-
Task
-
Resolution: Done
-
Normal
-
None
-
None
-
None
-
None
-
Future Sustainability
-
False
-
-
False
-
-
-
Rox Sprint 4.9E - Global, Rox Sprint 4.9F - Global, Rox Sprint 4.9G - Global
Requirements:
- In the secured cluster CRD, mark the listenOnCreates, listenOnEvents and listenOnUpdates settings as deprecated, but they will need to remain in the CRD, though they will not end up in the translation logic and hence be ignored.
- A new option that controls whether the webhook enforces policies or not will be introduced. Enforce (True/False) - defaulting to True on fresh install. On upgrade, if either or both of the existing enforce options were selected, it will be set to True, False otherwise. This needs to be implemented using the new runtime defaulting mechanism.
- The existing contactImageScanners setting shall be marked as deprecated and ignored for translation.
- The "bypass" setting can be set to either "BreakGlassAnnotation" or "Disabled". According to the design doc "disable bypass annotation" shall default to "false", which, when translating to the CRD, would mean "BreakGlassAnnotation", which currently is the static default already. We shall remove the static defaulting and turn this into runtime defaulting.
- The timeoutSeconds setting will be deprecated and ignored during translation.
- Fail open/close will be a new configuration option available for the users defaulted or upgraded to Fail Open
