Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ADR-0012: Initial Proposal for Cluster Wide Custom Resources (e.g. ClusterScanType) #1270

Merged
merged 11 commits into from
Sep 13, 2022
Merged

ADR-0012: Initial Proposal for Cluster Wide Custom Resources (e.g. ClusterScanType) #1270

merged 11 commits into from
Sep 13, 2022

Conversation

J12934
Copy link
Member

@J12934 J12934 commented Jul 13, 2022

This PR contain a Proposal for new variants for some of our CustomResourceDefinitions which could be used on a cluster level and then be reused across namespaces.

@J12934
Initial proposal for cluster wide custom resources (e.g. ClusterScanT…
4ef1537 
…ype)

Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
@J12934 J12934 added documentation Improvements or additions to documentation architecture Architecture changes CRD Improvements or additions to CRDs labels Jul 13, 2022
@J12934 J12934 self-assigned this Jul 13, 2022
@github-actions
Copy link

github-actions bot commented Jul 13, 2022
edited
Loading

MegaLinter status: ⚠️ WARNING

Descriptor Linter Files Fixed Errors Elapsed time
⚠️ ACTION actionlint 4 3 0.37s
⚠️ BASH bash-exec 14 4 0.06s
⚠️ BASH shellcheck 14 18 0.21s
⚠️ BASH shfmt 14 14 0.01s
⚠️ DOCKERFILE dockerfilelint 3 1 0.87s
⚠️ DOCKERFILE hadolint 3 2 0.17s
✅ GIT git_diff yes no 0.16s
⚠️ GO golangci-lint 11 11 17.29s
⚠️ GO revive 11 4 0.18s
⚠️ JAVA checkstyle 2 2 5.01s
⚠️ JAVASCRIPT eslint 9 1 0.66s
✅ JSON eslint-plugin-jsonc 9 0 2.72s
✅ JSON jsonlint 9 0 3.21s
⚠️ JSON prettier 9 1 1.51s
✅ JSON v8r 9 0 17.94s
⚠️ PYTHON bandit 36 24 0.99s
⚠️ PYTHON black 36 1 4.18s
⚠️ PYTHON flake8 36 869 1.23s
⚠️ PYTHON isort 36 24 0.24s
⚠️ PYTHON pylint 36 72 11.58s
⚠️ SPELL misspell 326 1 2.28s
⚠️ TYPESCRIPT eslint 3 1 0.36s
⚠️ YAML prettier 233 1 15.66s
⚠️ YAML v8r 233 6 302.05s
⚠️ YAML yamllint 233 1 27.85s

See errors details in artifact MegaLinter reports on CI Job page
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

SebieF
SebieF requested changes Jul 19, 2022
View reviewed changes
Copy link
Contributor

@SebieF SebieF left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very well laid out proposal :)

Some comments might be very minor, but will hopefully help most readers to follow your arguments a bit better.

J12934 added 4 commits July 19, 2022 16:52
@J12934
Apply suggestions from code review
25da756 
https://github.blog/changelog/2022-06-08-admins-can-require-sign-off-on-web-based-commits/

Co-authored-by: Sebastian Franz <32578476+SebieF@users.noreply.github.com>

Signed-off-by: Jannik Hollenbach <jannik@hollenbach.de>
@J12934
Fix missing code suggestion
c3a6e9d 
Co-authored-by: Sebastian Franz <32578476+SebieF@users.noreply.github.com>

Signed-off-by: Jannik Hollenbach <jannik@hollenbach.de>
@J12934
Make examples clearer by providing a short description before hand
415f25f 
Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
@J12934
Try to clarify point about config sync scripts / operators
59f38ac 
Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
SebieF
SebieF previously approved these changes Jul 20, 2022
View reviewed changes
@J12934 J12934 marked this pull request as ready for review July 21, 2022 15:28
@malexmave
Add second proposal with more separation to ADR12
8b3e8bb 
Signed-off-by: Max Maass <max.maass@iteratec.com>
@malexmave
Copy link
Member

I just added a second proposal to the ADR, which features stricter separation between cluster-wide resources and namespace-local ones. I will discuss this with @J12934 to complete the "TBD" parts before we can bring this to the rest of the team for discussion.

@malexmave
Update ADR12 with notes for a third option
c7ffe40 
Signed-off-by: Max Maass <max.maass@iteratec.com>
@malexmave
Add answers to open questions from proposal 2
77e54cd 
Signed-off-by: Max Maass <max.maass@iteratec.com>
@malexmave
Add proposal 3
efa049b 
Signed-off-by: Max Maass <max.maass@iteratec.com>
@rseedorff rseedorff added this to the v4.0.0 milestone Sep 3, 2022
@Weltraumschaf Weltraumschaf changed the title Initial Proposal for Cluster Wide Custom Resources (e.g. ClusterScanType) ADR-0012: Initial Proposal for Cluster Wide Custom Resources (e.g. ClusterScanType) Sep 6, 2022
@J12934
Add RBAC concept for option 3
9f7b30e 
Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
@J12934
Removing todo
9d6e8ab 
@malexmave I don't think this can cause problems:

There are following options to install the Cascading Scans hook after the PR all should be ok:

1. As a normal `ScanCompletionHook`, behaving exactly like it does now
2. As a `ClusterScanCompletionHook` *without* an `executionNamespace`. Would use cluster cascading rules and start the cascaded scans in the scans namespace.
3. As a `ClusterScanCompletionHook` *with* an `executionNamespace`. Would use cluster cascading rules and start the cascaded scans in the scans namespace. (this is already explicitly stated in the proposal)

If I'm overlooking something feel free to revert this commit :)

Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
@J12934 J12934 merged commit 27a72b9 into main Sep 13, 2022
@J12934 J12934 deleted the docs/adr12-cluster-custom-resources branch September 13, 2022 11:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SebieF SebieF

Assignees

@J12934 J12934

Labels
architecture Architecture changes CRD Improvements or additions to CRDs documentation Improvements or additions to documentation
Projects
secureCodeBox v4
Archived in project
Milestone
v4.0.0
Development

Successfully merging this pull request may close these issues.
4 participants
@J12934 @malexmave @SebieF @rseedorff