diff --git a/.github/workflows/on_pull-request_docs.yaml b/.github/workflows/on_pull-request_docs.yaml index 8fd52d0d..687997f0 100644 --- a/.github/workflows/on_pull-request_docs.yaml +++ b/.github/workflows/on_pull-request_docs.yaml @@ -24,4 +24,4 @@ jobs: run: ./earthly.sh +rebuild-docs - name: verify that the checked in file has not changed - run: ./hacks/exit-on-changed-files.sh "Please run './earthly +rebuild-docs' and commit the results to this PR" + run: ./hacks/exit-on-changed-files.sh "Please run './earthly.sh +rebuild-docs' and commit the results to this PR" diff --git a/charts/kubechecks/Chart.yaml b/charts/kubechecks/Chart.yaml index c0fd3003..dee9a846 100644 --- a/charts/kubechecks/Chart.yaml +++ b/charts/kubechecks/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: kubechecks description: A Helm chart for kubechecks -version: 0.5.3 +version: 0.5.4 type: application maintainers: - name: zapier diff --git a/docs/usage.md b/docs/usage.md index ad8dd502..e9308861 100644 --- a/docs/usage.md +++ b/docs/usage.md @@ -48,6 +48,7 @@ The full list of supported environment variables is described below: |`KUBECHECKS_ENABLE_CONFTEST`|Set to true to enable conftest policy checking of manifests.|`false`| |`KUBECHECKS_ENABLE_HOOKS_RENDERER`|Render hooks.|`true`| |`KUBECHECKS_ENABLE_KUBECONFORM`|Enable kubeconform checks.|`true`| +|`KUBECHECKS_ENABLE_KYVERNO_CHECKS`|Enable kyverno policy checks.|`false`| |`KUBECHECKS_ENABLE_PREUPGRADE`|Enable preupgrade checks.|`true`| |`KUBECHECKS_ENSURE_WEBHOOKS`|Ensure that webhooks are created in repositories referenced by argo.|`false`| |`KUBECHECKS_FALLBACK_K8S_VERSION`|Fallback target Kubernetes version for schema / upgrade checks.|`1.23.0`| @@ -57,6 +58,7 @@ The full list of supported environment variables is described below: |`KUBECHECKS_KUBERNETES_CLUSTERID`|Kubernetes Cluster ID, must be specified if kubernetes-type is eks.|| |`KUBECHECKS_KUBERNETES_CONFIG`|Path to your kubernetes config file, used to monitor applications.|| |`KUBECHECKS_KUBERNETES_TYPE`|Kubernetes Type One of eks, or local.|`local`| +|`KUBECHECKS_KYVERNO_POLICIES_LOCATION`|Sets kyverno policy locations to be used for every check request. This is a git url in either git or http(s) format.|| |`KUBECHECKS_LABEL_FILTER`|(Optional) If set, The label that must be set on an MR (as "kubechecks:") for kubechecks to process the merge request webhook.|| |`KUBECHECKS_LOG_LEVEL`|Set the log output level. One of error, warn, info, debug, trace.|`info`| |`KUBECHECKS_MAX_CONCURRENCT_CHECKS`|Number of concurrent checks to run.|`32`| @@ -85,4 +87,5 @@ The full list of supported environment variables is described below: |`KUBECHECKS_WORST_CONFTEST_STATE`|The worst state that can be returned from conftest.|`panic`| |`KUBECHECKS_WORST_HOOKS_STATE`|The worst state that can be returned from the hooks renderer.|`panic`| |`KUBECHECKS_WORST_KUBECONFORM_STATE`|The worst state that can be returned from kubeconform.|`panic`| +|`KUBECHECKS_WORST_KYVERNO_STATE`|The worst state that can be returned from the kyverno checks.|`panic`| |`KUBECHECKS_WORST_PREUPGRADE_STATE`|The worst state that can be returned from preupgrade checks.|`panic`| diff --git a/localdev/kubechecks/values.yaml b/localdev/kubechecks/values.yaml index 2274027d..ecc9b406 100644 --- a/localdev/kubechecks/values.yaml +++ b/localdev/kubechecks/values.yaml @@ -24,11 +24,9 @@ configMap: # KUBECHECKS_SCHEMAS_LOCATION: https://github.com/zapier/kubecheck-schemas.git KUBECHECKS_TIDY_OUTDATED_COMMENTS_MODE: "delete" KUBECHECKS_ENABLE_CONFTEST: "false" - KUBECHECKS_ENABLE_KYVERNO_CHECKS: "true" - KUBECHECKS_KYVERNO_POLICIES_LOCATION: "https://github.com/zapier/kyverno-policies.git?subdir=/argocd/development/templates/checks" + # KUBECHECKS_ENABLE_KYVERNO_CHECKS: "false" + # KUBECHECKS_KYVERNO_POLICIES_LOCATION: "https://githum.com/zapier/kyverno-policies.git?subdir=/checks&branch=master" KUBECHECKS_ARGOCD_SEND_FULL_REPOSITORY: "true" - KUBECHECKS_ARGOCD_REPOSITORY_ENDPOINT: argocd-repo-server.kubechecks:8081 - GRPC_ENFORCE_ALPN_ENABLED: false deployment: