feat: enable autogen internals by default (#4381)

* feat: enable autogen internals by default Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * change e2e tests Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * change e2e tests matrix Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2025-03-30 19:35:06 +00:00 · 2022-08-25 17:01:43 +02:00 · 2022-08-25 17:01:43 +02:00 · cf0ee93de8
commit cf0ee93de8
parent 6db747224a
9 changed files with 12 additions and 10 deletions
--- a/.github/workflows/e2e-autogen-internals.yaml
+++ b/.github/workflows/e2e-autogen-internals.yaml
@ -24,7 +24,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        k8s-version: [v1.23.6]
+        k8s-version: [v1.21.12, v1.22.9, v1.23.6, v1.24.0]
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
@ -64,7 +64,6 @@ jobs:
          echo ">>> Install Kyverno"
          cat ${GITHUB_WORKSPACE}/config/install.yaml | \
          sed -e 's/imagePullPolicy:.*$/imagePullPolicy: IfNotPresent/g' | \
-          sed -e 's/--autogenInternals:false$/--autogenInternals:true/g' | \
          kubectl apply -f -
          kubectl apply -f ${GITHUB_WORKSPACE}/config/github/rbac.yaml
          chmod a+x ${GITHUB_WORKSPACE}/scripts/verify-deployment.sh
@ -76,7 +75,6 @@ jobs:
          echo ">>> Expose the Kyverno's service's metric server to the host"
          kubectl port-forward svc/kyverno-svc-metrics -n kyverno 8000:8000 &
          echo ">>> Run Kyverno e2e test"
-          export FLAG_AUTOGEN_INTERNALS=true
          make test-e2e
          kubectl delete -f ${GITHUB_WORKSPACE}/config/install.yaml

--- a/.github/workflows/e2e.yaml
+++ b/.github/workflows/e2e.yaml
@ -22,7 +22,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        k8s-version: [v1.21.12, v1.22.9, v1.23.6, v1.24.0]
+        k8s-version: [v1.24.0]
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
@ -62,6 +62,7 @@ jobs:
          echo ">>> Install Kyverno"
          cat ${GITHUB_WORKSPACE}/config/install.yaml | \
          sed -e 's/imagePullPolicy:.*$/imagePullPolicy: IfNotPresent/g' | \
+          sed -e 's/--autogenInternals:true$/--autogenInternals:false/g' | \
          kubectl apply -f -
          kubectl apply -f ${GITHUB_WORKSPACE}/config/github/rbac.yaml
          chmod a+x ${GITHUB_WORKSPACE}/scripts/verify-deployment.sh
@ -73,6 +74,7 @@ jobs:
          echo ">>> Expose the Kyverno's service's metric server to the host"
          kubectl port-forward svc/kyverno-svc-metrics -n kyverno 8000:8000 &
          echo ">>> Run Kyverno e2e test"
+          export FLAG_AUTOGEN_INTERNALS=false
          make test-e2e
          kubectl delete -f ${GITHUB_WORKSPACE}/config/install.yaml

--- a/2
+++ b/2
@ -501,5 +501,5 @@ kind-deploy: docker-build-initContainer-local docker-build-kyverno-local
 		--set image.tag=$(IMAGE_TAG_DEV) \
 		--set initImage.repository=$(REPO)/$(INITC_IMAGE) \
 		--set initImage.tag=$(IMAGE_TAG_DEV) \
-		--set extraArgs={--autogenInternals=false}
+		--set extraArgs={--autogenInternals=true}
 	helm upgrade --install kyverno-policies --namespace kyverno --create-namespace ./charts/kyverno-policies
--- a/charts/kyverno/Chart.yaml
+++ b/charts/kyverno/Chart.yaml
@ -34,3 +34,5 @@ annotations:
      description: Prevent installing Kyverno in namespace kube-system.
    - kind: fixed
      description: Docs for generatecontrollerExtraResources.
+    - kind: changed
+      description: Enable autogen internals by default.
--- a/charts/kyverno/README.md
+++ b/charts/kyverno/README.md
@ -96,7 +96,7 @@ The command removes all the Kubernetes components associated with the chart and
 | dnsPolicy | string | `"ClusterFirst"` | `dnsPolicy` determines the manner in which DNS resolution happens in the cluster. In case of `hostNetwork: true`, usually, the `dnsPolicy` is suitable to be `ClusterFirstWithHostNet`. For further reference: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy. |
 | envVarsInit | object | `{}` | Env variables for initContainers. |
 | envVars | object | `{}` | Env variables for containers. |
-| extraArgs | list | `["--autogenInternals=false"]` | Extra arguments to give to the binary. |
+| extraArgs | list | `["--autogenInternals=true"]` | Extra arguments to give to the binary. |
 | extraInitContainers | list | `[]` | Array of extra init containers |
 | extraContainers | list | `[]` | Array of extra containers to run alongside kyverno |
 | imagePullSecrets | object | `{}` | Image pull secrets for image verify and imageData policies. This will define the `--imagePullSecrets` Kyverno argument. |
--- a/charts/kyverno/values.yaml
+++ b/charts/kyverno/values.yaml
@ -141,7 +141,7 @@ envVars: {}

 # -- Extra arguments to give to the binary.
 extraArgs:
-  - --autogenInternals=false
+  - --autogenInternals=true

 # -- Array of extra init containers
 extraInitContainers: []
--- a/config/install.yaml
+++ b/config/install.yaml
@ -12761,7 +12761,7 @@ spec:
      containers:
      - args:
        - -v=2
-        - --autogenInternals=false
+        - --autogenInternals=true
        env:
        - name: INIT_CONFIG
          value: kyverno
--- a/config/manifest/deployment.yaml
+++ b/config/manifest/deployment.yaml
@ -79,7 +79,7 @@ spec:
          # configure the workers for generate controller
          # - --genWorkers=20
          - "-v=2"
-          - --autogenInternals=false
+          - --autogenInternals=true
          ports:
            - containerPort: 9443
              name: https
--- a/pkg/toggle/toggle.go
+++ b/pkg/toggle/toggle.go
@ -9,7 +9,7 @@ const (
 	AutogenInternalsFlagName    = "autogenInternals"
 	AutogenInternalsDescription = "Enables autogen internal policies. When this is 'true' policy rules should not be mutated."
 	AutogenInternalsEnvVar      = "FLAG_AUTOGEN_INTERNALS"
-	DefaultAutogenInternals     = false
+	DefaultAutogenInternals     = true

 	// split policy report ...
 	SplitPolicyReportFlagName = "splitPolicyReport"