHUB_ENV
- name: Wait for kyverno ready
uses: ./.github/actions/kyverno-wait-ready
Expand Down
8 changes: 4 additions & 4 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ TOOLS_DIR := $(PWD)/.tools
KIND := $(TOOLS_DIR)/kind
KIND_VERSION := v0.20.0
CONTROLLER_GEN := $(TOOLS_DIR)/controller-gen
CONTROLLER_GEN_VERSION := v0.12.0
CONTROLLER_GEN_VERSION := v0.14.0
CLIENT_GEN := $(TOOLS_DIR)/client-gen
LISTER_GEN := $(TOOLS_DIR)/lister-gen
INFORMER_GEN := $(TOOLS_DIR)/informer-gen
Expand Down Expand Up @@ -488,17 +488,17 @@ codegen-client-all: codegen-register codegen-defaulters codegen-applyconfigurati
.PHONY: codegen-crds-kyverno
codegen-crds-kyverno: $(CONTROLLER_GEN) ## Generate kyverno CRDs
@echo Generate kyverno crds... >&2
@$(CONTROLLER_GEN) crd paths=./api/kyverno/... crd:crdVersions=v1 output:dir=$(CRDS_PATH)
@$(CONTROLLER_GEN) paths=./api/kyverno/... crd:crdVersions=v1 output:dir=$(CRDS_PATH)

.PHONY: codegen-crds-report
codegen-crds-report: $(CONTROLLER_GEN) ## Generate policy reports CRDs
@echo Generate policy reports crds... >&2
@$(CONTROLLER_GEN) crd paths=./api/policyreport/... crd:crdVersions=v1 output:dir=$(CRDS_PATH)
@$(CONTROLLER_GEN) paths=./api/kyverno/... crd:crdVersions=v1 output:dir=$(CRDS_PATH)

.PHONY: codegen-crds-cli
codegen-crds-cli: $(CONTROLLER_GEN) ## Generate CLI CRDs
@echo Generate cli crds... >&2
@$(CONTROLLER_GEN) crd paths=./cmd/cli/kubectl-kyverno/apis/... crd:crdVersions=v1 output:dir=${PWD}/cmd/cli/kubectl-kyverno/config/crds
@$(CONTROLLER_GEN) paths=./cmd/cli/kubectl-kyverno/apis/... crd:crdVersions=v1 output:dir=${PWD}/cmd/cli/kubectl-kyverno/config/crds

.PHONY: codegen-crds-all
codegen-crds-all: codegen-crds-kyverno codegen-crds-report codegen-cli-crds ## Generate all CRDs
Expand Down
3 changes: 3 additions & 0 deletions charts/kyverno/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -330,6 +330,7 @@ The chart values are organised per component.
| admissionController.rbac.create | bool | `true` | Create RBAC resources |
| admissionController.rbac.serviceAccount.name | string | `nil` | The ServiceAccount name |
| admissionController.rbac.serviceAccount.annotations | object | `{}` | Annotations for the ServiceAccount |
| admissionController.rbac.coreClusterRole.extraResources | list | See [values.yaml](values.yaml) | Extra resource permissions to add in the core cluster role. This was introduced to avoid breaking change in the chart but should ideally be moved in `clusterRole.extraResources`. |
| admissionController.rbac.clusterRole.extraResources | list | `[]` | Extra resource permissions to add in the cluster role |
| admissionController.createSelfSignedCert | bool | `false` | Create self-signed certificates at deployment time. The certificates won't be automatically renewed if this is set to `true`. |
| admissionController.replicas | int | `nil` | Desired number of pods |
Expand Down Expand Up @@ -482,6 +483,7 @@ The chart values are organised per component.
| cleanupController.rbac.create | bool | `true` | Create RBAC resources |
| cleanupController.rbac.serviceAccount.name | string | `nil` | Service account name |
| cleanupController.rbac.serviceAccount.annotations | object | `{}` | Annotations for the ServiceAccount |
| cleanupController.rbac.coreClusterRole.extraResources | list | See [values.yaml](values.yaml) | Extra resource permissions to add in the core cluster role. This was introduced to avoid breaking change in the chart but should ideally be moved in `clusterRole.extraResources`. |
| cleanupController.rbac.clusterRole.extraResources | list | `[]` | Extra resource permissions to add in the cluster role |
| cleanupController.createSelfSignedCert | bool | `false` | Create self-signed certificates at deployment time. The certificates won't be automatically renewed if this is set to `true`. |
| cleanupController.image.registry | string | `"ghcr.io"` | Image registry |
Expand Down Expand Up @@ -554,6 +556,7 @@ The chart values are organised per component.
| reportsController.rbac.create | bool | `true` | Create RBAC resources |
| reportsController.rbac.serviceAccount.name | string | `nil` | Service account name |
| reportsController.rbac.serviceAccount.annotations | object | `{}` | Annotations for the ServiceAccount |
| reportsController.rbac.coreClusterRole.extraResources | list | See [values.yaml](values.yaml) | Extra resource permissions to add in the core cluster role. This was introduced to avoid breaking change in the chart but should ideally be moved in `clusterRole.extraResources`. |
| reportsController.rbac.clusterRole.extraResources | list | `[]` | Extra resource permissions to add in the cluster role |
| reportsController.image.registry | string | `"ghcr.io"` | Image registry |
| reportsController.image.repository | string | `"kyverno/reports-controller"` | Image repository |
Expand Down
Loading
Loading