Skip to content

Commit

Permalink
Merge branch 'master' into bump-frameworks
Browse files Browse the repository at this point in the history
  • Loading branch information
@sozercan
sozercan authored Feb 10, 2025
2 parents d5e90cf + 9d5489c commit f2f024a
Show file tree
Hide file tree
Showing 5 changed files with 11 additions and 4 deletions.
2 changes: 1 addition & 1 deletion cmd/build/helmify/static/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ information._
| postInstall.labelNamespace.priorityClassName | Priority class name for gatekeeper-update-namespace-label Job | `` |
| postInstall.probeWebhook.enabled | Probe webhook API post install. When enabled along with `postInstall.labelNamespace.enabled`, this probe will run as part of `postInstall.labelNamespace` Job as an initContainer | `true` |
| postInstall.probeWebhook.image.repository | Image with curl to probe the webhook API | `curlimages/curl` |
| postInstall.probeWebhook.image.tag | Image tag | `7.83.1` |
| postInstall.probeWebhook.image.tag | Image tag | `8.12.0` |
| postInstall.probeWebhook.image.pullPolicy | Image pullPolicy | `IfNotPresent` |
| postInstall.probeWebhook.image.pullSecrets | Image pullSecrets | `[]` |
| postInstall.probeWebhook.waitTimeout | Total time to wait for the webhook API to become available | `60` |
Expand Down
2 changes: 1 addition & 1 deletion cmd/build/helmify/static/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ postInstall:
enabled: true
image:
repository: curlimages/curl
tag: 7.83.1
tag: 8.12.0
pullPolicy: IfNotPresent
pullSecrets: []
waitTimeout: 60
Expand Down
7 changes: 7 additions & 0 deletions main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,7 @@ var (
disabledBuiltins = util.NewFlagSet()
enableK8sCel = flag.Bool("enable-k8s-native-validation", true, "enable the validating admission policy driver")
externaldataProviderResponseCacheTTL = flag.Duration("external-data-provider-response-cache-ttl", 3*time.Minute, "TTL for the external data provider response cache. Specify the duration in 'h', 'm', or 's' for hours, minutes, or seconds respectively. Defaults to 3 minutes if unspecified. Setting the TTL to 0 disables the cache.")
enableReferential = flag.Bool("enable-referential-rules", true, "Enable referential rules. This flag defaults to true. Set this value to false if you want to disallow referential constraints. Because referential constraints read objects other than the object-under-test, they may be subject to race conditions. Users concerned about this may want to disable referential rules")
)

func init() {
Expand Down Expand Up @@ -410,6 +411,12 @@ func setupControllers(ctx context.Context, mgr ctrl.Manager, tracker *readiness.
cfArgs = append(cfArgs, constraintclient.Driver(k8sDriver))
}

externs := rego.Externs()
if *enableReferential {
externs = rego.Externs("inventory")
}
args = append(args, externs)

driver, err := rego.New(args...)
if err != nil {
setupLog.Error(err, "unable to set up Driver")
Expand Down
2 changes: 1 addition & 1 deletion manifest_staging/charts/gatekeeper/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ information._
| postInstall.labelNamespace.priorityClassName | Priority class name for gatekeeper-update-namespace-label Job | `` |
| postInstall.probeWebhook.enabled | Probe webhook API post install. When enabled along with `postInstall.labelNamespace.enabled`, this probe will run as part of `postInstall.labelNamespace` Job as an initContainer | `true` |
| postInstall.probeWebhook.image.repository | Image with curl to probe the webhook API | `curlimages/curl` |
| postInstall.probeWebhook.image.tag | Image tag | `7.83.1` |
| postInstall.probeWebhook.image.tag | Image tag | `8.12.0` |
| postInstall.probeWebhook.image.pullPolicy | Image pullPolicy | `IfNotPresent` |
| postInstall.probeWebhook.image.pullSecrets | Image pullSecrets | `[]` |
| postInstall.probeWebhook.waitTimeout | Total time to wait for the webhook API to become available | `60` |
Expand Down
2 changes: 1 addition & 1 deletion manifest_staging/charts/gatekeeper/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ postInstall:
enabled: true
image:
repository: curlimages/curl
tag: 7.83.1
tag: 8.12.0
pullPolicy: IfNotPresent
pullSecrets: []
waitTimeout: 60
Expand Down

0 comments on commit f2f024a

Please sign in to comment.