You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The opa/gatekeeper.yaml file requires modifications to work with Kubernetes 1.22 due to API changes (mainly removal of v1beta1 API). I had to make the following changes to get kubectl to apply it:
Change all occurrences of apiextensions.k8s.io/v1beta1 in apiVersion to apiextensions.k8s.io/v1 (don't touch the v1beta1s within spec.versions, because those refer to versions of custom resources which Gatekeeper will attempt to use itself)
Add admissionReviewVersions: ["v1"] to both entries for webhook in the ValidatingWebhookConfiguration
Remove all spec.version fields in CustomResourceDefinition
All spec.validation fields in CustomResourcDefiniton must be renamed to schema and moved into each entry in spec.versions
For the constrainttemplates.templates.gatekeeper.shCustomResourceDefinition, add type: object to schema.openAPIV3Schema for each entry in spec.versions
This gets kubectl to apply the definitions and the controller runs, but applying the requiredLabels.yaml constraint fails claiming parameters is an unknown field, so it seems there are some additional changes to be made somewhere.
The text was updated successfully, but these errors were encountered:
The
opa/gatekeeper.yamlfile requires modifications to work with Kubernetes 1.22 due to API changes (mainly removal ofv1beta1API). I had to make the following changes to get kubectl to apply it:apiextensions.k8s.io/v1beta1inapiVersiontoapiextensions.k8s.io/v1(don't touch thev1beta1s withinspec.versions, because those refer to versions of custom resources which Gatekeeper will attempt to use itself)admissionReviewVersions: ["v1"]to both entries forwebhookin theValidatingWebhookConfigurationspec.versionfields inCustomResourceDefinitionspec.validationfields inCustomResourcDefinitonmust be renamed toschemaand moved into each entry inspec.versionsconstrainttemplates.templates.gatekeeper.shCustomResourceDefinition, addtype: objecttoschema.openAPIV3Schemafor each entry inspec.versionsThis gets kubectl to apply the definitions and the controller runs, but applying the
requiredLabels.yamlconstraint fails claimingparametersis an unknown field, so it seems there are some additional changes to be made somewhere.The text was updated successfully, but these errors were encountered: