Skip to content

devUpdates #12

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
tuascloan merged 1 commit into from
Mar 12, 2026
Merged

devUpdates #12

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
# Build the manager binary
FROM docker.io/golang:1.25.5 AS builder
FROM docker.io/golang:1.26.1 AS builder
ARG TARGETOS
ARG TARGETARCH
ARG GITHUB_TOKEN

Check warning on line 5 in Dockerfile

View workflow job for this annotation

GitHub Actions / Create OCI Image

Sensitive data should not be used in the ARG or ENV commands 

SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ARG "GITHUB_TOKEN")
More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/

# Configure Go to treat vitistack repositories as private
ENV GOPRIVATE=github.com/vitistack/*
Expand Down
196 changes: 144 additions & 52 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
# Image URL to use all building/pushing image targets
#IMG ?= controller:latest
IMG = ncr.sky.nhn.no/ghcr/vitistack/ipam-operator:latest
IMG ?= controller:latest

# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
ifeq (,$(shell go env GOBIN))
Expand All @@ -20,6 +19,21 @@ CONTAINER_TOOL ?= docker
SHELL = /usr/bin/env bash -o pipefail
.SHELLFLAGS = -ec

# Basic colors
BLACK=\033[0;30m
RED=\033[0;31m
GREEN=\033[0;32m
YELLOW=\033[0;33m
BLUE=\033[0;34m
PURPLE=\033[0;35m
CYAN=\033[0;36m
WHITE=\033[0;37m

# Text formatting
BOLD=\033[1m
UNDERLINE=\033[4m
RESET=\033[0m

.PHONY: all
all: build

Expand All @@ -32,30 +46,6 @@ generate-certs: ## Generates the certs required to run webhooks locally
openssl genrsa 2048 > tls.key && \
openssl req -new -x509 -nodes -sha256 -days 365 -key tls.key -out tls.crt -subj "/C=NO/ST=TRONDELAG/L=Trondheim/CN=host.docker.internal" -addext "subjectAltName = DNS:localhost,DNS:host.docker.internal"

##@ Helm

HELM_VERSION ?= v3.7.1

.PHONY: helm
helm: ## Download helm locally if necessary.
ifeq (, $(shell which helm))
@{ \
set -e ;\
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash ;\
}
endif

.PHONY: install-cert-manager
install-cert-manager: helm ## Install cert-manager using Helm.
helm repo add jetstack https://charts.jetstack.io
helm repo update
helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.15.0 --set crds.enabled=true

.PHONY: uninstall-cert-manager
uninstall-cert-manager: helm ## Uninstall cert-manager using Helm.
helm uninstall cert-manager --namespace cert-manager
kubectl delete namespace cert-manager

##@ General

# The help target prints out all targets with their descriptions organized
Expand Down Expand Up @@ -91,6 +81,10 @@ fmt: ## Run go fmt against code.
vet: ## Run go vet against code.
go vet ./...

.PHONY: fix
fix: ## Run go fix against code.
go fix ./...

.PHONY: test
test: manifests generate fmt vet setup-envtest ## Run tests.
KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test $$(go list ./... | grep -v /e2e) -coverprofile cover.out
Expand All @@ -99,17 +93,30 @@ test: manifests generate fmt vet setup-envtest ## Run tests.
# The default setup assumes Kind is pre-installed and builds/loads the Manager Docker image locally.
# CertManager is installed by default; skip with:
# - CERT_MANAGER_INSTALL_SKIP=true
.PHONY: test-e2e
test-e2e: manifests generate fmt vet ## Run the e2e tests. Expected an isolated environment using Kind.
KIND_CLUSTER ?= static-ip-operator-test-e2e

.PHONY: setup-test-e2e
setup-test-e2e: ## Set up a Kind cluster for e2e tests if it does not exist
@command -v $(KIND) >/dev/null 2>&1 || { \
echo "Kind is not installed. Please install Kind manually."; \
exit 1; \
}
@$(KIND) get clusters | grep -q 'kind' || { \
echo "No Kind cluster is running. Please start a Kind cluster before running the e2e tests."; \
exit 1; \
}
go test ./test/e2e/ -v -ginkgo.v
@case "$$($(KIND) get clusters)" in \
*"$(KIND_CLUSTER)"*) \
echo "Kind cluster '$(KIND_CLUSTER)' already exists. Skipping creation." ;; \
*) \
echo "Creating Kind cluster '$(KIND_CLUSTER)'..."; \
$(KIND) create cluster --name $(KIND_CLUSTER) ;; \
esac

.PHONY: test-e2e
test-e2e: setup-test-e2e manifests generate fmt vet ## Run the e2e tests. Expected an isolated environment using Kind.
KIND=$(KIND) KIND_CLUSTER=$(KIND_CLUSTER) go test -tags=e2e ./test/e2e/ -v -ginkgo.v
$(MAKE) cleanup-test-e2e

.PHONY: cleanup-test-e2e
cleanup-test-e2e: ## Tear down the Kind cluster used for e2e tests
@$(KIND) delete cluster --name $(KIND_CLUSTER)

.PHONY: lint
lint: golangci-lint ## Run golangci-lint linter
Expand All @@ -123,12 +130,36 @@ lint-fix: golangci-lint ## Run golangci-lint linter and perform fixes
lint-config: golangci-lint ## Verify golangci-lint linter configuration
$(GOLANGCI_LINT) config verify

.PHONY: go-security-scan
go-security-scan: ## Run security scan
@echo "Running security scan..."
@command -v gosec >/dev/null 2>&1 || { echo "Installing gosec..."; go install github.com/securego/gosec/v2/cmd/gosec@latest; }
@gosec ./...
@echo "Security scan complete!"
##@ SBOM (Software Bill of Materials)
SYFT ?= $(LOCALBIN)/syft
SYFT_VERSION ?= latest
SBOM_OUTPUT_DIR ?= sbom
SBOM_PROJECT_NAME ?= static-ip-operator

.PHONY: install-syft
install-syft: $(SYFT) ## Install syft SBOM generator locally
$(SYFT): $(LOCALBIN)
@set -e; echo "Installing syft $(SYFT_VERSION)"; \
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b $(LOCALBIN)

.PHONY: sbom-source
sbom-source: install-syft ## Generate SBOMs for Go source code (CycloneDX + SPDX)
@mkdir -p $(SBOM_OUTPUT_DIR)
@echo "Generating source code SBOMs..."
$(SYFT) dir:. --source-name=$(SBOM_PROJECT_NAME) -o cyclonedx-json=$(SBOM_OUTPUT_DIR)/sbom-source.cdx.json
$(SYFT) dir:. --source-name=$(SBOM_PROJECT_NAME) -o spdx-json=$(SBOM_OUTPUT_DIR)/sbom-source.spdx.json
@echo "SBOMs generated: $(SBOM_OUTPUT_DIR)/sbom-source.{cdx,spdx}.json"

.PHONY: sbom-container
sbom-container: install-syft ## Generate SBOMs for container image (CycloneDX + SPDX, requires IMG)
@mkdir -p $(SBOM_OUTPUT_DIR)
@echo "Generating container SBOMs for $(IMG)..."
$(SYFT) $(IMG) -o cyclonedx-json=$(SBOM_OUTPUT_DIR)/sbom-container.cdx.json
$(SYFT) $(IMG) -o spdx-json=$(SBOM_OUTPUT_DIR)/sbom-container.spdx.json
@echo "SBOMs generated: $(SBOM_OUTPUT_DIR)/sbom-container.{cdx,spdx}.json"

.PHONY: sbom
sbom: sbom-source ## Alias for sbom-source

##@ Build

Expand All @@ -138,7 +169,7 @@ build: manifests generate fmt vet ## Build manager binary.

.PHONY: run
run: manifests generate fmt vet ## Run a controller from your host.
export KUBEBUILDER="local" && export IPAM_API_URL="http://host.docker.internal:3000" && go run ./cmd/main.go
go run ./cmd/main.go

# If you wish to build the manager image targeting other platforms you can use the --platform flag.
# (i.e. docker build --platform linux/arm64). However, you must enable docker buildKit for it.
Expand All @@ -162,10 +193,10 @@ PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le
docker-buildx: ## Build and push docker image for the manager for cross-platform support
# copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile
sed -e '1 s/\(^FROM\)/FROM --platform=\$$\{BUILDPLATFORM\}/; t' -e ' 1,// s//FROM --platform=\$$\{BUILDPLATFORM\}/' Dockerfile > Dockerfile.cross
- $(CONTAINER_TOOL) buildx create --name ipam-builder
$(CONTAINER_TOOL) buildx use ipam-builder
- $(CONTAINER_TOOL) buildx build --build-arg GITHUB_TOKEN=$$GH_TOKEN --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross .
- $(CONTAINER_TOOL) buildx rm ipam-builder
- $(CONTAINER_TOOL) buildx create --name static-ip-operator-builder
$(CONTAINER_TOOL) buildx use static-ip-operator-builder
- $(CONTAINER_TOOL) buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross .
- $(CONTAINER_TOOL) buildx rm static-ip-operator-builder
rm Dockerfile.cross

.PHONY: build-installer
Expand Down Expand Up @@ -197,8 +228,35 @@ deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in
undeploy: kustomize ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
$(KUSTOMIZE) build config/default | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f -

##@ Security
.PHONY: gosec
gosec: install-security-scanner ## Run gosec security scan (fails on findings)
$(GOSEC) ./...

.PHONY: govulncheck
govulncheck: install-govulncheck ## Run govulncheck vulnerability scan (fails on findings)
$(GOVULNCHECK) ./...

.PHONY: go-security-scan-docker
go-security-scan-docker: ## Run gosec scan using official container (alternative if local install fails)
@echo "Running gosec via Docker container..."; \
$(CONTAINER_TOOL) run --rm -v $(PWD):/workspace -w /workspace securego/gosec/gosec:latest ./...

##@ Dependencies

deps: ## Download and verify dependencies
@echo -e "Downloading dependencies..."
@go mod download
@go mod verify
@go mod tidy
@echo -e "Dependencies updated!"

update-deps: ## Update dependencies
@echo -e "Updating dependencies..."
@go get -u ./...
@go mod tidy
@echo -e "Dependencies updated!"

## Location to install dependencies to
LOCALBIN ?= $(shell pwd)/bin
$(LOCALBIN):
Expand All @@ -211,15 +269,19 @@ KUSTOMIZE ?= $(LOCALBIN)/kustomize
CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
ENVTEST ?= $(LOCALBIN)/setup-envtest
GOLANGCI_LINT = $(LOCALBIN)/golangci-lint
GOSEC ?= $(LOCALBIN)/gosec
GOVULNCHECK ?= $(LOCALBIN)/govulncheck

## Tool Versions
KUSTOMIZE_VERSION ?= v5.6.0
CONTROLLER_TOOLS_VERSION ?= v0.17.2
KUSTOMIZE_VERSION ?= latest
CONTROLLER_TOOLS_VERSION ?= latest
#ENVTEST_VERSION is the version of controller-runtime release branch to fetch the envtest setup script (i.e. release-0.20)
ENVTEST_VERSION ?= $(shell go list -m -f "{{ .Version }}" sigs.k8s.io/controller-runtime | awk -F'[v.]' '{printf "release-%d.%d", $$2, $$3}')
#ENVTEST_K8S_VERSION is the version of Kubernetes to use for setting up ENVTEST binaries (i.e. 1.31)
ENVTEST_K8S_VERSION ?= $(shell go list -m -f "{{ .Version }}" k8s.io/api | awk -F'[v.]' '{printf "1.%d", $$3}')
GOLANGCI_LINT_VERSION ?= v1.63.4
GOLANGCI_LINT_VERSION ?= latest
GOSEC_VERSION ?= latest
GOVULNCHECK_VERSION ?= latest

.PHONY: kustomize
kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
Expand Down Expand Up @@ -247,20 +309,50 @@ $(ENVTEST): $(LOCALBIN)
.PHONY: golangci-lint
golangci-lint: $(GOLANGCI_LINT) ## Download golangci-lint locally if necessary.
$(GOLANGCI_LINT): $(LOCALBIN)
$(call go-install-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/cmd/golangci-lint,$(GOLANGCI_LINT_VERSION))
$(call go-install-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/v2/cmd/golangci-lint,$(GOLANGCI_LINT_VERSION))


.PHONY: install-security-scanner
install-security-scanner: $(GOSEC) ## Install gosec security scanner locally (static analysis for security issues)
$(GOSEC): $(LOCALBIN)
@set -e; echo "Attempting to install gosec $(GOSEC_VERSION)"; \
if ! GOBIN=$(LOCALBIN) go install github.com/securego/gosec/v2/cmd/gosec@$(GOSEC_VERSION) 2>/dev/null; then \
echo "Primary install failed, attempting install from @main (compatibility fallback)"; \
if ! GOBIN=$(LOCALBIN) go install github.com/securego/gosec/v2/cmd/gosec@main; then \
echo "gosec installation failed for versions $(GOSEC_VERSION) and @main"; \
exit 1; \
fi; \
fi; \
echo "gosec installed at $(GOSEC)"; \
chmod +x $(GOSEC)

.PHONY: install-govulncheck
install-govulncheck: $(GOVULNCHECK) ## Install govulncheck locally (vulnerability scanner for Go)
$(GOVULNCHECK): $(LOCALBIN)
@set -e; echo "Attempting to install govulncheck $(GOVULNCHECK_VERSION)"; \
if ! GOBIN=$(LOCALBIN) go install golang.org/x/vuln/cmd/govulncheck@$(GOVULNCHECK_VERSION) 2>/dev/null; then \
echo "Primary install failed, attempting install from @latest (compatibility fallback)"; \
if ! GOBIN=$(LOCALBIN) go install golang.org/x/vuln/cmd/govulncheck@latest; then \
echo "govulncheck installation failed for versions $(GOVULNCHECK_VERSION) and @latest"; \
exit 1; \
fi; \
fi; \
echo "govulncheck installed at $(GOVULNCHECK)"; \
chmod +x $(GOVULNCHECK)


# go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist
# $1 - target path with name of binary
# $2 - package url which can be installed
# $3 - specific version of package
define go-install-tool
@[ -f "$(1)-$(3)" ] || { \
@[ -f "$(1)-$(3)" ] && [ "$$(readlink -- "$(1)" 2>/dev/null)" = "$(1)-$(3)" ] || { \
set -e; \
package=$(2)@$(3) ;\
echo "Downloading $${package}" ;\
rm -f $(1) || true ;\
rm -f $(1) ;\
GOBIN=$(LOCALBIN) go install $${package} ;\
mv $(1) $(1)-$(3) ;\
} ;\
ln -sf $(1)-$(3) $(1)
endef
ln -sf $$(realpath $(1)-$(3)) $(1)
endef
2 changes: 2 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,8 @@ kubectl apply -f ./config/webhook/manifests-local.yaml

### Run Controller locally
```sh
export KUBEBUILDER=local
export IPAM_API_URL=https://ipam-api.vitistack.io/v2
make run
```

Expand Down
4 changes: 2 additions & 2 deletions config/webhook/manifests-local.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ webhooks:
- v1
clientConfig:
url: https://host.docker.internal:9443/mutate--v1-service
caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUR0VENDQXAyZ0F3SUJBZ0lVTFB5RHg0c21md3NOOG1oNGl2QURnOXlWbkNJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1ZERUxNQWtHQTFVRUJoTUNUazh4RWpBUUJnTlZCQWdNQ1ZSU1QwNUVSVXhCUnpFU01CQUdBMVVFQnd3SgpWSEp2Ym1Sb1pXbHRNUjB3R3dZRFZRUUREQlJvYjNOMExtUnZZMnRsY2k1cGJuUmxjbTVoYkRBZUZ3MHlOVEV3Ck1qQXdOakV4TVRkYUZ3MHlOakV3TWpBd05qRXhNVGRhTUZReEN6QUpCZ05WQkFZVEFrNVBNUkl3RUFZRFZRUUkKREFsVVVrOU9SRVZNUVVjeEVqQVFCZ05WQkFjTUNWUnliMjVrYUdWcGJURWRNQnNHQTFVRUF3d1VhRzl6ZEM1awpiMk5yWlhJdWFXNTBaWEp1WVd3d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURVCmhGMXJXRVNxZmt3RCtXaDZpVGlrNUxFME5wWFhYUlgyTFkwMnlXYWNzOVo4cEZGZ3FBTkxoVFFiZ2o5bmZKNHoKUmw4YWdCN3NtVjR0NXNyRytxaWVyc2ZKamZJcUZ5cUlvd1o3MmJySFB5Y09QVENRYlFtdVk5dVV3SzUyVnhQbgpjZkhDNm1wZ1ROaWthZ0hPZHVROGdNUTZpQ21naDR4MGZzSDJ5MW5vanZaRnVaSTRBVWVsZlY2cmlmNDEwZVdaCnlOckRWRk9KdXNsSXB1UmEwb3d6WDNrMDdReE1BR3FNbGdCRllaQmo3MzRFS2g5VzlNaFdsMjVRSUtHSXFCWWgKenpUSVREaE14NW95cDkyakVoVjNlOWJhR3JGQ2RHeHlWSEdYcXRPdkR1Mk4rRUY3K3JCTXZERlNRVUJoVjlVZgorZlp0ZGNTTVk0SFJSdnZiYUpFWkFnTUJBQUdqZnpCOU1CMEdBMVVkRGdRV0JCU2pmVEFlcEhMYWFVcGNoMTNrCnVqd2daZERvOFRBZkJnTlZIU01FR0RBV2dCU2pmVEFlcEhMYWFVcGNoMTNrdWp3Z1pkRG84VEFQQmdOVkhSTUIKQWY4RUJUQURBUUgvTUNvR0ExVWRFUVFqTUNHQ0NXeHZZMkZzYUc5emRJSVVhRzl6ZEM1a2IyTnJaWEl1YVc1MApaWEp1WVd3d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFNZm1sbktxNXdaNTF4SGZLaHlGdTRRdy9JWTZ2ZGZrCjRLS1BzTUlVbkdTMlZ5cDlRWCtVOWJINXVrWTF4S2NScy9lNkxXMTY1SktQZXI4YzFSVDVxanoxMmM1U2IvZysKREtnRVhxemdqaVpIRTd1MFFZWGd5SmNwQ2l6WGhLdjVXVHdmbmsrME03UjJQSlRoNllrdHo1dDJHUnFWL3ltVQppWmdMWGxXZEtnYmNidEtmanVlSm1vek5ETU8yU1RBNGJxNy8vMEw5QWxIYWZMVlZJbWxoTjdIbTRWY2tyUm9xCmt1UEYyOC93bTJzZjlxWG96ZFlhd3pzZUlab3FBVWtYSnhiWW1lWldTZ0t5dk11SjhIOGQ4NXBFeS84bHlGangKUW1IRmF5RTh4cjRuNkxJSWs2N1FkRGlwTkErYmFVNDVZdHF6L2RpbEdISXBRT2lQckIrL2tocz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUR0VENDQXAyZ0F3SUJBZ0lVUUdkM2VkdmJsc1dycEtqenFYbXJBREU1Z0lrd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1ZERUxNQWtHQTFVRUJoTUNUazh4RWpBUUJnTlZCQWdNQ1ZSU1QwNUVSVXhCUnpFU01CQUdBMVVFQnd3SgpWSEp2Ym1Sb1pXbHRNUjB3R3dZRFZRUUREQlJvYjNOMExtUnZZMnRsY2k1cGJuUmxjbTVoYkRBZUZ3MHlOakF6Ck1USXhNalV4TUROYUZ3MHlOekF6TVRJeE1qVXhNRE5hTUZReEN6QUpCZ05WQkFZVEFrNVBNUkl3RUFZRFZRUUkKREFsVVVrOU9SRVZNUVVjeEVqQVFCZ05WQkFjTUNWUnliMjVrYUdWcGJURWRNQnNHQTFVRUF3d1VhRzl6ZEM1awpiMk5yWlhJdWFXNTBaWEp1WVd3d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUNlCjRwa1ZlNlUwdmVVVUVqUVFscS9ab09QbE9qaG50U01uMHM3b1Q5b1Z3dnBPNWxyWDRQR1E2KytZbmFkelpwYVQKU2JwK3pJd1FJWHpjWmJ5TTNIVmI2N3dibFArdmVnR0tFVTNBRnhhWVE3Q1ZWdWJKSkVDRE9uNHZsT1NWNk1YcQpqLzUwN2ZOckZ2Z3ZhaE4vK283SDdpVjFSZjFWbE9VdzZ3SnljMWdzWE5BektaY2FRL0ZHcE5Ca1haWWNpZFRUCittWlBXTE5yMGQ3M00wUTdWaTZreXc0bk9PS1JjNWVOMXAvNE0rTGE1N04vR28wTE1UTCtPTVJoZGlhTm1zUloKZzF3L2JsRVNqMnljVndLTEhLSnp0MUlOMW0yZFNOUHg1YTBQbytMMlhzeFJGOHpNSWRNNVdnYmZHYml4Z2cyRAovb2dTV2txSFlDVnlGbm1Sc0JhUEFnTUJBQUdqZnpCOU1CMEdBMVVkRGdRV0JCU3g4dzJwTDdnQjJrL2c5ZGpsCmtvUE5BNmlPM0RBZkJnTlZIU01FR0RBV2dCU3g4dzJwTDdnQjJrL2c5ZGpsa29QTkE2aU8zREFQQmdOVkhSTUIKQWY4RUJUQURBUUgvTUNvR0ExVWRFUVFqTUNHQ0NXeHZZMkZzYUc5emRJSVVhRzl6ZEM1a2IyTnJaWEl1YVc1MApaWEp1WVd3d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFEeEorM00rZDJzNVZIUjJJZElOMDFsZ3FTemppc2ZkClVVS1ZLMEZ3VUNMVkJ5TXlrdExTTHZGcXNMNEpLUUZkcysycDh0dFdWQW43ckUrQmFPNkM0OEVIOC9RS0p6RTQKOGN4RFpCS2ZuVGhJcEtJekpOS213RElXYzNHOW1BZWRwQi9JK215S040NUdVL3h0UXk5VnlVdXkxTGlURGRQSQpHVlAxOVphNU5aellSNGxnWklBWkkvV3lXbmFCcTkrL3B4ZkN6V1hmU3RlQ1cxR1NxSkFxbmZ3YWExSmN3ajArCnlYcUF1WU52bGswUXlqa2wvbEg0M1dyWmZ5L0dwRndDek1pMkhmRXVjVkE4a05CdEN0aE5JdXl5eUE5SHhiNHAKM1E1K2JpNlZLVVpVTVNhd2tEd3VMczJRR1p1VFpVRCtpcHpkWWlBS2ltWG1XUFBiNHBVb0lsdz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
failurePolicy: Fail
