Skip to content

Commit

Permalink
replacing pub-sub with export everywhere
Browse files Browse the repository at this point in the history 
Signed-off-by: Jaydip Gabani <[email protected]>
  • Loading branch information
@JaydipGabani
JaydipGabani committed Jan 28, 2025
1 parent 64e2ae5 commit 2fba5c2
Show file tree
Hide file tree
Showing 20 changed files with 55 additions and 55 deletions.
20 changes: 10 additions & 10 deletions .github/workflows/dapr-pubsub.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,18 @@
name: dapr-pubsub
name: dapr-export
on:
push:
paths:
- "pkg/pubsub/dapr"
- "test/pubsub/**"
- "pkg/export/dapr"
- "test/export/**"
pull_request:
paths:
- "pkg/pubsub/dapr"
- "test/pubsub/**"
- "pkg/export/dapr"
- "test/export/**"
permissions: read-all

jobs:
dapr_test:
name: "Dapr pubsub test"
name: "Dapr export test"
runs-on: ubuntu-22.04
timeout-minutes: 15
strategy:
Expand Down Expand Up @@ -50,20 +50,20 @@ jobs:
kind load docker-image --name kind gatekeeper-e2e:latest gatekeeper-crds:latest
kubectl create ns gatekeeper-system
make e2e-publisher-deploy
make e2e-helm-deploy HELM_REPO=gatekeeper-e2e HELM_CRD_REPO=gatekeeper-crds HELM_RELEASE=latest ENABLE_PUBSUB=true LOG_LEVEL=DEBUG
make test-e2e ENABLE_PUBSUB_TESTS=1
make e2e-helm-deploy HELM_REPO=gatekeeper-e2e HELM_CRD_REPO=gatekeeper-crds HELM_RELEASE=latest ENABLE_EXPORT=true LOG_LEVEL=DEBUG
make test-e2e ENABLE_EXPORT_TESTS=1
- name: Save logs
if: ${{ always() }}
run: |
kubectl logs -n fake-subscriber -l app=sub --tail=-1 > logs-audit-subscribe.json
kubectl logs -n gatekeeper-system -l control-plane=audit-controller --tail=-1 > logs-audit-publish.json
kubectl logs -n gatekeeper-system -l control-plane=audit-controller --tail=-1 > logs-audit-export.json
- name: Upload artifacts
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
if: ${{ always() }}
with:
name: pubsub-logs
name: export-logs
path: |
logs-*.json
12 changes: 6 additions & 6 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ PUSH_TO_GHCR ?= false
DEV_TAG ?= dev
USE_LOCAL_IMG ?= false
ENABLE_GENERATOR_EXPANSION ?= false
ENABLE_PUBSUB ?= false
ENABLE_EXPORT ?= false
AUDIT_CONNECTION ?= "audit"
AUDIT_CHANNEL ?= "audit"
LOG_LEVEL ?= "INFO"
Expand Down Expand Up @@ -203,7 +203,7 @@ e2e-helm-install:
./.staging/helm/linux-amd64/helm version --client

e2e-helm-deploy: e2e-helm-install
ifeq ($(ENABLE_PUBSUB),true)
ifeq ($(ENABLE_EXPORT),true)
./.staging/helm/linux-amd64/helm install manifest_staging/charts/gatekeeper --name-template=gatekeeper \
--namespace ${GATEKEEPER_NAMESPACE} \
--debug --wait \
Expand All @@ -220,7 +220,7 @@ ifeq ($(ENABLE_PUBSUB),true)
--set auditEventsInvolvedNamespace=true \
--set disabledBuiltins={http.send} \
--set logMutations=true \
--set audit.enablePubsub=${ENABLE_PUBSUB} \
--set audit.exportViolations=${ENABLE_EXPORT} \
--set audit.connection=${AUDIT_CONNECTION} \
--set audit.channel=${AUDIT_CHANNEL} \
--set-string auditPodAnnotations.dapr\\.io/enabled=true \
Expand Down Expand Up @@ -292,17 +292,17 @@ e2e-helm-upgrade:
--set mutationAnnotations=true;\

