diff --git a/charts/gateway-operator/CHANGELOG.md b/charts/gateway-operator/CHANGELOG.md index abb09c06d..02a92b7ad 100644 --- a/charts/gateway-operator/CHANGELOG.md +++ b/charts/gateway-operator/CHANGELOG.md @@ -1,10 +1,17 @@ # Changelog +## 0.4.4 + +### Changes + +- Fix rules of `ValidatingAdmissionPolicy` validating `DataPlane` ports. + [#1215](https://github.com/Kong/charts/pull/1215) + ## 0.4.3 ### Changes -- Added `ValidatingAdmissionPolicy` and ``ValidatingAdmissionPolicyBinding` for +- Added `ValidatingAdmissionPolicy` and `ValidatingAdmissionPolicyBinding` for validating `DataPlane` ports. [#1215](https://github.com/Kong/charts/pull/1215) diff --git a/charts/gateway-operator/Chart.yaml b/charts/gateway-operator/Chart.yaml index b49c9aeb4..ae8b981a8 100644 --- a/charts/gateway-operator/Chart.yaml +++ b/charts/gateway-operator/Chart.yaml @@ -8,7 +8,7 @@ maintainers: name: gateway-operator sources: - https://github.com/Kong/charts/tree/main/charts/gateway-operator -version: 0.4.3 +version: 0.4.4 appVersion: "1.4" annotations: artifacthub.io/prerelease: "false" diff --git a/charts/gateway-operator/ci/__snapshots__/affinity-values.snap b/charts/gateway-operator/ci/__snapshots__/affinity-values.snap index 6c939030e..bffee89c4 100644 --- a/charts/gateway-operator/ci/__snapshots__/affinity-values.snap +++ b/charts/gateway-operator/ci/__snapshots__/affinity-values.snap @@ -694,7 +694,7 @@ kind: Deployment metadata: labels: app.kubernetes.io/name: gateway-operator - helm.sh/chart: gateway-operator-0.4.3 + helm.sh/chart: gateway-operator-0.4.4 app.kubernetes.io/instance: "chartsnap" app.kubernetes.io/version: "1.4" app.kubernetes.io/component: kgo @@ -716,7 +716,7 @@ spec: labels: control-plane: controller-manager app.kubernetes.io/name: gateway-operator - helm.sh/chart: gateway-operator-0.4.3 + helm.sh/chart: gateway-operator-0.4.4 app.kubernetes.io/instance: "chartsnap" app.kubernetes.io/version: "1.4" app.kubernetes.io/component: kgo @@ -816,7 +816,7 @@ metadata: name: ports.dataplane.gateway-operator.konghq.com labels: app.kubernetes.io/name: gateway-operator - helm.sh/chart: gateway-operator-0.4.3 + helm.sh/chart: gateway-operator-0.4.4 app.kubernetes.io/instance: "chartsnap" app.kubernetes.io/version: "1.4" spec: @@ -832,18 +832,17 @@ spec: resources: - "dataplanes" variables: - - name: network - expression: object.spec.network - - name: services - expression: variables.network.services - name: ingressPorts - expression: variables.services.ingress.ports + expression: object.spec.network.services.ingress.ports - name: podTemplateSpec expression: object.spec.deployment.podTemplateSpec + - name: proxyContainers + expression: | + variables.podTemplateSpec.spec.containers.filter(c, c.name == 'proxy') - name: proxyContainer expression: | - variables.podTemplateSpec.spec.containers.exists(c, c.name == 'proxy') ? - variables.podTemplateSpec.spec.containers.filter(c, c.name == 'proxy')[0] : + variables.proxyContainers.size() > 0 ? + variables.proxyContainers[0] : null - name: envFilteredPortMaps expression: | @@ -863,27 +862,35 @@ spec: expression: | !has(object.spec.network) || !has(object.spec.network.services) || - variables.ingressPorts == null || - variables.envPortMaps == null || - variables.ingressPorts.all(p, variables.envPortMaps. - split(","). - exists(pm, - pm.split(":")[1].trim() == string(p.targetPort) - ) - ) + !has(object.spec.network.services.ingress) || + !has(object.spec.network.services.ingress.ports) || + ( + has(variables.proxyContainer.env) && + variables.envPortMaps != null && + variables.ingressPorts.all(p, variables.envPortMaps. + split(","). + exists(pm, + pm.split(":")[1].trim() == string(p.targetPort) + ) + ) + ) reason: Invalid - messageExpression: "'Each port from spec.network.services.ingress.ports has to have an accompanying port