Skip to content

Commit

Permalink
chore: updating pubsub system (#3646)
Browse files Browse the repository at this point in the history 
Signed-off-by: Jaydip Gabani <[email protected]>
  • Loading branch information
@JaydipGabani
JaydipGabani authored Feb 12, 2025
1 parent 45f7bd3 commit 18c2fbf
Show file tree
Hide file tree
Showing 48 changed files with 954 additions and 939 deletions.
20 changes: 10 additions & 10 deletions .github/workflows/dapr-pubsub.yaml → .github/workflows/dapr-export.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,18 @@
name: dapr-pubsub
name: dapr-export
on:
push:
paths:
- "pkg/pubsub/dapr"
- "test/pubsub/**"
- "pkg/export/dapr"
- "test/export/**"
pull_request:
paths:
- "pkg/pubsub/dapr"
- "test/pubsub/**"
- "pkg/export/dapr"
- "test/export/**"
permissions: read-all

jobs:
dapr_test:
name: "Dapr pubsub test"
name: "Dapr export test"
runs-on: ubuntu-22.04
timeout-minutes: 15
strategy:
Expand Down Expand Up @@ -50,20 +50,20 @@ jobs:
kind load docker-image --name kind gatekeeper-e2e:latest gatekeeper-crds:latest
kubectl create ns gatekeeper-system
make e2e-publisher-deploy
make e2e-helm-deploy HELM_REPO=gatekeeper-e2e HELM_CRD_REPO=gatekeeper-crds HELM_RELEASE=latest ENABLE_PUBSUB=true LOG_LEVEL=DEBUG
make test-e2e ENABLE_PUBSUB_TESTS=1
make e2e-helm-deploy HELM_REPO=gatekeeper-e2e HELM_CRD_REPO=gatekeeper-crds HELM_RELEASE=latest ENABLE_EXPORT=true LOG_LEVEL=DEBUG
make test-e2e ENABLE_EXPORT_TESTS=1
- name: Save logs
if: ${{ always() }}
run: |
kubectl logs -n fake-subscriber -l app=sub --tail=-1 > logs-audit-subscribe.json
kubectl logs -n gatekeeper-system -l control-plane=audit-controller --tail=-1 > logs-audit-publish.json
kubectl logs -n gatekeeper-system -l control-plane=audit-controller --tail=-1 > logs-audit-export.json
- name: Upload artifacts
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
if: ${{ always() }}
with:
name: pubsub-logs
name: export-logs
path: |
logs-*.json
12 changes: 6 additions & 6 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ PUSH_TO_GHCR ?= false
DEV_TAG ?= dev
USE_LOCAL_IMG ?= false
ENABLE_GENERATOR_EXPANSION ?= false
ENABLE_PUBSUB ?= false
ENABLE_EXPORT ?= false
AUDIT_CONNECTION ?= "audit"
AUDIT_CHANNEL ?= "audit"
LOG_LEVEL ?= "INFO"
Expand Down Expand Up @@ -203,7 +203,7 @@ e2e-helm-install:
./.staging/helm/linux-amd64/helm version --client

e2e-helm-deploy: e2e-helm-install
ifeq ($(ENABLE_PUBSUB),true)
ifeq ($(ENABLE_EXPORT),true)
./.staging/helm/linux-amd64/helm install manifest_staging/charts/gatekeeper --name-template=gatekeeper \
--namespace ${GATEKEEPER_NAMESPACE} \
--debug --wait \
Expand All @@ -220,7 +220,7 @@ ifeq ($(ENABLE_PUBSUB),true)
--set auditEventsInvolvedNamespace=true \
--set disabledBuiltins={http.send} \
--set logMutations=true \
--set audit.enablePubsub=${ENABLE_PUBSUB} \
--set enableViolationExport=${ENABLE_EXPORT} \
--set audit.connection=${AUDIT_CONNECTION} \
--set audit.channel=${AUDIT_CHANNEL} \
--set-string auditPodAnnotations.dapr\\.io/enabled=true \
Expand Down Expand Up @@ -292,17 +292,17 @@ e2e-helm-upgrade:
--set mutationAnnotations=true;\

