Introduce the flag `--no-cross-namespace-refs` (defaults to false) for allowing cluster admins to disable cross-namespace references to sources.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
If implemented, the kustomize controller will be able to retrieve a
secret containing a VAULT TOKEN and use it to decrypt the sops encrypted
master key. It will then use it to decrypt the data key and finally use the data
key to decrypt the final data.
Signed-off-by: Soule BA <bah.soule@gmail.com>
Structure the fuzz implementation to be closer to what go native will support.
Add Makefile target to enable smoketesting fuzzers.
Add smoketest as CI workflow.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
After downloading an artifact, compute its checksum and verify that it matches the original checksum advertised by source-controller.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
testenv now supports provisioning users. Replace envtest with testenv.
Also, reorder the cleanup to stop the test environment before stopping
the file server to avoid anything in the cluster trying to connect to
the file server after it's stopped.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
In suite test, the context created by SetupSignalHandler() watches for
shutdown signal to cancel the context. This makes it possible to stop
the controllers by sending a kill signal that cancels the context.
This change allows controller context cancellation by creating another
context from SetupSignalHandler() context with a CancelFunc that's
called at the end of the test, instead of sending a kill signal.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
- Add `.spec.wait` optional boolean field to API
- Wait for all applied resources to become ready when `.spec.wait` is set to `true`
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Reconciler behaviour:
- Creates an inventory of objects to be applied (persisted in-cluster under `.status.inventory`).
- Applies first custom resource definitions (CRDs) and namespaces, waits for them to register and only then applies the custom resources.
- Validates all resources with server-side dry-run apply (namespaced objects must contain `metadata.namespace`, defaulting to the `default` namespace is no longer supported).
- Reconciles only the resources that drifted.
- Prunes the objects that were previously applied but are missing from the current inventory.
- Emits events for only the resources that where created, configured or deleted.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
- Bump controller-runtime to v0.9.0
- Bump controller-gen to v0.5.0
- Use Environment.AddUser to generate the envtest cluster admin kubeconfig
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Stefan Prodan
Soule BA
Paulo Gomes
Sunny