diff --git a/Makefile b/Makefile index e4638775ad..2842a9409d 100644 --- a/Makefile +++ b/Makefile @@ -133,7 +133,7 @@ clean-tools: ## Remove installed tools # BUILD (LOCAL) # ################# -CMD_DIR := ./cmd +CMD_DIR := cmd KYVERNO_DIR := $(CMD_DIR)/kyverno KYVERNOPRE_DIR := $(CMD_DIR)/kyverno-init CLI_DIR := $(CMD_DIR)/cli/kubectl-kyverno @@ -189,23 +189,23 @@ unused-package-check: $(KYVERNOPRE_BIN): fmt vet @echo Build kyvernopre binary... >&2 - @CGO_ENABLED=$(CGO_ENABLED) GOOS=$(GOOS) go build -o $(KYVERNOPRE_BIN) -ldflags=$(LD_FLAGS) $(KYVERNOPRE_DIR) + @CGO_ENABLED=$(CGO_ENABLED) GOOS=$(GOOS) go build -o ./$(KYVERNOPRE_BIN) -ldflags=$(LD_FLAGS) ./$(KYVERNOPRE_DIR) $(KYVERNO_BIN): fmt vet @echo Build kyverno binary... >&2 - @CGO_ENABLED=$(CGO_ENABLED) GOOS=$(GOOS) go build -o $(KYVERNO_BIN) -ldflags=$(LD_FLAGS) $(KYVERNO_DIR) + @CGO_ENABLED=$(CGO_ENABLED) GOOS=$(GOOS) go build -o ./$(KYVERNO_BIN) -ldflags=$(LD_FLAGS) ./$(KYVERNO_DIR) $(CLI_BIN): fmt vet @echo Build cli binary... >&2 - @CGO_ENABLED=$(CGO_ENABLED) GOOS=$(GOOS) go build -o $(CLI_BIN) -ldflags=$(LD_FLAGS) $(CLI_DIR) + @CGO_ENABLED=$(CGO_ENABLED) GOOS=$(GOOS) go build -o ./$(CLI_BIN) -ldflags=$(LD_FLAGS) ./$(CLI_DIR) $(CLEANUP_BIN): fmt vet @echo Build cleanup controller binary... >&2 - @CGO_ENABLED=$(CGO_ENABLED) GOOS=$(GOOS) go build -o $(CLEANUP_BIN) -ldflags=$(LD_FLAGS) $(CLEANUP_DIR) + @CGO_ENABLED=$(CGO_ENABLED) GOOS=$(GOOS) go build -o ./$(CLEANUP_BIN) -ldflags=$(LD_FLAGS) ./$(CLEANUP_DIR) $(REPORTS_BIN): fmt vet @echo Build reports controller binary... >&2 - @CGO_ENABLED=$(CGO_ENABLED) GOOS=$(GOOS) go build -o $(REPORTS_BIN) -ldflags=$(LD_FLAGS) $(REPORTS_DIR) + @CGO_ENABLED=$(CGO_ENABLED) GOOS=$(GOOS) go build -o ./$(REPORTS_BIN) -ldflags=$(LD_FLAGS) ./$(REPORTS_DIR) .PHONY: build-kyverno-init build-kyverno-init: $(KYVERNOPRE_BIN) ## Build kyvernopre binary @@ -228,35 +228,40 @@ build-all: build-kyverno-init build-kyverno build-cli build-cleanup-controller b # BUILD (KO) # ############## -PLATFORMS := linux/amd64,linux/arm64,linux/s390x LOCAL_PLATFORM := linux/$(GOARCH) +KO_REGISTRY := ko.local KO_TAGS := latest,$(IMAGE_TAG) KO_TAGS_DEV := latest,$(IMAGE_TAG_DEV) +KO_CLI_REPO := $(PACKAGE)/$(CLI_DIR) +KO_KYVERNOPRE_REPO := $(PACKAGE)/$(KYVERNOPRE_DIR) +KO_KYVERNO_REPO := $(PACKAGE)/$(KYVERNO_DIR) +KO_CLEANUP_REPO := $(PACKAGE)/$(CLEANUP_DIR) +KO_REPORTS_REPO := $(PACKAGE)/$(REPORTS_DIR) .PHONY: ko-build-kyverno-init ko-build-kyverno-init: $(KO) ## Build kyvernopre local image (with ko) @echo Build kyvernopre local image with ko... >&2 - @LD_FLAGS=$(LD_FLAGS_DEV) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=ko.local $(KO) build $(KYVERNOPRE_DIR) --preserve-import-paths --tags=$(KO_TAGS_DEV) --platform=$(LOCAL_PLATFORM) + @LD_FLAGS=$(LD_FLAGS_DEV) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=$(KO_REGISTRY) $(KO) build ./$(KYVERNOPRE_DIR) --preserve-import-paths --tags=$(KO_TAGS_DEV) --platform=$(LOCAL_PLATFORM) .PHONY: ko-build-kyverno ko-build-kyverno: $(KO) ## Build kyverno local image (with ko) @echo Build kyverno local image