Skip to content

Commit 18c2fbf

Browse files
JaydipGabaniJaydipGabani
authored
chore: updating pubsub system (#3646)
Signed-off-by: Jaydip Gabani <[email protected]>
1 parent 45f7bd3 commit 18c2fbf

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

48 files changed

+954
-939
lines changed

.github/workflows/dapr-pubsub.yaml .github/workflows/dapr-export.yaml

+10-10
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,18 @@
1-
name: dapr-pubsub
1+
name: dapr-export
22
on:
33
push:
44
paths:
5-
- "pkg/pubsub/dapr"
6-
- "test/pubsub/**"
5+
- "pkg/export/dapr"
6+
- "test/export/**"
77
pull_request:
88
paths:
9-
- "pkg/pubsub/dapr"
10-
- "test/pubsub/**"
9+
- "pkg/export/dapr"
10+
- "test/export/**"
1111
permissions: read-all
1212

1313
jobs:
1414
dapr_test:
15-
name: "Dapr pubsub test"
15+
name: "Dapr export test"
1616
runs-on: ubuntu-22.04
1717
timeout-minutes: 15
1818
strategy:
@@ -50,20 +50,20 @@ jobs:
5050
kind load docker-image --name kind gatekeeper-e2e:latest gatekeeper-crds:latest
5151
kubectl create ns gatekeeper-system
5252
make e2e-publisher-deploy
53-
make e2e-helm-deploy HELM_REPO=gatekeeper-e2e HELM_CRD_REPO=gatekeeper-crds HELM_RELEASE=latest ENABLE_PUBSUB=true LOG_LEVEL=DEBUG
54-
make test-e2e ENABLE_PUBSUB_TESTS=1
53+
make e2e-helm-deploy HELM_REPO=gatekeeper-e2e HELM_CRD_REPO=gatekeeper-crds HELM_RELEASE=latest ENABLE_EXPORT=true LOG_LEVEL=DEBUG
54+
make test-e2e ENABLE_EXPORT_TESTS=1
5555
5656
- name: Save logs
5757
if: ${{ always() }}
5858
run: |
5959
kubectl logs -n fake-subscriber -l app=sub --tail=-1 > logs-audit-subscribe.json
60-
kubectl logs -n gatekeeper-system -l control-plane=audit-controller --tail=-1 > logs-audit-publish.json
60+
kubectl logs -n gatekeeper-system -l control-plane=audit-controller --tail=-1 > logs-audit-export.json
6161
6262
- name: Upload artifacts
6363
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
6464
if: ${{ always() }}
6565
with:
66-
name: pubsub-logs
66+
name: export-logs
6767
path: |
6868
logs-*.json
6969

Makefile

+6-6
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ PUSH_TO_GHCR ?= false
1515
DEV_TAG ?= dev
1616
USE_LOCAL_IMG ?= false
1717
ENABLE_GENERATOR_EXPANSION ?= false
18-
ENABLE_PUBSUB ?= false
18+
ENABLE_EXPORT ?= false
1919
AUDIT_CONNECTION ?= "audit"
2020
AUDIT_CHANNEL ?= "audit"
2121
LOG_LEVEL ?= "INFO"
@@ -203,7 +203,7 @@ e2e-helm-install:
203203
./.staging/helm/linux-amd64/helm version --client
204204

205205
e2e-helm-deploy: e2e-helm-install
206-
ifeq ($(ENABLE_PUBSUB),true)
206+
ifeq ($(ENABLE_EXPORT),true)
207207
./.staging/helm/linux-amd64/helm install manifest_staging/charts/gatekeeper --name-template=gatekeeper \
208208
--namespace ${GATEKEEPER_NAMESPACE} \
209209
--debug --wait \
@@ -220,7 +220,7 @@ ifeq ($(ENABLE_PUBSUB),true)
220220
--set auditEventsInvolvedNamespace=true \
221221
--set disabledBuiltins={http.send} \
222222
--set logMutations=true \
223-
--set audit.enablePubsub=${ENABLE_PUBSUB} \
223+
--set enableViolationExport=${ENABLE_EXPORT} \
224224
--set audit.connection=${AUDIT_CONNECTION} \
225225
--set audit.channel=${AUDIT_CHANNEL} \
226226
--set-string auditPodAnnotations.dapr\\.io/enabled=true \
@@ -292,17 +292,17 @@ e2e-helm-upgrade:
292292
--set mutationAnnotations=true;\
293293