e2e-subscriber-build-load-image:
docker buildx build --platform="linux/amd64" -t ${FAKE_SUBSCRIBER_IMAGE} --load -f test/pubsub/fake-subscriber/Dockerfile test/pubsub/fake-subscriber
docker buildx build --platform="linux/amd64" -t ${FAKE_SUBSCRIBER_IMAGE} --load -f test/export/fake-subscriber/Dockerfile test/export/fake-subscriber
kind load docker-image --name kind ${FAKE_SUBSCRIBER_IMAGE}

e2e-subscriber-deploy:
kubectl create ns fake-subscriber
kubectl get secret redis --namespace=default -o yaml | sed 's/namespace: .*/namespace: fake-subscriber/' | kubectl apply -f -
kubectl apply -f test/pubsub/fake-subscriber/manifest/subscriber.yaml
kubectl apply -f test/export/fake-subscriber/manifest/subscriber.yaml

e2e-publisher-deploy:
kubectl get secret redis --namespace=default -o yaml | sed 's/namespace: .*/namespace: gatekeeper-system/' | kubectl apply -f -
kubectl apply -f test/pubsub/publish-components.yaml
kubectl apply -f test/export/publish-components.yaml

# Build manager binary
manager: generate
Expand Down
2 changes: 1 addition & 1 deletion cmd/build/helmify/kustomize-for-helm.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -183,7 +183,7 @@ spec:
- --operation=audit
- --operation=status
- --operation=generate
- HELMSUBST_DEPLOYMENT_AUDIT_PUBSUB_ARGS
- HELMSUBST_DEPLOYMENT_AUDIT_EXPORT_ARGS
- HELMSUBST_MUTATION_STATUS_ENABLED_ARG
- --logtostderr
- --health-addr=:HELMSUBST_DEPLOYMENT_AUDIT_HEALTH_PORT
Expand Down
4 changes: 2 additions & 2 deletions cmd/build/helmify/replacements.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,8 +118,8 @@ var replacements = map[string]string{
- --default-wait-for-vapb-generation={{ .Values.defaultWaitForVAPBGeneration }}
{{- end }}`,