with ko... >&2 - @LD_FLAGS=$(LD_FLAGS_DEV) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=ko.local $(KO) build $(KYVERNO_DIR) --preserve-import-paths --tags=$(KO_TAGS_DEV) --platform=$(LOCAL_PLATFORM) + @LD_FLAGS=$(LD_FLAGS_DEV) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=$(KO_REGISTRY) $(KO) build ./$(KYVERNO_DIR) --preserve-import-paths --tags=$(KO_TAGS_DEV) --platform=$(LOCAL_PLATFORM) .PHONY: ko-build-cli ko-build-cli: $(KO) ## Build cli local image (with ko) @echo Build cli local image with ko... >&2 - @LD_FLAGS=$(LD_FLAGS_DEV) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=ko.local $(KO) build $(CLI_DIR) --preserve-import-paths --tags=$(KO_TAGS_DEV) --platform=$(LOCAL_PLATFORM) + @LD_FLAGS=$(LD_FLAGS_DEV) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=$(KO_REGISTRY) $(KO) build ./$(CLI_DIR) --preserve-import-paths --tags=$(KO_TAGS_DEV) --platform=$(LOCAL_PLATFORM) .PHONY: ko-build-cleanup-controller ko-build-cleanup-controller: $(KO) ## Build cleanup controller local image (with ko) @echo Build cleanup controller local image with ko... >&2 - @LD_FLAGS=$(LD_FLAGS_DEV) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=ko.local $(KO) build $(CLEANUP_DIR) --preserve-import-paths --tags=$(KO_TAGS_DEV) --platform=$(LOCAL_PLATFORM) + @LD_FLAGS=$(LD_FLAGS_DEV) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=$(KO_REGISTRY) $(KO) build ./$(CLEANUP_DIR) --preserve-import-paths --tags=$(KO_TAGS_DEV) --platform=$(LOCAL_PLATFORM) .PHONY: ko-build-reports-controller ko-build-reports-controller: $(KO) ## Build reports controller local image (with ko) @echo Build reports controller local image with ko... >&2 - @LD_FLAGS=$(LD_FLAGS_DEV) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=ko.local $(KO) build $(REPORTS_DIR) --preserve-import-paths --tags=$(KO_TAGS_DEV) --platform=$(LOCAL_PLATFORM) + @LD_FLAGS=$(LD_FLAGS_DEV) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=$(KO_REGISTRY) $(KO) build ./$(REPORTS_DIR) --preserve-import-paths --tags=$(KO_TAGS_DEV) --platform=$(LOCAL_PLATFORM) .PHONY: ko-build-all ko-build-all: ko-build-kyverno-init ko-build-kyverno ko-build-cli ko-build-cleanup-controller ko-build-reports-controller ## Build all local images (with ko) @@ -266,10 +271,7 @@ ko-build-all: ko-build-kyverno-init ko-build-kyverno ko-build-cli ko-build-clean ################ REGISTRY_USERNAME ?= dummy -KO_KYVERNOPRE_IMAGE := ko.local/github.com/kyverno/kyverno/cmd/kyverno-init -KO_KYVERNO_IMAGE := ko.local/github.com/kyverno/kyverno/cmd/kyverno -KO_CLEANUP_IMAGE := ko.local/github.com/kyverno/kyverno/cmd/cleanup-controller -KO_REPORTS_IMAGE := ko.local/github.com/kyverno/kyverno/cmd/reports-controller +PLATFORMS := linux/amd64,linux/arm64,linux/s390x .PHONY: ko-login ko-login: $(KO) @@ -325,10 +327,12 @@ ko-publish-all-dev: ko-publish-kyverno-init-dev ko-publish-kyverno-dev ko-publis # BUILD (IMAGE) # ################# -LOCAL_KYVERNOPRE_IMAGE := $($(shell echo $(BUILD_WITH) | tr '[:lower:]' '[:upper:]')_KYVERNOPRE_IMAGE) -LOCAL_KYVERNO_IMAGE := $($(shell echo $(BUILD_WITH) | tr '[:lower:]' '[:upper:]')_KYVERNO_IMAGE) -LOCAL_CLEANUP_IMAGE := $($(shell echo $(BUILD_WITH) | tr '[:lower:]' '[:upper:]')_CLEANUP_IMAGE) -LOCAL_REPORTS_IMAGE := $($(shell echo $(BUILD_WITH) | tr '[:lower:]' '[:upper:]')_REPORTS_IMAGE) +LOCAL_REGISTRY := $($(shell echo $(BUILD_WITH) | tr '[:lower:]' '[:upper:]')_REGISTRY) +LOCAL_CLI_REPO := $($(shell echo $(BUILD_WITH) | tr '[:lower:]' '[:upper:]')_CLI_REPO) +LOCAL_KYVERNOPRE_REPO := $($(shell echo $(BUILD_WITH) | tr '[:lower:]' '[:upper:]')_KYVERNOPRE_REPO) +LOCAL_KYVERNO_REPO := $($(shell echo $(BUILD_WITH) | tr '[:lower:]' '[:upper:]')_KYVERNO_REPO) +LOCAL_CLEANUP_REPO := $($(shell echo $(BUILD_WITH) | tr '[:lower:]' '[:upper:]')_CLEANUP_REPO) +LOCAL_REPORTS_REPO := $($(shell echo $(BUILD_WITH) | tr '[:lower:]' '[:upper:]')_REPORTS_REPO) .PHONY: image-build-kyverno-init image-build-kyverno-init: $(BUILD_WITH)-build-kyverno-init @@ -426,7 +430,7 @@ codegen-api-docs: $(PACKAGE_SHIM) $(GEN_CRD_API_REFERENCE_DOCS) ## Generate API @echo Generate api docs... >&2 @rm -rf docs/user/crd && mkdir -p docs/user/crd @GOPATH=$(GOPATH_SHIM) $(GEN_CRD_API_REFERENCE_DOCS) -v 4 \ - -api-dir github.com/kyverno/kyverno/api \ + -api-dir $(PACKAGE)/api \ -config docs/user/config.json \ -template-dir docs/user/template \ -out-file docs/user/crd/index.html @@ -713,22 +717,22 @@ kind-delete-cluster: $(KIND) ## Delete kind cluster .PHONY: kind-load-kyverno-init kind-load-kyverno-init: $(KIND) image-build-kyverno-init ## Build kyvernopre image and load it in kind cluster @echo Load kyvernopre image... >&2 - @$(KIND) load docker-image --name $(KIND_NAME) $(LOCAL_KYVERNOPRE_IMAGE):$(IMAGE_TAG_DEV) + @$(KIND) load docker-image --name $(KIND_NAME) $(LOCAL_REGISTRY)/$(LOCAL_KYVERNOPRE_REPO):$(IMAGE_TAG_DEV) .PHONY: kind-load-kyverno kind-load-kyverno: $(KIND) image-build-kyverno ## Build kyverno image and load it in kind cluster @echo Load kyverno image... >&2 - @$(KIND) load docker-image --name $(KIND_NAME) $(LOCAL_KYVERNO_IMAGE):$(IMAGE_TAG_DEV) + @$(KIND) load docker-image --name $(KIND_NAME) $(LOCAL_REGISTRY)/$(LOCAL_KYVERNO_REPO):$(IMAGE_TAG_DEV) .PHONY: kind-load-cleanup-controller kind-load-cleanup-controller: $(KIND) image-build-cleanup-controller ## Build cleanup controller image and load it in kind cluster @echo Load cleanup controller image... >&2 - @$(KIND) load docker-image --name $(KIND_NAME) $(LOCAL_CLEANUP_IMAGE):$(IMAGE_TAG_DEV) + @$(KIND) load docker-image --name $(KIND_NAME) $(LOCAL_REGISTRY)/$(LOCAL_CLEANUP_REPO):$(IMAGE_TAG_DEV) .PHONY: kind-load-reports-controller kind-load-reports-controller: $(KIND) image-build-reports-controller ## Build reports controller image and load it in kind cluster @echo Load reports controller image... >&2 - @$(KIND) load docker-image --name $(KIND_NAME) $(LOCAL_REPORTS_IMAGE):$(IMAGE_TAG_DEV) + @$(KIND) load docker-image --name $(KIND_NAME) $(LOCAL_REGISTRY)/$(LOCAL_REPORTS_REPO):$(IMAGE_TAG_DEV) .PHONY: kind-load-all kind-load-all: kind-load-kyverno-init kind-load-kyverno kind-load-cleanup-controller kind-load-reports-controller ## Build images and load them in kind cluster @@ -737,13 +741,17 @@ kind-load-all: kind-load-kyverno-init kind-load-kyverno kind-load-cleanup-contro kind-deploy-kyverno: $(HELM) kind-load-all ## Build images, load them in kind cluster and deploy kyverno helm chart @echo Install kyverno chart... >&2 @$(HELM) upgrade --install kyverno --namespace kyverno --create-namespace --wait ./charts/kyverno \ - --set image.repository=$(LOCAL_KYVERNO_IMAGE) \ + --set image.registry=$(LOCAL_REGISTRY) \ + --set image.repository=$(LOCAL_KYVERNO_REPO) \ --set image.tag=$(IMAGE_TAG_DEV) \ - --set initImage.repository=$(LOCAL_KYVERNOPRE_IMAGE) \ + --set initImage.registry=$(LOCAL_REGISTRY) \ + --set initImage.repository=$(LOCAL_KYVERNOPRE_REPO) \ --set initImage.tag=$(IMAGE_TAG_DEV) \ - --set cleanupController.image.repository=$(LOCAL_CLEANUP_IMAGE) \ + --set cleanupController.image.registry=$(LOCAL_REGISTRY) \ + --set cleanupController.image.repository=$(LOCAL_CLEANUP_REPO) \ --set cleanupController.image.tag=$(IMAGE_TAG_DEV) \ - --set reportsController.image.repository=$(LOCAL_REPORTS_IMAGE) \ + --set reportsController.image.registry=$(LOCAL_REGISTRY) \ + --set reportsController.image.repository=$(LOCAL_REPORTS_REPO) \ --set reportsController.image.tag=$(IMAGE_TAG_DEV) \ --values ./scripts/config/$(USE_CONFIG)/kyverno.yaml diff --git a/charts/kyverno/README.md b/charts/kyverno/README.md index bd2ba73a21..23db331482 100644 --- a/charts/kyverno/README.md +++ b/charts/kyverno/README.md @@ -126,6 +126,8 @@ In `v3` chart values changed significantly, please read the instructions below t - Image tags are now validated and must be strings, if you use image tags in the `1.35` form please add quotes around the tag value. +- Image references are now using the `registry` setting, if you override the registry or repository fields please use `registry` (`--set image.registry=ghcr.io --set image.repository=kyverno/kyverno` instead of `--set image.repository=ghcr.io/kyverno/kyverno`). + ## Uninstalling the Chart To uninstall/delete the `kyverno` deployment: @@ -175,13 +177,13 @@ The command removes all the Kubernetes components associated with the chart and | rbac.serviceAccount.create | bool | `true` | Create a ServiceAccount | | rbac.serviceAccount.name | string | `nil` | The ServiceAccount name | | rbac.serviceAccount.annotations | object | `{}` | Annotations for the ServiceAccount | -| image.registry | string | `nil` | Image registry | -| image.repository | string | `"ghcr.io/kyverno/kyverno"` | Image repository | +| image.registry | string | `"ghcr.io"` | Image registry | +| image.repository | string | `"kyverno/kyverno"` | Image repository | | image.tag | string | `nil` | Image tag Defaults to appVersion in Chart.yaml if omitted | | image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | | image.pullSecrets | list | `[]` | Image pull secrets | -| initImage.registry | string | `nil` | Image registry | -| initImage.repository | string | `"ghcr.io/kyverno/kyvernopre"` | Image repository | +| initImage.registry | string | `"ghcr.io"` | Image registry | +| initImage.repository | string | `"kyverno/kyvernopre"` | Image repository | | initImage.tag | string | `nil` | Image tag If initImage.tag is missing, defaults to image.tag | | initImage.pullPolicy | string | `nil` | Image pull policy If initImage.pullPolicy is missing, defaults to image.pullPolicy | | initContainer.extraArgs | list | `["--loggingFormat=text","--exceptionNamespace={{ include \"kyverno.namespace\" . }}"]` | Extra arguments to give to the kyvernopre binary. | @@ -249,8 +251,8 @@ The command removes all the Kubernetes components associated with the chart and | cleanupController.rbac.serviceAccount.name | string | `nil` | Service account name | | cleanupController.rbac.clusterRole.extraResources | list | `[]` | Extra resource permissions to add in the cluster role | | cleanupController.createSelfSignedCert | bool | `false` | Create self-signed certificates at deployment time. The certificates won't be automatically renewed if this is set to `true`. | -| cleanupController.image.registry | string | `nil` | Image registry | -| cleanupController.image.repository | string | `"ghcr.io/kyverno/cleanup-controller"` | Image repository | +| cleanupController.image.registry | string | `"ghcr.io"` | Image registry | +| cleanupController.image.repository | string | `"kyverno/cleanup-controller"` | Image repository | | cleanupController.image.tag | string | `nil` | Image tag Defaults to appVersion in Chart.yaml if omitted | | cleanupController.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | | cleanupController.image.pullSecrets | list | `[]` | Image pull secrets | @@ -306,8 +308,8 @@ The command removes all the Kubernetes components associated with the chart and | reportsController.rbac.create | bool | `true` | Create RBAC resources | | reportsController.rbac.serviceAccount.name | string | `nil` | Service account name | | reportsController.rbac.clusterRole.extraResources | list | `[]` | Extra resource permissions to add in the cluster role | -| reportsController.image.registry | string | `nil` | Image registry | -| reportsController.image.repository | string | `"ghcr.io/kyverno/reports-controller"` | Image repository | +| reportsController.image.registry | string | `"ghcr.io"` | Image registry | +| reportsController.image.repository | string | `"kyverno/reports-controller"` | Image repository | | reportsController.image.tag | string | `nil` | Image tag Defaults to appVersion in Chart.yaml if omitted | | reportsController.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | | reportsController.image.pullSecrets | list | `[]` | Image pull secrets | diff --git a/charts/kyverno/README.md.gotmpl b/charts/kyverno/README.md.gotmpl index d3c15eadcb..e05ce3f72c 100644 --- a/charts/kyverno/README.md.gotmpl +++ b/charts/kyverno/README.md.gotmpl @@ -126,6 +126,8 @@ In `v3` chart values changed significantly, please read the instructions below t - Image tags are now validated and must be strings, if you use image tags in the `1.35` form please add quotes around the tag value. +- Image references are now using the `registry` setting, if you override the registry