name: host.docker.internal
rules:
Expand Down Expand Up @@ -53,7 +53,7 @@ webhooks:
name: host.docker.internal
clientConfig:
url: https://host.docker.internal:9443/validate--v1-service
caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUR0VENDQXAyZ0F3SUJBZ0lVTFB5RHg0c21md3NOOG1oNGl2QURnOXlWbkNJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1ZERUxNQWtHQTFVRUJoTUNUazh4RWpBUUJnTlZCQWdNQ1ZSU1QwNUVSVXhCUnpFU01CQUdBMVVFQnd3SgpWSEp2Ym1Sb1pXbHRNUjB3R3dZRFZRUUREQlJvYjNOMExtUnZZMnRsY2k1cGJuUmxjbTVoYkRBZUZ3MHlOVEV3Ck1qQXdOakV4TVRkYUZ3MHlOakV3TWpBd05qRXhNVGRhTUZReEN6QUpCZ05WQkFZVEFrNVBNUkl3RUFZRFZRUUkKREFsVVVrOU9SRVZNUVVjeEVqQVFCZ05WQkFjTUNWUnliMjVrYUdWcGJURWRNQnNHQTFVRUF3d1VhRzl6ZEM1awpiMk5yWlhJdWFXNTBaWEp1WVd3d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURVCmhGMXJXRVNxZmt3RCtXaDZpVGlrNUxFME5wWFhYUlgyTFkwMnlXYWNzOVo4cEZGZ3FBTkxoVFFiZ2o5bmZKNHoKUmw4YWdCN3NtVjR0NXNyRytxaWVyc2ZKamZJcUZ5cUlvd1o3MmJySFB5Y09QVENRYlFtdVk5dVV3SzUyVnhQbgpjZkhDNm1wZ1ROaWthZ0hPZHVROGdNUTZpQ21naDR4MGZzSDJ5MW5vanZaRnVaSTRBVWVsZlY2cmlmNDEwZVdaCnlOckRWRk9KdXNsSXB1UmEwb3d6WDNrMDdReE1BR3FNbGdCRllaQmo3MzRFS2g5VzlNaFdsMjVRSUtHSXFCWWgKenpUSVREaE14NW95cDkyakVoVjNlOWJhR3JGQ2RHeHlWSEdYcXRPdkR1Mk4rRUY3K3JCTXZERlNRVUJoVjlVZgorZlp0ZGNTTVk0SFJSdnZiYUpFWkFnTUJBQUdqZnpCOU1CMEdBMVVkRGdRV0JCU2pmVEFlcEhMYWFVcGNoMTNrCnVqd2daZERvOFRBZkJnTlZIU01FR0RBV2dCU2pmVEFlcEhMYWFVcGNoMTNrdWp3Z1pkRG84VEFQQmdOVkhSTUIKQWY4RUJUQURBUUgvTUNvR0ExVWRFUVFqTUNHQ0NXeHZZMkZzYUc5emRJSVVhRzl6ZEM1a2IyTnJaWEl1YVc1MApaWEp1WVd3d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFNZm1sbktxNXdaNTF4SGZLaHlGdTRRdy9JWTZ2ZGZrCjRLS1BzTUlVbkdTMlZ5cDlRWCtVOWJINXVrWTF4S2NScy9lNkxXMTY1SktQZXI4YzFSVDVxanoxMmM1U2IvZysKREtnRVhxemdqaVpIRTd1MFFZWGd5SmNwQ2l6WGhLdjVXVHdmbmsrME03UjJQSlRoNllrdHo1dDJHUnFWL3ltVQppWmdMWGxXZEtnYmNidEtmanVlSm1vek5ETU8yU1RBNGJxNy8vMEw5QWxIYWZMVlZJbWxoTjdIbTRWY2tyUm9xCmt1UEYyOC93bTJzZjlxWG96ZFlhd3pzZUlab3FBVWtYSnhiWW1lWldTZ0t5dk11SjhIOGQ4NXBFeS84bHlGangKUW1IRmF5RTh4cjRuNkxJSWs2N1FkRGlwTkErYmFVNDVZdHF6L2RpbEdISXBRT2lQckIrL2tocz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUR0VENDQXAyZ0F3SUJBZ0lVUUdkM2VkdmJsc1dycEtqenFYbXJBREU1Z0lrd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1ZERUxNQWtHQTFVRUJoTUNUazh4RWpBUUJnTlZCQWdNQ1ZSU1QwNUVSVXhCUnpFU01CQUdBMVVFQnd3SgpWSEp2Ym1Sb1pXbHRNUjB3R3dZRFZRUUREQlJvYjNOMExtUnZZMnRsY2k1cGJuUmxjbTVoYkRBZUZ3MHlOakF6Ck1USXhNalV4TUROYUZ3MHlOekF6TVRJeE1qVXhNRE5hTUZReEN6QUpCZ05WQkFZVEFrNVBNUkl3RUFZRFZRUUkKREFsVVVrOU9SRVZNUVVjeEVqQVFCZ05WQkFjTUNWUnliMjVrYUdWcGJURWRNQnNHQTFVRUF3d1VhRzl6ZEM1awpiMk5yWlhJdWFXNTBaWEp1WVd3d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUNlCjRwa1ZlNlUwdmVVVUVqUVFscS9ab09QbE9qaG50U01uMHM3b1Q5b1Z3dnBPNWxyWDRQR1E2KytZbmFkelpwYVQKU2JwK3pJd1FJWHpjWmJ5TTNIVmI2N3dibFArdmVnR0tFVTNBRnhhWVE3Q1ZWdWJKSkVDRE9uNHZsT1NWNk1YcQpqLzUwN2ZOckZ2Z3ZhaE4vK283SDdpVjFSZjFWbE9VdzZ3SnljMWdzWE5BektaY2FRL0ZHcE5Ca1haWWNpZFRUCittWlBXTE5yMGQ3M00wUTdWaTZreXc0bk9PS1JjNWVOMXAvNE0rTGE1N04vR28wTE1UTCtPTVJoZGlhTm1zUloKZzF3L2JsRVNqMnljVndLTEhLSnp0MUlOMW0yZFNOUHg1YTBQbytMMlhzeFJGOHpNSWRNNVdnYmZHYml4Z2cyRAovb2dTV2txSFlDVnlGbm1Sc0JhUEFnTUJBQUdqZnpCOU1CMEdBMVVkRGdRV0JCU3g4dzJwTDdnQjJrL2c5ZGpsCmtvUE5BNmlPM0RBZkJnTlZIU01FR0RBV2dCU3g4dzJwTDdnQjJrL2c5ZGpsa29QTkE2aU8zREFQQmdOVkhSTUIKQWY4RUJUQURBUUgvTUNvR0ExVWRFUVFqTUNHQ0NXeHZZMkZzYUc5emRJSVVhRzl6ZEM1a2IyTnJaWEl1YVc1MApaWEp1WVd3d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFEeEorM00rZDJzNVZIUjJJZElOMDFsZ3FTemppc2ZkClVVS1ZLMEZ3VUNMVkJ5TXlrdExTTHZGcXNMNEpLUUZkcysycDh0dFdWQW43ckUrQmFPNkM0OEVIOC9RS0p6RTQKOGN4RFpCS2ZuVGhJcEtJekpOS213RElXYzNHOW1BZWRwQi9JK215S040NUdVL3h0UXk5VnlVdXkxTGlURGRQSQpHVlAxOVphNU5aellSNGxnWklBWkkvV3lXbmFCcTkrL3B4ZkN6V1hmU3RlQ1cxR1NxSkFxbmZ3YWExSmN3ajArCnlYcUF1WU52bGswUXlqa2wvbEg0M1dyWmZ5L0dwRndDek1pMkhmRXVjVkE4a05CdEN0aE5JdXl5eUE5SHhiNHAKM1E1K2JpNlZLVVpVTVNhd2tEd3VMczJRR1p1VFpVRCtpcHpkWWlBS2ltWG1XUFBiNHBVb0lsdz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
failurePolicy: Fail
rules:
- apiGroups:
Expand Down
Loading
Loading