From b80963374f4947a2687897967fcb2cb8686875b2 Mon Sep 17 00:00:00 2001 From: Mariam Fahmy Date: Wed, 27 Sep 2023 20:40:13 +0300 Subject: [PATCH] chore: enable policy exceptions by default (#8545) Signed-off-by: Mariam Fahmy --- CHANGELOG.md | 1 + charts/kyverno/README.md | 2 +- charts/kyverno/values.yaml | 2 +- cmd/internal/flag.go | 2 +- config/install-latest-testing.yaml | 6 +++--- 5 files changed, 7 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d9218b02ad..9c1a19a91e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ - Added `--aggregateReports` flag for reports controller to enable/disable aggregated reports (default value is `true`). - Added `--policyReports` flag for reports controller to enable/disable policy reports (default value is `true`). - Renamed CLI flag `--compact` to `--detailed-results` (and changed default value from `true` to `false`). +- Changed the default value of `--enablePolicyException` from `false` to `true`. ## v1.10.0 diff --git a/charts/kyverno/README.md b/charts/kyverno/README.md index 953f60bab2..34019103d6 100644 --- a/charts/kyverno/README.md +++ b/charts/kyverno/README.md @@ -308,7 +308,7 @@ The chart values are organised per component. | features.logging.format | string | `"text"` | Logging format | | features.logging.verbosity | int | `2` | Logging verbosity | | features.omitEvents.eventTypes | list | `[]` | Events which should not be emitted (possible values `PolicyViolation`, `PolicyApplied`, `PolicyError`, and `PolicySkipped`) | -| features.policyExceptions.enabled | bool | `false` | Enables the feature | +| features.policyExceptions.enabled | bool | `true` | Enables the feature | | features.policyExceptions.namespace | string | `""` | Restrict policy exceptions to a single namespace | | features.protectManagedResources.enabled | bool | `false` | Enables the feature | | features.registryClient.allowInsecure | bool | `false` | Allow insecure registry | diff --git a/charts/kyverno/values.yaml b/charts/kyverno/values.yaml index d24130c90f..3d0243665a 100644 --- a/charts/kyverno/values.yaml +++ b/charts/kyverno/values.yaml @@ -425,7 +425,7 @@ features: # - PolicySkipped policyExceptions: # -- Enables the feature - enabled: false + enabled: true # -- Restrict policy exceptions to a single namespace namespace: '' protectManagedResources: diff --git a/cmd/internal/flag.go b/cmd/internal/flag.go index 79ac3daf7a..38a987b224 100644 --- a/cmd/internal/flag.go +++ b/cmd/internal/flag.go @@ -89,7 +89,7 @@ func initKubeconfigFlags(qps float64, burst int) { func initPolicyExceptionsFlags() { flag.StringVar(&exceptionNamespace, "exceptionNamespace", "", "Configure the namespace to accept PolicyExceptions.") - flag.BoolVar(&enablePolicyException, "enablePolicyException", false, "Enable PolicyException feature.") + flag.BoolVar(&enablePolicyException, "enablePolicyException", true, "Enable PolicyException feature.") } func initConfigMapCachingFlags() { diff --git a/config/install-latest-testing.yaml b/config/install-latest-testing.yaml index 8876247b81..53998f6109 100644 --- a/config/install-latest-testing.yaml +++ b/config/install-latest-testing.yaml @@ -42328,7 +42328,7 @@ spec: - --generateValidatingAdmissionPolicy=false - --loggingFormat=text - --v=2 - - --enablePolicyException=false + - --enablePolicyException=true - --protectManagedResources=false - --allowInsecureRegistry=false - --registryCredentialHelpers=default,google,amazon,azure,github @@ -42474,7 +42474,7 @@ spec: - --enableDeferredLoading=true - --loggingFormat=text - --v=2 - - --enablePolicyException=false + - --enablePolicyException=true env: - name: KYVERNO_SERVICEACCOUNT_NAME value: kyverno-background-controller @@ -42711,7 +42711,7 @@ spec: - --enableDeferredLoading=true - --loggingFormat=text - --v=2 - - --enablePolicyException=false + - --enablePolicyException=true - --reportsChunkSize=1000 - --allowInsecureRegistry=false - --registryCredentialHelpers=default,google,amazon,azure,github