Support for Open Policy Agent Gatekeeper

[brettcurtis]

Summary by CodeRabbit

• New Features
  • Added support for the "gatekeeper-system" namespace in the onboarding configuration.

This enhancement ensures better management of Kubernetes namespaces within the application.

• Documentation

  • Updated the Google provider version from 6.4.0 to 6.6.0 in the documentation.
  • Clarified usage instructions and expanded the development section in the README files.
  • Enhanced visibility of testing information and CI/CD status with new badges.

• Chores

  • Updated pre-commit hook versions for improved functionality and security.

[infracost[bot]]

💰 Infracost report

Monthly estimate generated

_{This comment will be updated when code changes.}

[coderabbitai[bot]]

Walkthrough

The changes in this pull request involve modifications to the kubernetes_namespace_v1 resource in the regional/onboarding/main.tf file, where a new entry for the "gatekeeper-system" namespace is added with an istio_injection value of "disabled". The existing namespaces remain unchanged. Additionally, updates are made to the Terraform configurations for Google Cloud resources, including the addition of a kubelet_config block in the google_container_node_pool resource to enhance security settings. Documentation updates reflect provider version changes and formatting improvements across several README files.

Changes

File Path	Change Summary
regional/onboarding/main.tf	Added "gatekeeper-system" namespace with istio_injection set to "disabled"; added kubelet_config block to google_container_node_pool.
regional/README.md	Updated Google provider version from 6.4.0 to 6.6.0; enhanced formatting and content.
regional/onboarding/README.md	Updated google provider from 6.4.0 to 6.6.0 and kubernetes provider from 2.32.0 to 2.33.0.
.gitignore	Removed entry for provider.tf.
.pre-commit-config.yaml	Updated versions for pre-commit hooks: pre-commit-hooks from v4.6.0 to v5.0.0 and checkov from 3.2.255 to 3.2.257.

Possibly related PRs

• #75: Modifications to Kubernetes resources, including the addition of namespaces, relevant to the changes in the kubernetes_namespace_v1 resource.
• #84: Updates the Google provider version, related to the provider updates in this PR.
• #89: Modifications to google_container_cluster and google_container_node_pool resources, relating to kubelet configuration changes.
• #92: Changes to regional/main.tf involving naming conventions and variable usage, relevant to the modifications in this PR.
• #95: Adds new Kubernetes namespace resources and modifies existing ones, directly relating to the changes in the kubernetes_namespace_v1 resource.

Suggested reviewers

• osinfra-sa

---

🪧 Tips

### Chat There are 3 ways to chat with [CodeRabbit](https://coderabbit.ai): - Review comments: Directly reply to a review comment made by CodeRabbit. Example: - `I pushed a fix in commit , please review it.` - `Generate unit testing code for this file.` - `Open a follow-up GitHub issue for this discussion.` - Files and specific lines of code (under the "Files changed" tab): Tag `@coderabbitai` in a new review comment at the desired location with your query. Examples: - `@coderabbitai generate unit testing code for this file.` - `@coderabbitai modularize this function.` - PR comments: Tag `@coderabbitai` in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples: - `@coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.` - `@coderabbitai read src/utils.ts and generate unit testing code.` - `@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.` - `@coderabbitai help me debug CodeRabbit configuration file.` Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. ### CodeRabbit Commands (Invoked using PR comments) - `@coderabbitai pause` to pause the reviews on a PR. - `@coderabbitai resume` to resume the paused reviews. - `@coderabbitai review` to trigger an incremental review. This is useful when automatic reviews are disabled for the repository. - `@coderabbitai full review` to do a full review from scratch and review all the files again. - `@coderabbitai summary` to regenerate the summary of the PR. - `@coderabbitai resolve` resolve all the CodeRabbit review comments. - `@coderabbitai configuration` to show the current CodeRabbit configuration for the repository. - `@coderabbitai help` to get help. ### Other keywords and placeholders - Add `@coderabbitai ignore` anywhere in the PR description to prevent this PR from being reviewed. - Add `@coderabbitai summary` to generate the high-level summary at a specific location in the PR description. - Add `@coderabbitai` or `@coderabbitai title` anywhere in the PR title to generate the title automatically. ### CodeRabbit Configuration File (`.coderabbit.yaml`) - You can programmatically configure CodeRabbit by adding a `.coderabbit.yaml` file to the root of your repository. - Please see the [configuration documentation](https://docs.coderabbit.ai/guides/configure-coderabbit) for more information. - If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: `# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json` ### Documentation and Community - Visit our [Documentation](https://coderabbit.ai/docs) for detailed information on how to use CodeRabbit. - Join our [Discord Community](http://discord.gg/coderabbit) to get help, request features, and share feedback. - Follow us on [X/Twitter](https://twitter.com/coderabbitai) for updates and announcements.