Skip to content

Commit

Permalink
Merge branch 'master' into docs-externaldata
Browse files Browse the repository at this point in the history
  • Loading branch information
@sozercan
sozercan authored Nov 22, 2021
2 parents 736c64c + 4c560af commit 4a5525e
Show file tree
Hide file tree
Showing 8 changed files with 32 additions and 18 deletions.
4 changes: 2 additions & 2 deletions cmd/build/helmify/static/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,10 +104,10 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi
| controllerManager.exemptNamespaces | The exact namespaces to exempt by the admission webhook | `[]` |
| controllerManager.exemptNamespacePrefixes | The namespace prefixes to exempt by the admission webhook | `[]` |
| controllerManager.hostNetwork | Enables controllerManager to be deployed on hostNetwork | `false` |
| controllerManager.dnsPolicy | Set the dnsPolicy for controllerManager pods | `Default` |
| controllerManager.dnsPolicy | Set the dnsPolicy for controllerManager pods | `ClusterFirst` |
| audit.priorityClassName | Priority class name for audit controller | `system-cluster-critical` |
| audit.hostNetwork | Enables audit to be deployed on hostNetwork | `false` |
| audit.dnsPolicy | Set the dnsPolicy for audit pods | `Default` |
| audit.dnsPolicy | Set the dnsPolicy for audit pods | `ClusterFirst` |
| audit.healthPort | Health port for audit | `9090` |
| audit.metricsPort | Metrics port for audit | `8888` |
| replicas | The number of Gatekeeper replicas to deploy for the webhook | `3` |
Expand Down
4 changes: 2 additions & 2 deletions cmd/build/helmify/static/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ controllerManager:
exemptNamespaces: []
exemptNamespacePrefixes: []
hostNetwork: false
dnsPolicy: Default
dnsPolicy: ClusterFirst
port: 8443
metricsPort: 8888
healthPort: 9090
Expand Down Expand Up @@ -69,7 +69,7 @@ controllerManager:
memory: 256Mi
audit:
hostNetwork: false
dnsPolicy: Default
dnsPolicy: ClusterFirst
metricsPort: 8888
healthPort: 9090
priorityClassName: system-cluster-critical
Expand Down
4 changes: 2 additions & 2 deletions manifest_staging/charts/gatekeeper/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,10 +104,10 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi
| controllerManager.exemptNamespaces | The exact namespaces to exempt by the admission webhook | `[]` |
| controllerManager.exemptNamespacePrefixes | The namespace prefixes to exempt by the admission webhook | `[]` |
| controllerManager.hostNetwork | Enables controllerManager to be deployed on hostNetwork | `false` |
| controllerManager.dnsPolicy | Set the dnsPolicy for controllerManager pods | `Default` |
| controllerManager.dnsPolicy | Set the dnsPolicy for controllerManager pods | `ClusterFirst` |
| audit.priorityClassName | Priority class name for audit controller | `system-cluster-critical` |
| audit.hostNetwork | Enables audit to be deployed on hostNetwork | `false` |
| audit.dnsPolicy | Set the dnsPolicy for audit pods | `Default` |
| audit.dnsPolicy | Set the dnsPolicy for audit pods | `ClusterFirst` |
| audit.healthPort | Health port for audit | `9090` |
| audit.metricsPort | Metrics port for audit | `8888` |
| replicas | The number of Gatekeeper replicas to deploy for the webhook | `3` |
Expand Down
4 changes: 2 additions & 2 deletions manifest_staging/charts/gatekeeper/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ controllerManager:
exemptNamespaces: []
exemptNamespacePrefixes: []
hostNetwork: false
dnsPolicy: Default
dnsPolicy: ClusterFirst
port: 8443
metricsPort: 8888
healthPort: 9090
Expand Down Expand Up @@ -69,7 +69,7 @@ controllerManager:
memory: 256Mi
audit:
hostNetwork: false
dnsPolicy: Default
dnsPolicy: ClusterFirst
metricsPort: 8888
healthPort: 9090
priorityClassName: system-cluster-critical
Expand Down
22 changes: 18 additions & 4 deletions pkg/audit/manager.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -290,7 +290,7 @@ func (am *Manager) auditResources(
}
}

var errs opa.Errors
var errs []error
nsCache := newNSCache()

matchedKinds := make(map[string]bool)
Expand Down Expand Up @@ -426,8 +426,9 @@ func (am *Manager) auditResources(
}
}
}