294294
e2e-subscriber-build-load-image:
295-
docker buildx build --platform="linux/amd64" -t ${FAKE_SUBSCRIBER_IMAGE} --load -f test/pubsub/fake-subscriber/Dockerfile test/pubsub/fake-subscriber
295+
docker buildx build --platform="linux/amd64" -t ${FAKE_SUBSCRIBER_IMAGE} --load -f test/export/fake-subscriber/Dockerfile test/export/fake-subscriber
296296
kind load docker-image --name kind ${FAKE_SUBSCRIBER_IMAGE}
297297

298298
e2e-subscriber-deploy:
299299
kubectl create ns fake-subscriber
300300
kubectl get secret redis --namespace=default -o yaml | sed 's/namespace: .*/namespace: fake-subscriber/' | kubectl apply -f -
301-
kubectl apply -f test/pubsub/fake-subscriber/manifest/subscriber.yaml
301+
kubectl apply -f test/export/fake-subscriber/manifest/subscriber.yaml
302302

303303
e2e-publisher-deploy:
304304
kubectl get secret redis --namespace=default -o yaml | sed 's/namespace: .*/namespace: gatekeeper-system/' | kubectl apply -f -
305-
kubectl apply -f test/pubsub/publish-components.yaml
305+
kubectl apply -f test/export/publish-components.yaml
306306

307307
# Build manager binary
308308
manager: generate

cmd/build/helmify/kustomize-for-helm.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -183,7 +183,7 @@ spec:
183183
- --operation=audit
184184
- --operation=status
185185
- --operation=generate
186-
- HELMSUBST_DEPLOYMENT_AUDIT_PUBSUB_ARGS
186+
- HELMSUBST_DEPLOYMENT_AUDIT_VIOLATION_EXPORT_ARGS
187187
- HELMSUBST_MUTATION_STATUS_ENABLED_ARG
188188
- --logtostderr
189189
- --health-addr=:HELMSUBST_DEPLOYMENT_AUDIT_HEALTH_PORT

cmd/build/helmify/replacements.go

+2-2
Original file line numberDiff line numberDiff line change
@@ -118,8 +118,8 @@ var replacements = map[string]string{
118118
- --default-wait-for-vapb-generation={{ .Values.defaultWaitForVAPBGeneration }}
119119
{{- end }}`,
120120

121-
"- HELMSUBST_DEPLOYMENT_AUDIT_PUBSUB_ARGS": `{{ if hasKey .Values.audit "enablePubsub" }}
122-
- --enable-pub-sub={{ .Values.audit.enablePubsub }}
121+
"- HELMSUBST_DEPLOYMENT_AUDIT_VIOLATION_EXPORT_ARGS": `{{ if hasKey .Values "enableViolationExport" }}
122+
- --enable-violation-export={{ .Values.enableViolationExport }}
123123
{{- end }}
124124
{{ if hasKey .Values.audit "connection" }}
125125
- --audit-connection={{ .Values.audit.connection }}

cmd/build/helmify/static/README.md

+3-3
Original file line numberDiff line numberDiff line change
@@ -221,9 +221,9 @@ information._
221221
| audit.readinessTimeout | Timeout in seconds for audit's readiness probe | `1` |
222222
| audit.livenessTimeout | Timeout in seconds for the audit's liveness probe | `1` |
223223
| audit.logLevel | The minimum log level for audit, takes precedence over `logLevel` when specified | `null` |
224-
| audit.enablePubsub | (alpha) Enabled pubsub to publish messages | `false` |
225-
| audit.connection | (alpha) Connection name for publishing audit violation messages | `audit-connection` |
226-
| audit.channel | (alpha) Channel name for publishing audit violation messages | `audit-channel` |
224+
| enableViolationExport | (alpha) Enable exporting violations to external systems | `false` |
225+
| audit.connection | (alpha) Connection name for exporting audit violation messages | `audit-connection` |
226+
| audit.channel | (alpha) Channel name for exporting audit violation messages | `audit-channel` |
227227
| replicas | The number of Gatekeeper replicas to deploy for the webhook | `3` |
228228
| podAnnotations | The annotations to add to the Gatekeeper pods | `container.seccomp.security.alpha.kubernetes.io/manager: runtime/default` |
229229
| podLabels | The labels to add to the Gatekeeper pods | `{}` |