in KONG_PROXY_LISTEN env'" expression: | !has(object.spec.network) || !has(object.spec.network.services) || - variables.ingressPorts == null || - variables.envProxyListen == null || - variables.ingressPorts.all(p, variables.envProxyListen. - split(","). - exists(pm, - pm.trim().split(" ")[0].split(":")[1].trim() == string(p.targetPort) + !has(object.spec.network.services.ingress) || + !has(object.spec.network.services.ingress.ports) || + ( + has(variables.proxyContainer.env) && + variables.envProxyListen != null && + variables.ingressPorts.all(p, variables.envProxyListen. + split(","). + exists(pm, + pm.trim().split(" ")[0].split(":")[1].trim() == string(p.targetPort) + ) ) - ) + ) reason: Invalid --- # Source: gateway-operator/templates/validation-policy-dataplane.yaml @@ -893,7 +900,7 @@ metadata: name: binding-ports.dataplane.gateway-operator.konghq.com labels: app.kubernetes.io/name: gateway-operator - helm.sh/chart: gateway-operator-0.4.3 + helm.sh/chart: gateway-operator-0.4.4 app.kubernetes.io/instance: "chartsnap" app.kubernetes.io/version: "1.4" spec: diff --git a/charts/gateway-operator/ci/__snapshots__/disable-gateway-controller-values.snap b/charts/gateway-operator/ci/__snapshots__/disable-gateway-controller-values.snap index 88777ed1e..28c5b96b3 100644 --- a/charts/gateway-operator/ci/__snapshots__/disable-gateway-controller-values.snap +++ b/charts/gateway-operator/ci/__snapshots__/disable-gateway-controller-values.snap @@ -694,7 +694,7 @@ kind: Deployment metadata: labels: app.kubernetes.io/name: gateway-operator - helm.sh/chart: gateway-operator-0.4.3 + helm.sh/chart: gateway-operator-0.4.4 app.kubernetes.io/instance: "chartsnap" app.kubernetes.io/version: "1.4" app.kubernetes.io/component: kgo @@ -716,7 +716,7 @@ spec: labels: control-plane: controller-manager app.kubernetes.io/name: gateway-operator - helm.sh/chart: gateway-operator-0.4.3 + helm.sh/chart: gateway-operator-0.4.4 app.kubernetes.io/instance: "chartsnap" app.kubernetes.io/version: "1.4" app.kubernetes.io/component: kgo @@ -808,7 +808,7 @@ metadata: name: ports.dataplane.gateway-operator.konghq.com labels: app.kubernetes.io/name: gateway-operator - helm.sh/chart: gateway-operator-0.4.3 + helm.sh/chart: gateway-operator-0.4.4 app.kubernetes.io/instance: "chartsnap" app.kubernetes.io/version: "1.4" spec: @@ -824,18 +824,17 @@ spec: resources: - "dataplanes" variables: - - name: network - expression: object.spec.network - - name: services - expression: variables.network.services - name: ingressPorts - expression: variables.services.ingress.ports + expression: object.spec.network.services.ingress.ports - name: podTemplateSpec expression: object.spec.deployment.podTemplateSpec + - name: proxyContainers + expression: | + variables.podTemplateSpec.spec.containers.filter(c, c.name == 'proxy') - name: proxyContainer expression: | - variables.podTemplateSpec.spec.containers.exists(c, c.name == 'proxy') ? - variables.podTemplateSpec.spec.containers.filter(c, c.name == 'proxy')[0] : + variables.proxyContainers.size() > 0 ? + variables.proxyContainers[0] : null - name: envFilteredPortMaps expression: | @@ -855,27 +854,35 @@ spec: expression: | !has(object.spec.network) || !has(object.spec.network.services) || - variables.ingressPorts == null || - variables.envPortMaps == null || - variables.ingressPorts.all(p, variables.envPortMaps. - split(","). - exists(pm, - pm.split(":")[1].trim() == string(p.targetPort) - ) - ) + !has(object.spec.network.services.ingress) || + !has(object.spec.network.services.ingress.ports) || + ( + has(variables.proxyContainer.env) && + variables.envPortMaps != null && + variables.ingressPorts.all(p, variables.envPortMaps. + split(","). + exists(pm, + pm.split(":")[1].trim() == string(p.targetPort) + ) + ) + ) reason: Invalid - messageExpression: "'Each port from