diff --git a/.github/workflows/e2e-autogen-internals.yaml b/.github/workflows/e2e-autogen-internals.yaml index 34c7952154..10b61a2194 100644 --- a/.github/workflows/e2e-autogen-internals.yaml +++ b/.github/workflows/e2e-autogen-internals.yaml @@ -24,7 +24,7 @@ jobs: strategy: fail-fast: false matrix: - k8s-version: [v1.23.6] + k8s-version: [v1.21.12, v1.22.9, v1.23.6, v1.24.0] runs-on: ubuntu-latest steps: - name: Checkout @@ -64,7 +64,6 @@ jobs: echo ">>> Install Kyverno" cat ${GITHUB_WORKSPACE}/config/install.yaml | \ sed -e 's/imagePullPolicy:.*$/imagePullPolicy: IfNotPresent/g' | \ - sed -e 's/--autogenInternals:false$/--autogenInternals:true/g' | \ kubectl apply -f - kubectl apply -f ${GITHUB_WORKSPACE}/config/github/rbac.yaml chmod a+x ${GITHUB_WORKSPACE}/scripts/verify-deployment.sh @@ -76,7 +75,6 @@ jobs: echo ">>> Expose the Kyverno's service's metric server to the host" kubectl port-forward svc/kyverno-svc-metrics -n kyverno 8000:8000 & echo ">>> Run Kyverno e2e test" - export FLAG_AUTOGEN_INTERNALS=true make test-e2e kubectl delete -f ${GITHUB_WORKSPACE}/config/install.yaml diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 7a000610f7..631697bdc4 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -22,7 +22,7 @@ jobs: strategy: fail-fast: false matrix: - k8s-version: [v1.21.12, v1.22.9, v1.23.6, v1.24.0] + k8s-version: [v1.24.0] runs-on: ubuntu-latest steps: - name: Checkout @@ -62,6 +62,7 @@ jobs: echo ">>> Install Kyverno" cat ${GITHUB_WORKSPACE}/config/install.yaml | \ sed -e 's/imagePullPolicy:.*$/imagePullPolicy: IfNotPresent/g' | \ + sed -e 's/--autogenInternals:true$/--autogenInternals:false/g' | \ kubectl apply -f - kubectl apply -f ${GITHUB_WORKSPACE}/config/github/rbac.yaml chmod a+x ${GITHUB_WORKSPACE}/scripts/verify-deployment.sh @@ -73,6 +74,7 @@ jobs: echo ">>> Expose the Kyverno's service's metric server to the host" kubectl port-forward svc/kyverno-svc-metrics -n kyverno 8000:8000 & echo ">>> Run Kyverno e2e test" + export FLAG_AUTOGEN_INTERNALS=false make test-e2e kubectl delete -f ${GITHUB_WORKSPACE}/config/install.yaml diff --git a/Makefile b/Makefile index bba5ce6bc0..1914cc18f3 100644 --- a/Makefile +++ b/Makefile @@ -501,5 +501,5 @@ kind-deploy: docker-build-initContainer-local docker-build-kyverno-local --set image.tag=$(IMAGE_TAG_DEV) \ --set initImage.repository=$(REPO)/$(INITC_IMAGE) \ --set initImage.tag=$(IMAGE_TAG_DEV) \ - --set extraArgs={--autogenInternals=false} + --set extraArgs={--autogenInternals=true} helm upgrade --install kyverno-policies --namespace kyverno --create-namespace ./charts/kyverno-policies diff --git a/charts/kyverno/Chart.yaml b/charts/kyverno/Chart.yaml index 48d8cf06db..93a6aee684 100644 --- a/charts/kyverno/Chart.yaml +++ b/charts/kyverno/Chart.yaml @@ -34,3 +34,5 @@ annotations: description: Prevent installing Kyverno in namespace kube-system. - kind: fixed description: Docs for generatecontrollerExtraResources. + - kind: changed + description: Enable autogen internals by default. diff --git a/charts/kyverno/README.md b/charts/kyverno/README.md index 99005f7315..40b359e302 100644 --- a/charts/kyverno/README.md +++ b/charts/kyverno/README.md @@ -96,7 +96,7 @@ The command removes all the Kubernetes components associated with the chart and | dnsPolicy | string | `"ClusterFirst"` | `dnsPolicy` determines the manner in which DNS resolution happens in the cluster. In case of `hostNetwork: true`, usually, the `dnsPolicy` is suitable to be `ClusterFirstWithHostNet`. For further reference: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy. | | envVarsInit | object | `{}` | Env variables for initContainers. | | envVars | object | `{}` | Env variables for containers. | -| extraArgs | list | `["--autogenInternals=false"]` | Extra arguments to give to the binary. | +| extraArgs | list | `["--autogenInternals=true"]` | Extra arguments to give to the binary. | | extraInitContainers | list | `[]` | Array of extra init containers | | extraContainers | list | `[]` | Array of extra containers to run alongside kyverno | | imagePullSecrets | object | `{}` | Image pull secrets for image verify and imageData policies. This will define the `--imagePullSecrets` Kyverno argument. | diff --git a/charts/kyverno/values.yaml b/charts/kyverno/values.yaml index 9f0d188b7d..1379c4a2f6 100644 --- a/charts/kyverno/values.yaml +++ b/charts/kyverno/values.yaml @@ -141,7 +141,7 @@ envVars: {} # -- Extra arguments to give to the binary. extraArgs: - - --autogenInternals=false + - --autogenInternals=true # -- Array of extra init containers extraInitContainers: [] diff --git a/config/install.yaml b/config/install.yaml index e3e95ee6a1..4a1d726299 100644 --- a/config/install.yaml +++ b/config/install.yaml @@ -12761,7 +12761,7 @@ spec: containers: - args: - -v=2 - - --autogenInternals=false + - --autogenInternals=true env: - name: INIT_CONFIG value: kyverno diff --git a/config/manifest/deployment.yaml b/config/manifest/deployment.yaml index 75a3a6593d..eee6181511 100755 --- a/config/manifest/deployment.yaml +++ b/config/manifest/deployment.yaml @@ -79,7 +79,7 @@ spec: # configure the workers for generate controller # - --genWorkers=20 - "-v=2" - - --autogenInternals=false + - --autogenInternals=true ports: - containerPort: 9443 name: https diff --git a/pkg/toggle/toggle.go b/pkg/toggle/toggle.go index 0caa7fed5b..885a300fa6 100644 --- a/pkg/toggle/toggle.go +++ b/pkg/toggle/toggle.go @@ -9,7 +9,7 @@ const ( AutogenInternalsFlagName = "autogenInternals" AutogenInternalsDescription = "Enables autogen internal policies. When this is 'true' policy rules should not be mutated." AutogenInternalsEnvVar = "FLAG_AUTOGEN_INTERNALS" - DefaultAutogenInternals = false + DefaultAutogenInternals = true // split policy report ... SplitPolicyReportFlagName = "splitPolicyReport"