e2e-subscriber-build-load-image:
docker buildx build --platform="linux/amd64" -t ${FAKE_SUBSCRIBER_IMAGE} --load -f test/pubsub/fake-subscriber/Dockerfile test/pubsub/fake-subscriber
docker buildx build --platform="linux/amd64" -t ${FAKE_SUBSCRIBER_IMAGE} --load -f test/export/fake-subscriber/Dockerfile test/export/fake-subscriber
kind load docker-image --name kind ${FAKE_SUBSCRIBER_IMAGE}

e2e-subscriber-deploy:
kubectl create ns fake-subscriber
kubectl get secret redis --namespace=default -o yaml | sed 's/namespace: .*/namespace: fake-subscriber/' | kubectl apply -f -
kubectl apply -f test/pubsub/fake-subscriber/manifest/subscriber.yaml
kubectl apply -f test/export/fake-subscriber/manifest/subscriber.yaml

e2e-publisher-deploy:
kubectl get secret redis --namespace=default -o yaml | sed 's/namespace: .*/namespace: gatekeeper-system/' | kubectl apply -f -
kubectl apply -f test/pubsub/publish-components.yaml
kubectl apply -f test/export/publish-components.yaml

# Build manager binary
manager: generate
Expand Down
2 changes: 1 addition & 1 deletion cmd/build/helmify/kustomize-for-helm.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -183,7 +183,7 @@ spec:
- --operation=audit
- --operation=status
- --operation=generate
- HELMSUBST_DEPLOYMENT_AUDIT_PUBSUB_ARGS
- HELMSUBST_DEPLOYMENT_AUDIT_VIOLATION_EXPORT_ARGS
- HELMSUBST_MUTATION_STATUS_ENABLED_ARG
- --logtostderr
- --health-addr=:HELMSUBST_DEPLOYMENT_AUDIT_HEALTH_PORT
Expand Down
4 changes: 2 additions & 2 deletions cmd/build/helmify/replacements.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,8 +118,8 @@ var replacements = map[string]string{
- --default-wait-for-vapb-generation={{ .Values.defaultWaitForVAPBGeneration }}
{{- end }}`,

"- HELMSUBST_DEPLOYMENT_AUDIT_PUBSUB_ARGS": `{{ if hasKey .Values.audit "enablePubsub" }}
- --enable-pub-sub={{ .Values.audit.enablePubsub }}
"- HELMSUBST_DEPLOYMENT_AUDIT_VIOLATION_EXPORT_ARGS": `{{ if hasKey .Values "enableViolationExport" }}
- --enable-violation-export={{ .Values.enableViolationExport }}
{{- end }}
{{ if hasKey .Values.audit "connection" }}
- --audit-connection={{ .Values.audit.connection }}
Expand Down
6 changes: 3 additions & 3 deletions cmd/build/helmify/static/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -221,9 +221,9 @@ information._
| audit.readinessTimeout | Timeout in seconds for audit's readiness probe | `1` |
| audit.livenessTimeout | Timeout in seconds for the audit's liveness probe | `1` |
| audit.logLevel | The minimum log level for audit, takes precedence over `logLevel` when specified | `null` |
| audit.enablePubsub | (alpha) Enabled pubsub to publish messages | `false` |
| audit.connection | (alpha) Connection name for publishing audit violation messages | `audit-connection` |
| audit.channel | (alpha) Channel name for publishing audit violation messages | `audit-channel` |
| enableViolationExport | (alpha) Enable exporting violations to external systems | `false` |
| audit.connection | (alpha) Connection name for exporting audit violation messages | `audit-connection` |
| audit.channel | (alpha) Channel name for exporting audit violation messages | `audit-channel` |
| replicas | The number of Gatekeeper replicas to deploy for the webhook | `3` |
| podAnnotations | The annotations to add to the Gatekeeper pods | `container.seccomp.security.alpha.kubernetes.io/manager: runtime/default` |
| podLabels | The labels to add to the Gatekeeper pods | `{}` |
Expand Down
8 changes: 4 additions & 4 deletions main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,11 +47,11 @@ import (
"github.com/open-policy-agent/gatekeeper/v3/pkg/controller/config/process"
"github.com/open-policy-agent/gatekeeper/v3/pkg/drivers/k8scel"
"github.com/open-policy-agent/gatekeeper/v3/pkg/expansion"
"github.com/open-policy-agent/gatekeeper/v3/pkg/export"
"github.com/open-policy-agent/gatekeeper/v3/pkg/externaldata"
"github.com/open-policy-agent/gatekeeper/v3/pkg/metrics"
"github.com/open-policy-agent/gatekeeper/v3/pkg/mutation"
"github.com/open-policy-agent/gatekeeper/v3/pkg/operations"
"github.com/open-policy-agent/gatekeeper/v3/pkg/pubsub"
"github.com/open-policy-agent/gatekeeper/v3/pkg/readiness"
"github.com/open-policy-agent/gatekeeper/v3/pkg/readiness/pruner"
"github.com/open-policy-agent/gatekeeper/v3/pkg/syncutil"
Expand Down Expand Up @@ -442,7 +442,7 @@ func setupControllers(ctx context.Context, mgr ctrl.Manager, tracker *readiness.