main.go

+4-4
Original file line numberDiff line numberDiff line change
@@ -47,11 +47,11 @@ import (
4747
"github.com/open-policy-agent/gatekeeper/v3/pkg/controller/config/process"
4848
"github.com/open-policy-agent/gatekeeper/v3/pkg/drivers/k8scel"
4949
"github.com/open-policy-agent/gatekeeper/v3/pkg/expansion"
50+
"github.com/open-policy-agent/gatekeeper/v3/pkg/export"
5051
"github.com/open-policy-agent/gatekeeper/v3/pkg/externaldata"
5152
"github.com/open-policy-agent/gatekeeper/v3/pkg/metrics"
5253
"github.com/open-policy-agent/gatekeeper/v3/pkg/mutation"
5354
"github.com/open-policy-agent/gatekeeper/v3/pkg/operations"
54-
"github.com/open-policy-agent/gatekeeper/v3/pkg/pubsub"
5555
"github.com/open-policy-agent/gatekeeper/v3/pkg/readiness"
5656
"github.com/open-policy-agent/gatekeeper/v3/pkg/readiness/pruner"
5757
"github.com/open-policy-agent/gatekeeper/v3/pkg/syncutil"
@@ -442,7 +442,7 @@ func setupControllers(ctx context.Context, mgr ctrl.Manager, tracker *readiness.
442442

443443
mutationSystem := mutation.NewSystem(mutationOpts)
444444
expansionSystem := expansion.NewSystem(mutationSystem)
445-
pubsubSystem := pubsub.NewSystem()
445+
exportSystem := export.NewSystem()
446446

447447
c := mgr.GetCache()
448448
dc, ok := c.(watch.RemovableCache)
@@ -515,7 +515,7 @@ func setupControllers(ctx context.Context, mgr ctrl.Manager, tracker *readiness.
515515
MutationSystem: mutationSystem,
516516
ExpansionSystem: expansionSystem,
517517
ProviderCache: providerCache,
518-
PubsubSystem: pubsubSystem,
518+
ExportSystem: exportSystem,
519519
}
520520

521521
if err := controller.AddToManager(mgr, &opts); err != nil {
@@ -545,7 +545,7 @@ func setupControllers(ctx context.Context, mgr ctrl.Manager, tracker *readiness.
545545
ProcessExcluder: processExcluder,
546546
CacheLister: auditCache,
547547
ExpansionSystem: expansionSystem,
548-
PubSubSystem: pubsubSystem,
548+
ExportSystem: exportSystem,
549549
}
550550
if err := audit.AddToManager(mgr, &auditDeps); err != nil {
551551
setupLog.Error(err, "unable to register audit with the manager")

manifest_staging/charts/gatekeeper/README.md

+3-3
Original file line numberDiff line numberDiff line change
@@ -221,9 +221,9 @@ information._
221221
| audit.readinessTimeout | Timeout in seconds for audit's readiness probe | `1` |
222222
| audit.livenessTimeout | Timeout in seconds for the audit's liveness probe | `1` |
223223
| audit.logLevel | The minimum log level for audit, takes precedence over `logLevel` when specified | `null` |
224-
| audit.enablePubsub | (alpha) Enabled pubsub to publish messages | `false` |
225-
| audit.connection | (alpha) Connection name for publishing audit violation messages | `audit-connection` |
226-
| audit.channel | (alpha) Channel name for publishing audit violation messages | `audit-channel` |
224+
| enableViolationExport | (alpha) Enable exporting violations to external systems | `false` |
225+
| audit.connection | (alpha) Connection name for exporting audit violation messages | `audit-connection` |
226+
| audit.channel | (alpha) Channel name for exporting audit violation messages | `audit-channel` |
227227
| replicas | The number of Gatekeeper replicas to deploy for the webhook | `3` |
228228
| podAnnotations | The annotations to add to the Gatekeeper pods | `container.seccomp.security.alpha.kubernetes.io/manager: runtime/default` |
229229
| podLabels | The labels to add to the Gatekeeper pods | `{}` |

manifest_staging/charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml

+2-2
Original file line numberDiff line numberDiff line change
@@ -71,8 +71,8 @@ spec:
7171
- --operation=audit
7272
- --operation=status
7373
- --operation=generate
74-
{{ if hasKey .Values.audit "enablePubsub" }}
75-
- --enable-pub-sub={{ .Values.audit.enablePubsub }}
74+
{{ if hasKey .Values "enableViolationExport" }}
75+
- --enable-violation-export={{ .Values.enableViolationExport }}
7676
{{- end }}
7777
{{ if hasKey .Values.audit "connection" }}
7878
- --audit-connection={{ .Values.audit.connection }}

0 commit comments

Comments
 (0)