Skip to content

chore: rename allowInsideKubewardenNamespace spec field.#1544

Merged
viccuad merged 2 commits intokubewarden:mainfrom
jvanz:update-crd-name
Mar 4, 2026
Merged

chore: rename allowInsideKubewardenNamespace spec field.#1544
viccuad merged 2 commits intokubewarden:mainfrom
jvanz:update-crd-name

Conversation

@jvanz
Copy link
Copy Markdown
Member

@jvanz jvanz commented Mar 3, 2026
edited
Loading

Description

This commit renames the recent added spec field called allowInsideKubewardenNamespace into allowInsideAdmissionControllerNamespace. This is done to reflect that Kubewarden now has more then the admission controller. Therefore, the previous field name can be misleading. The new name make clear that the configuration is related to the admission controller component from the Kubewarden ecosystem.

This is build on top of #1542. Thus, that PR should be merged before.

@jvanz
fix(charts): allow evaluations in controller namespace.
d1d1523 
In a recent change we added a new configuration field in cluster wide
policies. This flag tells the controller not to add the namespace
selector that skips evaluation of resources in the controller namespace.
However, there is a second layer of security to avoid resource
evaluations in some namespace configured in the policy-server. When the
controller has the
"--always-accept-admission-reviews-on-deployments-namespace" CLI flag
enabled, it adds the
"KUBEWARDEN_ALWAYS_ACCEPT_ADMISSION_REVIEWS_ON_NAMESPACE" environment
variable in the policy server deployment, configuring it to consider any
request for that namespace (in this case the controller one) as
accepted. This makes the policy configuration have no effect.

To fix this, this commit adds a new value field in the
kubewarden-controller helm chart to allow cluster administrators to
disable this CLI flag. Therefore, they would be able to run policies in
the Kubewarden namespace.

Signed-off-by: José Guilherme Vanz <jguilhermevanz@suse.com>
@jvanz jvanz requested a review from a team as a code owner March 3, 2026 22:52
@jvanz jvanz moved this from Pending review to Blocked in Kubewarden Admission Controller Mar 3, 2026
@jvanz jvanz mentioned this pull request Mar 3, 2026
Merged
@jvanz
chore: rename allowInsideKubewardenNamespace spec field.
4a3bfc6 
This commit renames the recent added spec field called
allowInsideKubewardenNamespace into
allowInsideAdmissionControllerNamespace. This is done to reflect that
Kubewarden now has more then the admission controller. Therefore, the
previous field name can be misleading. The new name make clear that the
configuration is related to the admission controller component from the
Kubewarden ecosystem.

Signed-off-by: José Guilherme Vanz <jguilhermevanz@suse.com>
@jvanz jvanz force-pushed the update-crd-name branch from ee1a979 to 4a3bfc6 Compare March 3, 2026 22:58
@jvanz jvanz mentioned this pull request Mar 3, 2026
Merged
@jvanz jvanz self-assigned this Mar 3, 2026
@jvanz jvanz moved this from Blocked to Pending review in Kubewarden Admission Controller Mar 3, 2026
@jvanz jvanz added this to the 1.33 milestone Mar 3, 2026
@codecov
Copy link
Copy Markdown

codecov Bot commented Mar 3, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 14.28571% with 6 lines in your changes missing coverage. Please review.
✅ Project coverage is 75.09%. Comparing base (00ce0a3) to head (4a3bfc6).
⚠️ Report is 9 commits behind head on main.

Files with missing lines Patch % Lines
api/policies/v1/clusteradmissionpolicy_types.go 0.00% 2 Missing ⚠️
...i/policies/v1/clusteradmissionpolicygroup_types.go 0.00% 2 Missing ⚠️
api/policies/v1/admissionpolicy_types.go 0.00% 1 Missing ⚠️
api/policies/v1/admissionpolicygroup_types.go 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1544      +/-   ##
==========================================
- Coverage   80.03%   75.09%   -4.94%     
==========================================
  Files         127      170      +43     
  Lines       16570    21059    +4489     
==========================================
+ Hits        13262    15815    +2553     
- Misses       3308     5030    +1722     
- Partials        0      214     +214
Flag Coverage Δ
go-tests 56.87% <14.28%> (?)
rust-tests 80.03% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@viccuad viccuad merged commit b08beb9 into kubewarden:main Mar 4, 2026
29 of 31 checks passed
@github-project-automation github-project-automation Bot moved this from Pending review to Done in Kubewarden Admission Controller Mar 4, 2026
@jvanz jvanz deleted the update-crd-name branch March 4, 2026 11:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@flavio flavio flavio approved these changes

@viccuad viccuad viccuad approved these changes

Assignees

@jvanz jvanz

Labels

kind/chore

Projects

Kubewarden Admission Controller
Archived in project

Milestone

1.33

Development

Successfully merging this pull request may close these issues.

3 participants

@jvanz @flavio @viccuad