spec.network.services.ingress.ports has to have an accompanying port in KONG_PROXY_LISTEN env'" expression: | !has(object.spec.network) || !has(object.spec.network.services) || - variables.ingressPorts == null || - variables.envProxyListen == null || - variables.ingressPorts.all(p, variables.envProxyListen. - split(","). - exists(pm, - pm.trim().split(" ")[0].split(":")[1].trim() == string(p.targetPort) + !has(object.spec.network.services.ingress) || + !has(object.spec.network.services.ingress.ports) || + ( + has(variables.proxyContainer.env) && + variables.envProxyListen != null && + variables.ingressPorts.all(p, variables.envProxyListen. + split(","). + exists(pm, + pm.trim().split(" ")[0].split(":")[1].trim() == string(p.targetPort) + ) ) - ) + ) reason: Invalid --- # Source: gateway-operator/templates/validation-policy-dataplane.yaml @@ -885,7 +892,7 @@ metadata: name: binding-ports.dataplane.gateway-operator.konghq.com labels: app.kubernetes.io/name: gateway-operator - helm.sh/chart: gateway-operator-0.4.3 + helm.sh/chart: gateway-operator-0.4.4 app.kubernetes.io/instance: "chartsnap" app.kubernetes.io/version: "1.4" spec: diff --git a/charts/gateway-operator/ci/__snapshots__/env-and-args-values.snap b/charts/gateway-operator/ci/__snapshots__/env-and-args-values.snap index 43f27788a..57cd5bb01 100644 --- a/charts/gateway-operator/ci/__snapshots__/env-and-args-values.snap +++ b/charts/gateway-operator/ci/__snapshots__/env-and-args-values.snap @@ -694,7 +694,7 @@ kind: Deployment metadata: labels: app.kubernetes.io/name: gateway-operator - helm.sh/chart: gateway-operator-0.4.3 + helm.sh/chart: gateway-operator-0.4.4 app.kubernetes.io/instance: "chartsnap" app.kubernetes.io/version: "1.4" app.kubernetes.io/component: kgo @@ -716,7 +716,7 @@ spec: labels: control-plane: controller-manager app.kubernetes.io/name: gateway-operator - helm.sh/chart: gateway-operator-0.4.3 + helm.sh/chart: gateway-operator-0.4.4 app.kubernetes.io/instance: "chartsnap" app.kubernetes.io/version: "1.4" app.kubernetes.io/component: kgo @@ -808,7 +808,7 @@ metadata: name: ports.dataplane.gateway-operator.konghq.com labels: app.kubernetes.io/name: gateway-operator - helm.sh/chart: gateway-operator-0.4.3 + helm.sh/chart: gateway-operator-0.4.4 app.kubernetes.io/instance: "chartsnap" app.kubernetes.io/version: "1.4" spec: @@ -824,18 +824,17 @@ spec: resources: - "dataplanes" variables: - - name: network - expression: object.spec.network - - name: services - expression: variables.network.services - name: ingressPorts - expression: variables.services.ingress.ports + expression: object.spec.network.services.ingress.ports - name: podTemplateSpec expression: object.spec.deployment.podTemplateSpec + - name: proxyContainers + expression: | + variables.podTemplateSpec.spec.containers.filter(c, c.name == 'proxy') - name: proxyContainer expression: | - variables.podTemplateSpec.spec.containers.exists(c, c.name == 'proxy') ? - variables.podTemplateSpec.spec.containers.filter(c, c.name == 'proxy')[0] : + variables.proxyContainers.size() > 0 ? + variables.proxyContainers[0] : null - name: envFilteredPortMaps expression: | @@ -855,27 +854,35 @@ spec: expression: | !has(object.spec.network) || !has(object.spec.network.services) || - variables.ingressPorts == null || - variables.envPortMaps == null || - variables.ingressPorts.all(p, variables.envPortMaps. - split(","). - exists(pm, - pm.split(":")[1].trim() == string(p.targetPort) - ) - ) + !has(object.spec.network.services.ingress) || + !has(object.spec.network.services.ingress.ports) || + ( + has(variables.proxyContainer.env) && + variables.envPortMaps != null && + variables.ingressPorts.all(p, variables.envPortMaps. + split(","). + exists(pm, + pm.split(":")[1].trim() == string(p.targetPort) + ) + ) + ) reason: Invalid - messageExpression: "'Each