if len(errs) > 0 {
return errs
return mergeErrors(errs)
}
return nil
}
Expand All @@ -437,7 +438,7 @@ func (am *Manager) reviewObjects(ctx context.Context, kind string, folderCount i
totalViolationsPerConstraint map[util.KindVersionResource]int64,
totalViolationsPerEnforcementAction map[util.EnforcementAction]int64,
timestamp string) error {
var errs opa.Errors
var errs []error
for i := 0; i < folderCount; i++ {
// cache directory structure:
// apiCacheDir/kind_folderIndex/fileIndex
Expand Down Expand Up @@ -490,7 +491,7 @@ func (am *Manager) reviewObjects(ctx context.Context, kind string, folderCount i
}
}
if len(errs) > 0 {
return errs
return mergeErrors(errs)
}
return nil
}
Expand Down Expand Up @@ -958,3 +959,16 @@ func getViolationRef(gkNamespace, rkind, rname, rnamespace, ckind, cname, cnames
Namespace: gkNamespace,
}
}

// mergeErrors concatenates errs into a single error. None of the original errors
// may be extracted from the result.
func mergeErrors(errs []error) error {
sb := strings.Builder{}
for i, err := range errs {
if i != 0 {
sb.WriteString("\n")
sb.WriteString(err.Error())
}
}
return errors.New(sb.String())
}
4 changes: 2 additions & 2 deletions website/docs/install.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ A basic Helm chart exists in `charts/gatekeeper`. If you have Helm installed, yo

```sh
helm repo add gatekeeper https://open-policy-agent.github.io/gatekeeper/charts
helm install gatekeeper/gatekeeper --generate-name
helm install gatekeeper/gatekeeper --name-template=gatekeeper --namespace gatekeeper-system --create-namespace
```

If you are using the older Gatekeeper Helm repo location and Helm v3.3.2+, then use `force-update` to override the default behavior to update the existing repo.
Expand Down Expand Up @@ -103,7 +103,7 @@ If you used `make` to deploy, then run the following to uninstall Gatekeeper:

If you used `helm` to deploy, then run the following to uninstall Gatekeeper:
```sh
helm delete <release name>
helm delete gatekeeper --namespace gatekeeper-system
```

Helm v3 will not cleanup Gatekeeper installed CRDs. Run the following to uninstall Gatekeeper CRDs:
Expand Down
4 changes: 2 additions & 2 deletions website/versioned_docs/version-v3.6.x/install.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ A basic Helm chart exists in `charts/gatekeeper`. If you have Helm installed, yo

```sh
helm repo add gatekeeper https://open-policy-agent.github.io/gatekeeper/charts
helm install gatekeeper/gatekeeper --generate-name
helm install gatekeeper/gatekeeper --name-template=gatekeeper --namespace gatekeeper-system --create-namespace
```

If you are using the older Gatekeeper Helm repo location and Helm v3.3.2+, then use `force-update` to override the default behavior to update the existing repo.
Expand Down Expand Up @@ -103,7 +103,7 @@ If you used `make` to deploy, then run the following to uninstall Gatekeeper:

If you used `helm` to deploy, then run the following to uninstall Gatekeeper:
```sh
helm delete <release name>
helm delete gatekeeper --namespace gatekeeper-system
```

Helm v3 will not cleanup Gatekeeper installed CRDs. Run the following to uninstall Gatekeeper CRDs:
Expand Down
4 changes: 2 additions & 2 deletions website/versioned_docs/version-v3.7.x/install.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ A basic Helm chart exists in `charts/gatekeeper`. If you have Helm installed, yo

```sh
helm repo add gatekeeper https://open-policy-agent.github.io/gatekeeper/charts
helm install gatekeeper/gatekeeper --generate-name
helm install gatekeeper/gatekeeper --name-template=gatekeeper --namespace gatekeeper-system --create-namespace
```

If you are using the older Gatekeeper Helm repo location and Helm v3.3.2+, then use `force-update` to override the default behavior to update the existing repo.
Expand Down Expand Up @@ -103,7 +103,7 @@ If you used `make` to deploy, then run the following to uninstall Gatekeeper:

If you used `helm` to deploy, then run the following to uninstall Gatekeeper:
```sh
helm delete <release name>
helm delete gatekeeper --namespace gatekeeper-system
```

Helm v3 will not cleanup Gatekeeper installed CRDs. Run the following to uninstall Gatekeeper CRDs:
Expand Down

0 comments on commit 4a5525e

Please sign in to comment.