mutationSystem := mutation.NewSystem(mutationOpts)
expansionSystem := expansion.NewSystem(mutationSystem)
pubsubSystem := pubsub.NewSystem()
exportSystem := export.NewSystem()

c := mgr.GetCache()
dc, ok := c.(watch.RemovableCache)
Expand Down Expand Up @@ -515,7 +515,7 @@ func setupControllers(ctx context.Context, mgr ctrl.Manager, tracker *readiness.
MutationSystem: mutationSystem,
ExpansionSystem: expansionSystem,
ProviderCache: providerCache,
PubsubSystem: pubsubSystem,
ExportSystem: exportSystem,
}

if err := controller.AddToManager(mgr, &opts); err != nil {
Expand Down Expand Up @@ -545,7 +545,7 @@ func setupControllers(ctx context.Context, mgr ctrl.Manager, tracker *readiness.
ProcessExcluder: processExcluder,
CacheLister: auditCache,
ExpansionSystem: expansionSystem,
PubSubSystem: pubsubSystem,
ExportSystem: exportSystem,
}
if err := audit.AddToManager(mgr, &auditDeps); err != nil {
setupLog.Error(err, "unable to register audit with the manager")
Expand Down
6 changes: 3 additions & 3 deletions manifest_staging/charts/gatekeeper/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -221,9 +221,9 @@ information._
| audit.readinessTimeout | Timeout in seconds for audit's readiness probe | `1` |
| audit.livenessTimeout | Timeout in seconds for the audit's liveness probe | `1` |
| audit.logLevel | The minimum log level for audit, takes precedence over `logLevel` when specified | `null` |
| audit.enablePubsub | (alpha) Enabled pubsub to publish messages | `false` |
| audit.connection | (alpha) Connection name for publishing audit violation messages | `audit-connection` |
| audit.channel | (alpha) Channel name for publishing audit violation messages | `audit-channel` |
| enableViolationExport | (alpha) Enable exporting violations to external systems | `false` |
| audit.connection | (alpha) Connection name for exporting audit violation messages | `audit-connection` |
| audit.channel | (alpha) Channel name for exporting audit violation messages | `audit-channel` |
| replicas | The number of Gatekeeper replicas to deploy for the webhook | `3` |
| podAnnotations | The annotations to add to the Gatekeeper pods | `container.seccomp.security.alpha.kubernetes.io/manager: runtime/default` |
| podLabels | The labels to add to the Gatekeeper pods | `{}` |
Expand Down
4 changes: 2 additions & 2 deletions manifest_staging/charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,8 +71,8 @@ spec:
- --operation=audit
- --operation=status
- --operation=generate
{{ if hasKey .Values.audit "enablePubsub" }}
- --enable-pub-sub={{ .Values.audit.enablePubsub }}
{{ if hasKey .Values "enableViolationExport" }}
- --enable-violation-export={{ .Values.enableViolationExport }}
{{- end }}
{{ if hasKey .Values.audit "connection" }}
- --audit-connection={{ .Values.audit.connection }}
Expand Down
Loading

0 comments on commit 18c2fbf

Please sign in to comment.