diff --git a/.github/scripts/.helm-tests/default/result.yaml b/.github/scripts/.helm-tests/default/result.yaml index 6ac09752ab..c36c9f0be9 100644 --- a/.github/scripts/.helm-tests/default/result.yaml +++ b/.github/scripts/.helm-tests/default/result.yaml @@ -9393,11 +9393,7 @@ webhooks: - lifecycle-operator - key: kubernetes.io/metadata.name operator: NotIn - values: - - cert-manager - - keptn-lifecycle-toolkit-system - - observability - - monitoring + values: ["cert-manager","keptn-lifecycle-toolkit-system","observability","monitoring"] - key: kubernetes.io/metadata.name operator: NotIn values: diff --git a/.github/scripts/.helm-tests/lifecycle-only/result.yaml b/.github/scripts/.helm-tests/lifecycle-only/result.yaml index d2973db5ba..61200b38ad 100644 --- a/.github/scripts/.helm-tests/lifecycle-only/result.yaml +++ b/.github/scripts/.helm-tests/lifecycle-only/result.yaml @@ -6719,11 +6719,7 @@ webhooks: - lifecycle-operator - key: kubernetes.io/metadata.name operator: NotIn - values: - - cert-manager - - keptn-lifecycle-toolkit-system - - observability - - monitoring + values: ["foo","bar"] - key: kubernetes.io/metadata.name operator: NotIn values: diff --git a/.github/scripts/.helm-tests/lifecycle-only/values.yaml b/.github/scripts/.helm-tests/lifecycle-only/values.yaml index 54d290a7b0..fd2f55533c 100644 --- a/.github/scripts/.helm-tests/lifecycle-only/values.yaml +++ b/.github/scripts/.helm-tests/lifecycle-only/values.yaml @@ -14,6 +14,7 @@ lifecycleOperator: scheduler: image: tag: v0.0.0 + deniedNamespaces: ["foo", "bar"] metricsOperator: enabled: false diff --git a/.github/scripts/.helm-tests/lifecycle-with-certs/result.yaml b/.github/scripts/.helm-tests/lifecycle-with-certs/result.yaml index ba32da0ec4..b3c05338b2 100644 --- a/.github/scripts/.helm-tests/lifecycle-with-certs/result.yaml +++ b/.github/scripts/.helm-tests/lifecycle-with-certs/result.yaml @@ -6975,11 +6975,7 @@ webhooks: - lifecycle-operator - key: kubernetes.io/metadata.name operator: NotIn - values: - - cert-manager - - keptn-lifecycle-toolkit-system - - observability - - monitoring + values: ["cert-manager","keptn-lifecycle-toolkit-system","observability","monitoring"] - key: kubernetes.io/metadata.name operator: NotIn values: diff --git a/lifecycle-operator/chart/README.md b/lifecycle-operator/chart/README.md index 302604183c..9b508e42b4 100644 --- a/lifecycle-operator/chart/README.md +++ b/lifecycle-operator/chart/README.md @@ -68,13 +68,14 @@ and application health checks ### Global -| Name | Description | Value | -| ------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- | --------------- | -| `kubernetesClusterDomain` | overrides cluster.local | `cluster.local` | -| `annotations` | add deployment level annotations | `{}` | -| `podAnnotations` | adds pod level annotations | `{}` | -| `schedulingGatesEnabled` | enables the scheduling gates in lifecycle-operator. This feature is available in alpha version from K8s 1.27 or 1.26 enabling the alpha version | `false` | -| `allowedNamespaces` | specifies the allowed namespaces for the lifecycle orchestration functionality | `[]` | +| Name | Description | Value | +| ------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------- | +| `kubernetesClusterDomain` | overrides cluster.local | `cluster.local` | +| `annotations` | add deployment level annotations | `{}` | +| `podAnnotations` | adds pod level annotations | `{}` | +| `schedulingGatesEnabled` | enables the scheduling gates in lifecycle-operator. This feature is available in alpha version from K8s 1.27 or 1.26 enabling the alpha version | `false` | +| `allowedNamespaces` | specifies the allowed namespaces for the lifecycle orchestration functionality | `[]` | +| `deniedNamespaces` | specifies a list of namespaces where the lifecycle orchestration functionality is disabled, ignored if `allowedNamespaces` is set | `["cert-manager","keptn-lifecycle-toolkit-system","observability","monitoring"]` | ### Keptn Scheduler diff --git a/lifecycle-operator/chart/templates/lifecycle-mutating-webhook-configuration.yaml b/lifecycle-operator/chart/templates/lifecycle-mutating-webhook-configuration.yaml index 50a0b479e5..dfdf0ff0ea 100644 --- a/lifecycle-operator/chart/templates/lifecycle-mutating-webhook-configuration.yaml +++ b/lifecycle-operator/chart/templates/lifecycle-mutating-webhook-configuration.yaml @@ -28,11 +28,7 @@ webhooks: {{- if eq (len .Values.allowedNamespaces) 0 }} - key: kubernetes.io/metadata.name operator: NotIn - values: - - cert-manager - - keptn-lifecycle-toolkit-system - - observability - - monitoring + values: {{ .Values.deniedNamespaces | default list | toJson }} {{- else }} - key: kubernetes.io/metadata.name operator: In diff --git a/lifecycle-operator/chart/values.yaml b/lifecycle-operator/chart/values.yaml index 9c936f7beb..f0a7002047 100644 --- a/lifecycle-operator/chart/values.yaml +++ b/lifecycle-operator/chart/values.yaml @@ -163,7 +163,7 @@ lifecycleOperatorMetricsService: type: ClusterIP ## @section Global -## Current available parameters: kubernetesClusterDomain, imagePullSecrets, schedulingGatesEnabled +## Current available parameters: kubernetesClusterDomain, imagePullSecrets, schedulingGatesEnabled, allowedNamespaces, deniedNamespaces ## @param kubernetesClusterDomain overrides cluster.local kubernetesClusterDomain: cluster.local ## @param annotations add deployment level annotations @@ -174,6 +174,12 @@ podAnnotations: {} schedulingGatesEnabled: false ## @param allowedNamespaces specifies the allowed namespaces for the lifecycle orchestration functionality allowedNamespaces: [] +## @param deniedNamespaces specifies a list of namespaces where the lifecycle orchestration functionality is disabled, ignored if `allowedNamespaces` is set +deniedNamespaces: + - cert-manager + - keptn-lifecycle-toolkit-system + - observability + - monitoring # yamllint disable rule:line-length ## @section Keptn Scheduler