Fix replicalimits ConstraintTemplate to handle scaling to zero #420
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Additional unit tests confirm that the updated template works as expected. |
skaven81
changed the title
skaven81
force-pushed
the
fix-replicalimits-zero
branch
2 times, most recently
from
efa1621 to
d84cf76
Compare
apeabody
requested changes
Oct 25, 2023
There was a problem hiding this comment.
Thanks for the contribution @skaven81!
You will also need to make your template changes to https://github.com/open-policy-agent/gatekeeper-library/blob/master/src/general/replicalimits/constraint.tmpl and https://github.com/open-policy-agent/gatekeeper-library/blob/master/src/general/replicalimits/src.rego. The artifacts (e.g. template.yaml can then be built with make generate-all.
Bumps the all group with 3 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [github/codeql-action](https://github.com/github/codeql-action) and [ossf/scorecard-action](https://github.com/ossf/scorecard-action). Updates `step-security/harden-runner` from 2.5.1 to 2.6.0 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@8ca2b8b...1b05615) Updates `github/codeql-action` from 2.21.9 to 2.22.1 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@ddccb87...fdcae64) Updates `ossf/scorecard-action` from 2.2.0 to 2.3.0 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@08b4669...483ef80) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Paul Krizak <paul.krizak@gmail.com>
…agent#404) Signed-off-by: Shinebayar Gansukh <3091558+shinebayar-g@users.noreply.github.com> Co-authored-by: Andrew Peabody <andrewpeabody@google.com> Signed-off-by: Paul Krizak <paul.krizak@gmail.com>
Bumps the all group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@fdcae64...0116bc2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Paul Krizak <paul.krizak@gmail.com>
* fix api groups in constraint 1.22 Signed-off-by: Albert Zhong <albert.zhong@databricks.com> * run make generate generate-website-docs generate-artifacthub-artifacts Signed-off-by: Albert Zhong <albert.zhong@databricks.com> --------- Signed-off-by: Albert Zhong <albert.zhong@databricks.com> Signed-off-by: Paul Krizak <paul.krizak@gmail.com>
…lude check for scaling to zero Signed-off-by: Paul Krizak <paul.krizak@gmail.com>
…s allowed Signed-off-by: Paul Krizak <paul.krizak@gmail.com>
Signed-off-by: Paul Krizak <paul.krizak@gmail.com>
Signed-off-by: Paul Krizak <paul.krizak@gmail.com>
Bumps the all group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [github/codeql-action](https://github.com/github/codeql-action) and [actions/setup-node](https://github.com/actions/setup-node). Updates `actions/checkout` from 4.1.0 to 4.1.1 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@8ade135...b4ffde6) Updates `github/codeql-action` from 2.22.3 to 2.22.4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@0116bc2...49abf0b) Updates `actions/setup-node` from 3.8.1 to 4.0.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@5e21ff4...8f152de) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-major dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Paul Krizak <paul.krizak@gmail.com>
…ta.0.0.20230831155303-366ba791d009 to 3.14.0-rc.2 in /scripts/require-sync (open-policy-agent#423) Bumps [github.com/open-policy-agent/gatekeeper/v3](https://github.com/open-policy-agent/gatekeeper) from 3.14.0-beta.0.0.20230831155303-366ba791d009 to 3.14.0-rc.2. - [Release notes](https://github.com/open-policy-agent/gatekeeper/releases) - [Changelog](https://github.com/open-policy-agent/gatekeeper/blob/master/docs/RELEASE.md) - [Commits](https://github.com/open-policy-agent/gatekeeper/commits/v3.14.0-rc.2) --- updated-dependencies: - dependency-name: github.com/open-policy-agent/gatekeeper/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Paul Krizak <paul.krizak@gmail.com>
Signed-off-by: Sertac Ozercan <sozercan@gmail.com> Signed-off-by: Paul Krizak <paul.krizak@gmail.com>
…-agent#422) Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.27.6 to 0.27.7. - [Commits](kubernetes/apimachinery@v0.27.6...v0.27.7) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Paul Krizak <paul.krizak@gmail.com>
Signed-off-by: Paul Krizak <paul.krizak@gmail.com>
skaven81
force-pushed
the
fix-replicalimits-zero
branch
from
d3f3c6c to
be75a1b
Compare
|
I'm not sure what I borked here, but I'll close this and try again with a fresh branch |
|
Opened #427 with corrected branch contents |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
The
replicalimitsConstraintTemplate in the library had no unit tests for validating scaling to zero.It turns out that when scaling to zero, Kubernetes generates a
Scaleresource with an emptyspec, instead ofspec.replicas=0.The unit tests were also missing tests using the
Scaleresource.This PR fixes both issues.
Which issue(s) does this PR fix
Fixes #419