fix: migration (#164)

* fix: migration Signed-off-by: Vishal Choudhary <[email protected]> * fix: codegen Signed-off-by: Vishal Choudhary <[email protected]> * fix: tests Signed-off-by: Vishal Choudhary <[email protected]> * fix: use 1.12.4 Signed-off-by: Vishal Choudhary <[email protected]> * fix: ordering Signed-off-by: Vishal Choudhary <[email protected]> * fix: ordering Signed-off-by: Vishal Choudhary <[email protected]> * fix: delay Signed-off-by: Vishal Choudhary <[email protected]> * fix: use main Signed-off-by: Vishal Choudhary <[email protected]> * fix: ordering Signed-off-by: Vishal Choudhary <[email protected]> --------- Signed-off-by: Vishal Choudhary <[email protected]>
kyverno · Jul 5, 2024 · 5f1d6db · 5f1d6db
1 parent e28d413
commit 5f1d6db
Show file tree

Hide file tree

Showing 10 changed files with 1,406 additions and 153 deletions.
diff --git a/.github/workflows/migration-tests.yaml b/.github/workflows/migration-tests.yaml
@@ -66,14 +66,19 @@ jobs:
         run: |
           set -e
           kind create cluster --image kindest/node:${{ matrix.k8s-version.version }} --config ./.github/kind.yml
-      - name: Install latest kyverno
+      - name: Install kyverno v1.12.4
         run: |
           set -e
           kubectl create -f https://github.com/kyverno/kyverno/raw/main/config/install-latest-testing.yaml
       - name: Wait for kyverno ready
         run: |
           set -e
           kubectl wait --namespace kyverno --for=condition=ready pod --selector '!job-name' --timeout=120s
+      # - name: Install PSS policies
+      #   run: |
+      #     set -e
+      #     export HELM=${{ steps.helm.outputs.helm-path }}
+      #     make install-pss-policies
       - name: API Service status before migation
         run: |
           set -e
@@ -83,7 +88,12 @@ jobs:
           set -e
           kubectl create ns reports-server
           export HELM=${{ steps.helm.outputs.helm-path }}
-          make kind-apply
+          make kind-migrate
+      - name: Install api services
+        run: |
+          set -e
+          export HELM=${{ steps.helm.outputs.helm-path }}
+          make kind-apply-api-services
       - name: Wait for report server ready
         run: |
           set -e

diff --git a/Makefile b/Makefile
@@ -237,6 +237,33 @@ kind-apply: $(HELM) kind-load ## Build image, load it in kind cluster and deploy
 		--set image.tag=$(GIT_SHA) \
 			| kubectl apply -f -
 
+.PHONY: kind-migrate
+kind-migrate: $(HELM) kind-load ## Build image, load it in kind cluster and deploy helm chart
+	@echo Install chart... >&2
+	@$(HELM) upgrade --install reports-server --namespace reports-server --create-namespace --wait ./charts/reports-server \
+		--set image.registry=$(KO_REGISTRY) \
+		--set image.repository=$(PACKAGE) \
+		--set image.tag=$(GIT_SHA) \
+		--set apiServices.enabled=false
+
+.PHONY: kind-apply-api-services
+kind-apply-api-services: $(HELM) kind-load ## Build image, load it in kind cluster and deploy helm chart
+	@echo Install api services... >&2
+	@$(HELM) template reports-server --namespace reports-server ./charts/reports-server \
+		--set image.registry=$(KO_REGISTRY) \
+		--set image.repository=$(PACKAGE) \
+		--set image.tag=$(GIT_SHA) \
+			| kubectl apply -f -
+
+.PHONY: install-pss-policies
+install-pss-policies: $(HELM) 
+	@echo Install pss policies... >&2
+	@$(HELM) repo add kyverno https://kyverno.github.io/kyverno/
+	@$(HELM) upgrade --install kyverno-policies kyverno/kyverno-policies \
+		--set=podSecurityStandard=restricted \
+		--set=background=true \
+		--set=validationFailureAction=Audit
+
 ########
 # HELP #
 ########

diff --git a/charts/reports-server/README.md b/charts/reports-server/README.md
@@ -42,8 +42,8 @@ helm install reports-server --namespace reports-server --create-namespace report
 | podAnnotations | object | `{}` | Pod annotations |
 | podSecurityContext | object | `{"fsGroup":2000}` | Pod security context |
 | securityContext | object | See [values.yaml](values.yaml) | Container security context |
-| livenessProbe | object | `{"failureThreshold":3,"httpGet":{"path":"/livez","port":"https","scheme":"HTTPS"},"initialDelaySeconds":90,"periodSeconds":10}` | Liveness probe |
-| readinessProbe | object | `{"failureThreshold":3,"httpGet":{"path":"/readyz","port":"https","scheme":"HTTPS"},"initialDelaySeconds":100,"periodSeconds":10}` | Readiness probe |
+| livenessProbe | object | `{"failureThreshold":10,"httpGet":{"path":"/livez","port":"https","scheme":"HTTPS"},"initialDelaySeconds":20,"periodSeconds":10}` | Liveness probe |
+| readinessProbe | object | `{"failureThreshold":10,"httpGet":{"path":"/readyz","port":"https","scheme":"HTTPS"},"initialDelaySeconds":30,"periodSeconds":10}` | Readiness probe |
 | resources.limits | string | `nil` | Container resource limits |
 | resources.requests | string | `nil` | Container resource requests |
 | autoscaling.enabled | bool | `false` | Enable autoscaling |

diff --git a/charts/reports-server/values.yaml b/charts/reports-server/values.yaml
@@ -80,8 +80,8 @@ securityContext:
 
 # -- Liveness probe
 livenessProbe:
-  failureThreshold: 3
-  initialDelaySeconds: 90
+  initialDelaySeconds: 20
+  failureThreshold: 10
   periodSeconds: 10
   httpGet:
     path: /livez
@@ -90,8 +90,8 @@ livenessProbe:
 
 # -- Readiness probe
 readinessProbe:
-  initialDelaySeconds: 100
-  failureThreshold: 3
+  initialDelaySeconds: 30
+  failureThreshold: 10
   periodSeconds: 10
   httpGet:
     path: /readyz

diff --git a/config/install-inmemory.yaml b/config/install-inmemory.yaml
@@ -193,20 +193,20 @@ spec:
             - mountPath: /tmp
               name: tmp-dir
           livenessProbe:
-            failureThreshold: 3
+            failureThreshold: 10
             httpGet:
               path: /livez
               port: https
               scheme: HTTPS
-            initialDelaySeconds: 90
+            initialDelaySeconds: 20
             periodSeconds: 10
           readinessProbe:
-            failureThreshold: 3
+            failureThreshold: 10
             httpGet:
               path: /readyz
               port: https
               scheme: HTTPS
-            initialDelaySeconds: 100
+            initialDelaySeconds: 30
             periodSeconds: 10
           resources:
             limits: null

diff --git a/config/install.yaml b/config/install.yaml
@@ -288,20 +288,20 @@ spec:
             - mountPath: /tmp
               name: tmp-dir
           livenessProbe:
-            failureThreshold: 3
+            failureThreshold: 10
             httpGet:
               path: /livez
               port: https
               scheme: HTTPS
-            initialDelaySeconds: 90
+            initialDelaySeconds: 20
             periodSeconds: 10
           readinessProbe:
-            failureThreshold: 3
+            failureThreshold: 10
             httpGet:
               path: /readyz
               port: https
               scheme: HTTPS
-            initialDelaySeconds: 100
+            initialDelaySeconds: 30
             periodSeconds: 10
           resources:
             limits: null