search

open-policy-agent / gatekeeper

🐊 Gatekeeper - Policy Controller for Kubernetes
https://open-policy-agent.github.io/gatekeeper/
Apache License 2.0
3.7k stars 759 forks source link

Verify that Gatekeeper CRDs are not affected by K8s CABundle validation on CRD #3498

Open JaydipGabani opened 3 months ago

JaydipGabani commented 3 months ago

Let's make sure that Gatekeeper CRDs are not affected by https://github.com/kubernetes/kubernetes/pull/124061, which is included in k8s 1.31.

The change makes sure that CustomResourceDefinition objects created with non-empty caBundle fields which are invalid or do not contain any certificates will not appear in discovery or serve endpoints until a valid caBundle is provided. Updates to CustomResourceDefinition are no longer allowed to transition a valid caBundle field to an invalid caBundle field, because this breaks serving of the existing CustomResourceDefinition.

stale[bot] commented 4 weeks ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.