port from spec.network.services.ingress.ports has to have an accompanying port in KONG_PROXY_LISTEN env'" expression: | !has(object.spec.network) || !has(object.spec.network.services) || - variables.ingressPorts == null || - variables.envProxyListen == null || - variables.ingressPorts.all(p, variables.envProxyListen. - split(","). - exists(pm, - pm.trim().split(" ")[0].split(":")[1].trim() == string(p.targetPort) + !has(object.spec.network.services.ingress) || + !has(object.spec.network.services.ingress.ports) || + ( + has(variables.proxyContainer.env) && + variables.envProxyListen != null && + variables.ingressPorts.all(p, variables.envProxyListen. + split(","). + exists(pm, + pm.trim().split(" ")[0].split(":")[1].trim() == string(p.targetPort) + ) ) - ) + ) reason: Invalid --- # Source: gateway-operator/templates/validation-policy-dataplane.yaml @@ -885,7 +892,7 @@ metadata: name: binding-ports.dataplane.gateway-operator.konghq.com labels: app.kubernetes.io/name: gateway-operator - helm.sh/chart: gateway-operator-0.4.3 + helm.sh/chart: gateway-operator-0.4.4 app.kubernetes.io/instance: "chartsnap" app.kubernetes.io/version: "1.4" spec: diff --git a/charts/gateway-operator/ci/__snapshots__/env-and-customenv-values.snap b/charts/gateway-operator/ci/__snapshots__/env-and-customenv-values.snap index 6e88295ef..3ca4df037 100644 --- a/charts/gateway-operator/ci/__snapshots__/env-and-customenv-values.snap +++ b/charts/gateway-operator/ci/__snapshots__/env-and-customenv-values.snap @@ -694,7 +694,7 @@ kind: Deployment metadata: labels: app.kubernetes.io/name: gateway-operator - helm.sh/chart: gateway-operator-0.4.3 + helm.sh/chart: gateway-operator-0.4.4 app.kubernetes.io/instance: "chartsnap" app.kubernetes.io/version: "1.4" app.kubernetes.io/component: kgo @@ -716,7 +716,7 @@ spec: labels: control-plane: controller-manager app.kubernetes.io/name: gateway-operator - helm.sh/chart: gateway-operator-0.4.3 + helm.sh/chart: gateway-operator-0.4.4 app.kubernetes.io/instance: "chartsnap" app.kubernetes.io/version: "1.4" app.kubernetes.io/component: kgo @@ -810,7 +810,7 @@ metadata: name: ports.dataplane.gateway-operator.konghq.com labels: app.kubernetes.io/name: gateway-operator - helm.sh/chart: gateway-operator-0.4.3 + helm.sh/chart: gateway-operator-0.4.4 app.kubernetes.io/instance: "chartsnap" app.kubernetes.io/version: "1.4" spec: @@ -826,18 +826,17 @@ spec: resources: - "dataplanes" variables: - - name: network - expression: object.spec.network - - name: services - expression: variables.network.services - name: ingressPorts - expression: variables.services.ingress.ports + expression: object.spec.network.services.ingress.ports - name: podTemplateSpec expression: object.spec.deployment.podTemplateSpec + - name: proxyContainers + expression: | + variables.podTemplateSpec.spec.containers.filter(c, c.name == 'proxy') - name: proxyContainer expression: | - variables.podTemplateSpec.spec.containers.exists(c, c.name == 'proxy') ? - variables.podTemplateSpec.spec.containers.filter(c, c.name == 'proxy')[0] : + variables.proxyContainers.size() > 0 ? + variables.proxyContainers[0] : null - name: envFilteredPortMaps expression: | @@ -857,27 +856,35 @@ spec: expression: | !has(object.spec.network) || !has(object.spec.network.services) || - variables.ingressPorts == null || - variables.envPortMaps == null || - variables.ingressPorts.all(p, variables.envPortMaps. - split(","). - exists(pm, - pm.split(":")[1].trim() == string(p.targetPort) - ) - ) + !has(object.spec.network.services.ingress) || + !has(object.spec.network.services.ingress.ports) || + ( + has(variables.proxyContainer.env) && + variables.envPortMaps != null && + variables.ingressPorts.all(p, variables.envPortMaps. + split(","). + exists(pm, + pm.split(":")[1].trim() == string(p.targetPort) + ) + ) + ) reason: Invalid - messageExpression: "'Each port from spec.network.services.ingress.ports has to have an accompanying port in KONG_PROXY_LISTEN env'" expression: | !has(object.spec.network) || !has(object.spec.network.services) || - variables.ingressPorts == null || - variables.envProxyListen == null || - variables.ingressPorts.all(p, variables.envProxyListen. - split(","). - exists(pm, - pm.trim().split(" ")[0].split(":")[1].trim() == string(p.targetPort) + !has(object.spec.network.services.ingress) || + !has(object.spec.network.services.ingress.ports) || + ( + has(variables.proxyContainer.env) && + variables.envProxyListen != null && + variables.ingressPorts.all(p, variables.envProxyListen. + split(","). + exists(pm, + pm.trim().split(" ")[0].split(":")[1].trim() == string(p.targetPort) + ) ) - ) + ) reason: Invalid --- # Source: gateway-operator/templates/validation-policy-dataplane.yaml @@ -887,7 +894,7 @@ metadata: name: binding-ports.dataplane.gateway-operator.konghq.com labels: app.kubernetes.io/name: gateway-operator - helm.sh/chart: gateway-operator-0.4.3 + helm.sh/chart: gateway-operator-0.4.4 app.kubernetes.io/instance: "chartsnap" app.kubernetes.io/version: "1.4" spec: diff --git a/charts/gateway-operator/ci/__snapshots__/extra-labels-values.snap b/charts/gateway-operator/ci/__snapshots__/extra-labels-values.snap index 4793f03a1..8e0464a18 100644 --- a/charts/gateway-operator/ci/__snapshots__/extra-labels-values.snap +++ b/charts/gateway-operator/ci/__snapshots__/extra-labels-values.snap @@ -694,7 +694,7 @@ kind: Deployment metadata: labels: app.kubernetes.io/name: gateway-operator - helm.sh/chart: gateway-operator-0.4.3 + helm.sh/chart: gateway-operator-0.4.4 app.kubernetes.io/instance: "chartsnap" app.kubernetes.io/version: "1.4" a: "b" @@ -717,7 +717,7 @@ spec: labels: control-plane: controller-manager app.kubernetes.io/name: gateway-operator - helm.sh/chart: gateway-operator-0.4.3 + helm.sh/chart: gateway-operator-0.4.4 app.kubernetes.io/instance: "chartsnap" app.kubernetes.io/version: "1.4" a: "b" @@ -808,7 +808,7 @@ metadata: name: ports.dataplane.gateway-operator.konghq.com labels: app.kubernetes.io/name: gateway-operator - helm.sh/chart: gateway-operator-0.4.3 + helm.sh/chart: gateway-operator-0.4.4 app.kubernetes.io/instance: "chartsnap" app.kubernetes.io/version: "1.4" a: "b" @@ -825,18 +825,17 @@ spec: resources: - "dataplanes" variables: - - name: network - expression: object.spec.network - - name: services - expression: variables.network.services - name: ingressPorts - expression: variables.services.ingress.ports + expression: object.spec.network.services.ingress.ports - name: podTemplateSpec expression: object.spec.deployment.podTemplateSpec + - name: proxyContainers + expression: | + variables.podTemplateSpec.spec.containers.filter(c, c.name == 'proxy') - name: proxyContainer expression: | - variables.podTemplateSpec.spec.containers.exists(c, c.name == 'proxy') ? - variables.podTemplateSpec.spec.containers.filter(c, c.name == 'proxy')[0] : + variables.proxyContainers.size() > 0 ? + variables.proxyContainers[0] : null - name: envFilteredPortMaps expression: | @@ -856,27 +855,35 @@ spec: expression: | !has(object.spec.network) || !has(object.spec.network.services) || - variables.ingressPorts == null || - variables.envPortMaps == null || - variables.ingressPorts.all(p, variables.envPortMaps. - split(","). - exists(pm, - pm.split(":")[1].trim() == string(p.targetPort) - ) - ) + !has(object.spec.network.services.ingress) || + !has(object.spec.network.services.ingress.ports) || + ( + has(variables.proxyContainer.env) && + variables.envPortMaps != null && + variables.ingressPorts.all(p, variables.envPortMaps. + split(","). + exists(pm, + pm.split(":")[1].trim() == string(p.targetPort) + ) + ) + ) reason: Invalid - messageExpression: "'Each port from spec.network.services.ingress.ports has to have an accompanying port in KONG_PROXY_LISTEN env'" expression: | !has(object.spec.network) || !has(object.spec.network.services) || - variables.ingressPorts == null || - variables.envProxyListen == null || - variables.ingressPorts.all(p, variables.envProxyListen. - split(","). - exists(pm, - pm.trim().split(" ")[0].split(":")[1].trim() == string(p.targetPort) + !has(object.spec.network.services.ingress) || + !has(object.spec.network.services.ingress.ports) || + ( + has(variables.proxyContainer.env) && + variables.envProxyListen != null && + variables.ingressPorts.all(p, variables.envProxyListen. + split(","). + exists(pm, + pm.trim().split(" ")[0].split(":")[1].trim() == string(p.targetPort) + ) ) - ) + ) reason: Invalid --- # Source: gateway-operator/templates/validation-policy-dataplane.yaml @@ -886,7 +893,7 @@ metadata: name: binding-ports.dataplane.gateway-operator.konghq.com labels: app.kubernetes.io/name: gateway-operator - helm.sh/chart: gateway-operator-0.4.3 + helm.sh/chart: gateway-operator-0.4.4 app.kubernetes.io/instance: "chartsnap" app.kubernetes.io/version: "1.4" a: "b" diff --git a/charts/gateway-operator/ci/__snapshots__/probes-and-args-values.snap b/charts/gateway-operator/ci/__snapshots__/probes-and-args-values.snap index 82be88f20..3fc83d767 100644 --- a/charts/gateway-operator/ci/__snapshots__/probes-and-args-values.snap +++ b/charts/gateway-operator/ci/__snapshots__/probes-and-args-values.snap @@ -694,7 +694,7 @@ kind: Deployment metadata: labels: app.kubernetes.io/name: gateway-operator - helm.sh/chart: gateway-operator-0.4.3 + helm.sh/chart: gateway-operator-0.4.4 app.kubernetes.io/instance: "chartsnap" app.kubernetes.io/version: "1.4" app.kubernetes.io/component: kgo @@ -716,7 +716,7 @@ spec: labels: control-plane: controller-manager app.kubernetes.io/name: gateway-operator - helm.sh/chart: gateway-operator-0.4.3 + helm.sh/chart: gateway-operator-0.4.4 app.kubernetes.io/instance: "chartsnap" app.kubernetes.io/version: "1.4" app.kubernetes.io/component: kgo @@ -808,7 +808,7 @@ metadata: name: ports.dataplane.gateway-operator.konghq.com labels: app.kubernetes.io/name: gateway-operator - helm.sh/chart: gateway-operator-0.4.3 + helm.sh/chart: gateway-operator-0.4.4 app.kubernetes.io/instance: "chartsnap" app.kubernetes.io/version: "1.4" spec: @@ -824,18 +824,17 @@ spec: resources: - "dataplanes" variables: - - name: network - expression: object.spec.network - - name: services - expression: variables.network.services - name: ingressPorts - expression: variables.services.ingress.ports + expression: object.spec.network.services.ingress.ports - name: podTemplateSpec expression: object.spec.deployment.podTemplateSpec + - name: proxyContainers + expression: | + variables.podTemplateSpec.spec.containers.filter(c, c.name == 'proxy') - name: proxyContainer expression: | - variables.podTemplateSpec.spec.containers.exists(c, c.name == 'proxy') ? - variables.podTemplateSpec.spec.containers.filter(c, c.name == 'proxy')[0] : + variables.proxyContainers.size() > 0 ? + variables.proxyContainers[0] : null - name: envFilteredPortMaps expression: | @@ -855,27 +854,35 @@ spec: expression: | !has(object.spec.network) || !has(object.spec.network.services) || - variables.ingressPorts == null || - variables.envPortMaps == null || - variables.ingressPorts.all(p, variables.envPortMaps. - split(","). - exists(pm, - pm.split(":")[1].trim() == string(p.targetPort) - ) - ) + !has(object.spec.network.services.ingress) || + !has(object.spec.network.services.ingress.ports) || + ( + has(variables.proxyContainer.env) && + variables.envPortMaps != null && + variables.ingressPorts.all(p, variables.envPortMaps. + split(","). + exists(pm, + pm.split(":")[1].trim() == string(p.targetPort) + ) + ) + ) reason: Invalid - messageExpression: "'Each port from spec.network.services.ingress.ports has to have an accompanying port in KONG_PROXY_LISTEN env'" expression: | !has(object.spec.network) || !has(object.spec.network.services) || - variables.ingressPorts == null || - variables.envProxyListen == null || - variables.ingressPorts.all(p, variables.envProxyListen. - split(","). - exists(pm, - pm.trim().split(" ")[0].split(":")[1].trim() == string(p.targetPort) + !has(object.spec.network.services.ingress) || + !has(object.spec.network.services.ingress.ports) || + ( + has(variables.proxyContainer.env) && + variables.envProxyListen != null && + variables.ingressPorts.all(p, variables.envProxyListen. + split(","). + exists(pm, + pm.trim().split(" ")[0].split(":")[1].trim() == string(p.targetPort) + ) ) - ) + ) reason: Invalid --- # Source: gateway-operator/templates/validation-policy-dataplane.yaml @@ -885,7 +892,7 @@ metadata: name: binding-ports.dataplane.gateway-operator.konghq.com labels: app.kubernetes.io/name: gateway-operator - helm.sh/chart: gateway-operator-0.4.3 + helm.sh/chart: gateway-operator-0.4.4 app.kubernetes.io/instance: "chartsnap" app.kubernetes.io/version: "1.4" spec: diff --git a/charts/gateway-operator/ci/__snapshots__/tolerations-values.snap b/charts/gateway-operator/ci/__snapshots__/tolerations-values.snap index 8ea5b4677..0fcdc5cf1 100644 --- a/charts/gateway-operator/ci/__snapshots__/tolerations-values.snap +++ b/charts/gateway-operator/ci/__snapshots__/tolerations-values.snap @@ -694,7 +694,7 @@ kind: Deployment metadata: labels: app.kubernetes.io/name: gateway-operator - helm.sh/chart: gateway-operator-0.4.3 + helm.sh/chart: gateway-operator-0.4.4 app.kubernetes.io/instance: "chartsnap" app.kubernetes.io/version: "1.4" app.kubernetes.io/component: kgo @@ -716,7 +716,7 @@ spec: labels: control-plane: controller-manager app.kubernetes.io/name: gateway-operator - helm.sh/chart: gateway-operator-0.4.3 + helm.sh/chart: gateway-operator-0.4.4 app.kubernetes.io/instance: "chartsnap" app.kubernetes.io/version: "1.4" app.kubernetes.io/component: kgo @@ -810,7 +810,7 @@ metadata: name: ports.dataplane.gateway-operator.konghq.com labels: app.kubernetes.io/name: gateway-operator - helm.sh/chart: gateway-operator-0.4.3 + helm.sh/chart: gateway-operator-0.4.4 app.kubernetes.io/instance: "chartsnap" app.kubernetes.io/version: "1.4" spec: @@ -826,18 +826,17 @@ spec: resources: - "dataplanes" variables: - - name: network - expression: object.spec.network - - name: services - expression: variables.network.services - name: ingressPorts - expression: variables.services.ingress.ports + expression: object.spec.network.services.ingress.ports - name: podTemplateSpec expression: object.spec.deployment.podTemplateSpec + - name: proxyContainers + expression: | + variables.podTemplateSpec.spec.containers.filter(c, c.name == 'proxy') - name: proxyContainer expression: | - variables.podTemplateSpec.spec.containers.exists(c, c.name == 'proxy') ? - variables.podTemplateSpec.spec.containers.filter(c, c.name == 'proxy')[0] : + variables.proxyContainers.size() > 0 ? + variables.proxyContainers[0] : null - name: envFilteredPortMaps expression: | @@ -857,27 +856,35 @@ spec: expression: | !has(object.spec.network) || !has(object.spec.network.services) || - variables.ingressPorts == null || - variables.envPortMaps == null || - variables.ingressPorts.all(p, variables.envPortMaps. - split(","). - exists(pm, - pm.split(":")[1].trim() == string(p.targetPort) - ) - ) + !has(object.spec.network.services.ingress) || + !has(object.spec.network.services.ingress.ports) || + ( + has(variables.proxyContainer.env) && + variables.envPortMaps != null && + variables.ingressPorts.all(p, variables.envPortMaps. + split(","). + exists(pm, + pm.split(":")[1].trim() == string(p.targetPort) + ) + ) + ) reason: Invalid - messageExpression: "'Each port from spec.network.services.ingress.ports has to have an accompanying port in KONG_PROXY_LISTEN env'" expression: | !has(object.spec.network) || !has(object.spec.network.services) || - variables.ingressPorts == null || - variables.envProxyListen == null || - variables.ingressPorts.all(p, variables.envProxyListen. - split(","). - exists(pm, - pm.trim().split(" ")[0].split(":")[1].trim() == string(p.targetPort) + !has(object.spec.network.services.ingress) || + !has(object.spec.network.services.ingress.ports) || + ( + has(variables.proxyContainer.env) && + variables.envProxyListen != null && + variables.ingressPorts.all(p, variables.envProxyListen. + split(","). + exists(pm, + pm.trim().split(" ")[0].split(":")[1].trim() == string(p.targetPort) + ) ) - ) + ) reason: Invalid --- # Source: gateway-operator/templates/validation-policy-dataplane.yaml @@ -887,7 +894,7 @@ metadata: name: binding-ports.dataplane.gateway-operator.konghq.com labels: app.kubernetes.io/name: gateway-operator - helm.sh/chart: gateway-operator-0.4.3 + helm.sh/chart: gateway-operator-0.4.4 app.kubernetes.io/instance: "chartsnap" app.kubernetes.io/version: "1.4" spec: diff --git a/charts/gateway-operator/templates/validation-policy-dataplane.yaml b/charts/gateway-operator/templates/validation-policy-dataplane.yaml index 49a2c65ba..2ceb49af3 100644 --- a/charts/gateway-operator/templates/validation-policy-dataplane.yaml +++ b/charts/gateway-operator/templates/validation-policy-dataplane.yaml @@ -19,18 +19,17 @@ spec: resources: - "dataplanes" variables: - - name: network - expression: object.spec.network - - name: services - expression: variables.network.services - name: ingressPorts - expression: variables.services.ingress.ports + expression: object.spec.network.services.ingress.ports - name: podTemplateSpec expression: object.spec.deployment.podTemplateSpec + - name: proxyContainers + expression: | + variables.podTemplateSpec.spec.containers.filter(c, c.name == 'proxy') - name: proxyContainer expression: | - variables.podTemplateSpec.spec.containers.exists(c, c.name == 'proxy') ? - variables.podTemplateSpec.spec.containers.filter(c, c.name == 'proxy')[0] : + variables.proxyContainers.size() > 0 ? + variables.proxyContainers[0] : null - name: envFilteredPortMaps expression: | @@ -50,27 +49,35 @@ spec: expression: | !has(object.spec.network) || !has(object.spec.network.services) || - variables.ingressPorts == null || - variables.envPortMaps == null || - variables.ingressPorts.all(p, variables.envPortMaps. - split(","). - exists(pm, - pm.split(":")[1].trim() == string(p.targetPort) - ) - ) + !has(object.spec.network.services.ingress) || + !has(object.spec.network.services.ingress.ports) || + ( + has(variables.proxyContainer.env) && + variables.envPortMaps != null && + variables.ingressPorts.all(p, variables.envPortMaps. + split(","). + exists(pm, + pm.split(":")[1].trim() == string(p.targetPort) + ) + ) + ) reason: Invalid - messageExpression: "'Each port from spec.network.services.ingress.ports has to have an accompanying port in KONG_PROXY_LISTEN env'" expression: | !has(object.spec.network) || !has(object.spec.network.services) || - variables.ingressPorts == null || - variables.envProxyListen == null || - variables.ingressPorts.all(p, variables.envProxyListen. - split(","). - exists(pm, - pm.trim().split(" ")[0].split(":")[1].trim() == string(p.targetPort) + !has(object.spec.network.services.ingress) || + !has(object.spec.network.services.ingress.ports) || + ( + has(variables.proxyContainer.env) && + variables.envProxyListen != null && + variables.ingressPorts.all(p, variables.envProxyListen. + split(","). + exists(pm, + pm.trim().split(" ")[0].split(":")[1].trim() == string(p.targetPort) + ) ) - ) + ) reason: Invalid --- apiVersion: admissionregistration.k8s.io/v1