or repository fields please use `registry` (`--set image.registry=ghcr.io --set image.repository=kyverno/kyverno` instead of `--set image.repository=ghcr.io/kyverno/kyverno`). + ## Uninstalling the Chart To uninstall/delete the `kyverno` deployment: diff --git a/charts/kyverno/values.yaml b/charts/kyverno/values.yaml index 841f3e1616..6c257a2a07 100644 --- a/charts/kyverno/values.yaml +++ b/charts/kyverno/values.yaml @@ -204,16 +204,13 @@ rbac: # example.com/annotation: value image: - # -- (string) Image registry - registry: ~ - # If you want to manage the registry you should remove it from the repository - # registry: ghcr.io - # repository: kyverno/kyverno + # -- Image registry + registry: ghcr.io # -- Image repository - repository: ghcr.io/kyverno/kyverno # kyverno: replaced in e2e tests - # -- Image tag + repository: kyverno/kyverno + # -- (string) Image tag # Defaults to appVersion in Chart.yaml if omitted - tag: # replaced in e2e tests + tag: ~ # -- Image pull policy pullPolicy: IfNotPresent # -- Image pull secrets @@ -221,19 +218,16 @@ image: # - secretName initImage: - # -- (string) Image registry - registry: ~ - # If you want to manage the registry you should remove it from the repository - # registry: ghcr.io - # repository: kyverno/kyvernopre + # -- Image registry + registry: ghcr.io # -- Image repository - repository: ghcr.io/kyverno/kyvernopre # init: replaced in e2e tests - # -- Image tag + repository: kyverno/kyvernopre + # -- (string) Image tag # If initImage.tag is missing, defaults to image.tag - tag: # replaced in e2e tests - # -- Image pull policy + tag: ~ + # -- (string) Image pull policy # If initImage.pullPolicy is missing, defaults to image.pullPolicy - pullPolicy: + pullPolicy: ~ initContainer: # -- Extra arguments to give to the kyvernopre binary. @@ -541,16 +535,13 @@ cleanupController: createSelfSignedCert: false image: - # -- (string) Image registry - registry: ~ - # If you want to manage the registry you should remove it from the repository - # registry: ghcr.io - # repository: kyverno/kyverno + # -- Image registry + registry: ghcr.io # -- Image repository - repository: ghcr.io/kyverno/cleanup-controller # kyverno: replaced in e2e tests - # -- Image tag + repository: kyverno/cleanup-controller + # -- (string) Image tag # Defaults to appVersion in Chart.yaml if omitted - tag: # replaced in e2e tests + tag: ~ # -- Image pull policy pullPolicy: IfNotPresent # -- Image pull secrets @@ -785,16 +776,13 @@ reportsController: # - pods image: - # -- (string) Image registry - registry: ~ - # If you want to manage the registry you should remove it from the repository - # registry: ghcr.io - # repository: kyverno/kyverno + # -- Image registry + registry: ghcr.io # -- Image repository - repository: ghcr.io/kyverno/reports-controller # kyverno: replaced in e2e tests - # -- Image tag + repository: kyverno/reports-controller + # -- (string) Image tag # Defaults to appVersion in Chart.yaml if omitted - tag: # replaced in e2e tests + tag: ~ # -- Image pull policy pullPolicy: IfNotPresent # -- Image pull secrets