feat(gatekeeper): upgrade to 3.5.1
Package Owner Merge Request
Package Changes
- Upgrades OPA Gatekeeper to 3.5.1
- Adds upgrade option to Helm Release to force CRD and Constraint upgrades
- Adds exceptions overrides for packages (moving from OPA to Big Bang)
- Moves restricted taint constraint to "Deny"
Releases
- https://repo1.dso.mil/platform-one/big-bang/apps/core/policy/-/releases/3.5.1-bb.1
- https://repo1.dso.mil/platform-one/big-bang/apps/core/policy/-/releases/3.5.1-bb.0
Merge Requests
- https://repo1.dso.mil/platform-one/big-bang/apps/core/policy/-/merge_requests/62
- https://repo1.dso.mil/platform-one/big-bang/apps/core/policy/-/merge_requests/69
Additional Details
Default constraint exceptions will not be moved to Big Bang for the following reasons:
- Big Bang can control the exceptions based on whether the package needing the exception is enabled
- OPA Gatekeeper has no knowledge of namespaces, containers, etc. in Big Bang
- All of the exceptions and justifications will be located in one place
Known issues or expected conflicts?
During testing, we had some intermittent problems getting the CRDs to update. The options added to HelmRelease have fixed that so far. But, since it was intermittent, it may be that we were just lucky.
Edited by Michael McLeroy
Merge request reports
Activity
changed milestone to %1.13.0
added 5 commits
-
7268bb51...93cc878c - 4 commits from branch
master - ccf9bc59 - feat(gatekeeper): upgrade to 3.5.1
-
7268bb51...93cc878c - 4 commits from branch
added 1 commit
- 1dd1d137 - fix(gatekeeper): use flux value for crd policy
added 4 commits
-
56bc775c...a5513b93 - 2 commits from branch
master - b50a9eb1 - Merge branch 'master' into opa-gatekeeper-3.5.1
- 13b2ed92 - revert(gatekeeper): force != true
-
56bc775c...a5513b93 - 2 commits from branch
added statusreview label
Please register or sign in to reply