"- HELMSUBST_DEPLOYMENT_AUDIT_PUBSUB_ARGS": `{{ if hasKey .Values.audit "enablePubsub" }}
- --enable-pub-sub={{ .Values.audit.enablePubsub }}
"- HELMSUBST_DEPLOYMENT_AUDIT_EXPORT_ARGS": `{{ if hasKey .Values.audit "exportViolations" }}
- --export-violations={{ .Values.audit.exportViolations }}
{{- end }}
{{ if hasKey .Values.audit "connection" }}
- --audit-connection={{ .Values.audit.connection }}
Expand Down
6 changes: 3 additions & 3 deletions cmd/build/helmify/static/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -221,9 +221,9 @@ information._
| audit.readinessTimeout | Timeout in seconds for audit's readiness probe | `1` |
| audit.livenessTimeout | Timeout in seconds for the audit's liveness probe | `1` |
| audit.logLevel | The minimum log level for audit, takes precedence over `logLevel` when specified | `null` |
| audit.enablePubsub | (alpha) Enabled pubsub to publish messages | `false` |
| audit.connection | (alpha) Connection name for publishing audit violation messages | `audit-connection` |
| audit.channel | (alpha) Channel name for publishing audit violation messages | `audit-channel` |
| audit.exportViolations | (alpha) Enable exporting violations to external systems | `false` |
| audit.connection | (alpha) Connection name for exporting audit violation messages | `audit-connection` |
| audit.channel | (alpha) Channel name for exporting audit violation messages | `audit-channel` |
| replicas | The number of Gatekeeper replicas to deploy for the webhook | `3` |
| podAnnotations | The annotations to add to the Gatekeeper pods | `container.seccomp.security.alpha.kubernetes.io/manager: runtime/default` |
| podLabels | The labels to add to the Gatekeeper pods | `{}` |
Expand Down
6 changes: 3 additions & 3 deletions manifest_staging/charts/gatekeeper/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -221,9 +221,9 @@ information._
| audit.readinessTimeout | Timeout in seconds for audit's readiness probe | `1` |
| audit.livenessTimeout | Timeout in seconds for the audit's liveness probe | `1` |
| audit.logLevel | The minimum log level for audit, takes precedence over `logLevel` when specified | `null` |
| audit.enablePubsub | (alpha) Enabled pubsub to publish messages | `false` |
| audit.connection | (alpha) Connection name for publishing audit violation messages | `audit-connection` |
| audit.channel | (alpha) Channel name for publishing audit violation messages | `audit-channel` |
| audit.exportViolations | (alpha) Enable exporting violations to external systems | `false` |
| audit.connection | (alpha) Connection name for exporting audit violation messages | `audit-connection` |
| audit.channel | (alpha) Channel name for exporting audit violation messages | `audit-channel` |
| replicas | The number of Gatekeeper replicas to deploy for the webhook | `3` |
| podAnnotations | The annotations to add to the Gatekeeper pods | `container.seccomp.security.alpha.kubernetes.io/manager: runtime/default` |
| podLabels | The labels to add to the Gatekeeper pods | `{}` |
Expand Down
4 changes: 2 additions & 2 deletions manifest_staging/charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,8 +71,8 @@ spec:
- --operation=audit
- --operation=status
- --operation=generate
{{ if hasKey .Values.audit "enablePubsub" }}
- --enable-pub-sub={{ .Values.audit.enablePubsub }}
{{ if hasKey .Values.audit "exportViolations" }}
- --export-violations={{ .Values.audit.exportViolations }}
{{- end }}
{{ if hasKey .Values.audit "connection" }}
- --audit-connection={{ .Values.audit.connection }}
Expand Down
6 changes: 3 additions & 3 deletions pkg/audit/manager.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,8 +67,8 @@ var (
auditEventsInvolvedNamespace = flag.Bool("audit-events-involved-namespace", false, "emit audit events for each violation in the involved objects namespace, the default (false) generates events in the namespace Gatekeeper is installed in. Audit events from cluster-scoped resources will still follow the default behavior")
auditMatchKindOnly = flag.Bool("audit-match-kind-only", false, "only use kinds specified in all constraints for auditing cluster resources. if kind is not specified in any of the constraints, it will audit all resources (same as setting this flag to false)")
apiCacheDir = flag.String("api-cache-dir", defaultAPICacheDir, "The directory where audit from api server cache are stored, defaults to /tmp/audit")
auditConnection = flag.String("audit-connection", defaultConnection, "(alpha) Connection name for publishing audit violation messages. Defaults to audit-connection")
auditChannel = flag.String("audit-channel", defaultChannel, "(alpha) Channel name for publishing audit violation messages. Defaults to audit-channel")
auditConnection = flag.String("audit-connection", defaultConnection, "(alpha) Connection name for exporting audit violation messages. Defaults to audit-connection")
auditChannel = flag.String("audit-channel", defaultChannel, "(alpha) Channel name for exporting audit violation messages. Defaults to audit-channel")
emptyAuditResults = newLimitQueue(0)
logStatsAudit = flag.Bool("log-stats-audit", false, "(alpha) log stats metrics for the audit run")
)
Expand Down Expand Up @@ -106,7 +106,7 @@ type StatusViolation struct {
EnforcementActions []string `json:"enforcementActions,omitempty"`
}

// ConstraintMsg represents publish message for each constraint.
// ExportMsg represents export message for each violation.
type ExportMsg struct {
ID string `json:"id,omitempty"`
Details interface{} `json:"details,omitempty"`
Expand Down
Loading

0 comments on commit 2fba5c2

Please sign in to comment.