- Defined a security manager struct to cache all the plugin data
- Added flag to make validating security warnings optional while deploying the operator
* Link to project's DockerHub in README's section on nightly builds, add paragraph about nightly builds in installation docs
* Fix repositoryURL in sample seedJob configuration with SSH auth
* Slightly expand on #348
* Fix formatting in docs on Jenkins' customization, update plugin versions
* Add notes on Jenkins home Volume in Helm chart values.yaml and docs (#589)
- Created a single Validate() function to validate both updating and creating Jenkins CR.
- Implemented the Validate function to fetch warnings from the API and do security check if
being enabled.
- Updated the helm charts and helm-e2e target to run the helm tests.
- Scaffolded a new validation webhook using operator-sdk
- Added manifests for webhook.
- Added manifests for self signed issuer and certificates
- Added a new spec named ValidateSecurityWarnings to the Jenkins custom resource definition to enable/disable security check.
- Updated Makefile to deploy the operator locally.
- Updated helm template and default values.yaml
* Fix link to Installation on Getting started index
* Separate instructions on installing via YAML and Helm more clearly
* Link deploy jenkins section in instructions on installing via YAML
Co-authored-by: Sig00rd <sfugas@virtuslab.com>
* Don't validate external credential type
The operator shouldn't try to fetch credentials that have their types
defined as `external` - that means that credentials are supplied
externally, without using k8s secrets.
* Docs: Add example of `external` credential type
* Skip kube-api-access volume comparison
This hotfixes the incompatibility between the Operator and Kubernetes
1.21.
Kubernetes 1.21 started adding a new volume named
"kube-api-access-<random-suffix>" and that broke the comparison
function and resulted in an infinite loop.
* Fix WATCH_NAMESPACE in helm chart
When applying the chart, the operator will now watch the correct
namespace. This required changes in roles and role bindings so that
the operator has access to both namespaces.
* Use Role instead of ClusterRole
Mitigates the risk of restrictions in creating ClusterRole in
multitenant k8s clusters.
* Update configuration-as-code version to 1.47
This allows the user to use keys other than PEM encoded RSA. ed25519
is often recommended to be used if it's supported. Using this
algorithm implies the use of OpenSSH key format in ssh-keygen.
sharmapulkit04
Morten Birkelund
github-actions[bot]
Szymon Fugas
Cosnita Radu Viorel
Piotr Ryba
Michael Schmid
Szymon Fugas
Tomasz Sęk
Mateusz Korus
SylwiaBrant
MKajzik
Tomasz Sęk
Sylwia Brant