add thanos exceptions for allowedHostFilesystem/volumeTypes (!3506) · Merge requests · Big Bang / bigbang

Michael Martin requested to merge thanos-gatekeeper-exception into master Dec 01, 2023

Adds required gatekeeper exceptions for Thanos cypress

Thanos helm tests should be passing now when gatekeeper is enabled.

Prior to fix (as seen in the upgrade 1st test runs):

Running helm tests for thanos...
Error: warning: Hook test thanos/templates/tests/test-ui.yaml failed: 1 error occurred:
	* admission webhook "validation.gatekeeper.sh" denied the request: [allowed-host-filesystem] HostPath volume {"hostPath": {"path": "/cypress", "type": ""}, "name": "cypress-artifacts"} is not allowed, pod: thanos-cypress-test. Allowed path: []
[volume-types] The volume type hostPath is not allowed, pod: thanos-cypress-test. Allowed volume types: ["configMap", "emptyDir", "projected", "secret", "downwardAPI", "persistentVolumeClaim"]
❌ One or more tests FAILED for thanos, enable DEBUG for more verbose output

with fix -- clean install and upgrade 2nd test runs:

Running helm tests for thanos...
✅ All tests sucessful for thanos

Edited Dec 01, 2023 by Michael Martin

Admin message

add thanos exceptions for allowedHostFilesystem/volumeTypes

Merge request reports