Skip to content

Commit

Permalink
make prepare/patch gatekeeper 3.13.0
Browse files Browse the repository at this point in the history
  • Loading branch information
@diogoasouza
diogoasouza committed Aug 17, 2023
1 parent f0f381f commit bf84f23
Show file tree
Hide file tree
Showing 13 changed files with 52 additions and 68 deletions.
6 changes: 3 additions & 3 deletions packages/rancher-gatekeeper/generated-changes/patch/Chart.yaml.patch
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
+ catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/display-name: OPA Gatekeeper
+ catalog.cattle.io/kube-version: '>= 1.20.0-0 < 1.27.0-0'
+ catalog.cattle.io/kube-version: '>= 1.20.0-0 < 1.28.0-0'
+ catalog.cattle.io/namespace: cattle-gatekeeper-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/permits-os: linux,windows
Expand All @@ -15,7 +15,7 @@
+ catalog.cattle.io/type: cluster-tool
+ catalog.cattle.io/ui-component: gatekeeper
apiVersion: v2
appVersion: v3.12.0
appVersion: v3.13.0
-description: A Helm chart for Gatekeeper
+description: Modifies Open Policy Agent's upstream gatekeeper chart that provides
+ policy-based control for cloud native environments
Expand All @@ -29,4 +29,4 @@
+name: rancher-gatekeeper
sources:
- https://github.com/open-policy-agent/gatekeeper.git
version: 3.12.0
version: 3.13.0
12 changes: 3 additions & 9 deletions packages/rancher-gatekeeper/generated-changes/patch/README.md.patch
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,5 @@
--- charts-original/README.md
+++ charts/README.md
@@ -118,7 +118,7 @@
| crds.nodeSelector | The node selector to use for pod scheduling in crds hook jobs | `kubernetes.io/os: linux` |
| crds.resources | The resource request/limits for the container image in crds hook jobs | `{}` |
| crds.securityContext | Security context applied to the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 65532, "runAsNonRoot": true, "runAsUser": 65532 }` |
-| auditInterval | The frequency with which audit is run | `60` |
+| auditInterval | The frequency with which audit is run | `300` |
| constraintViolationsLimit | The maximum # of audit violations reported on a constraint | `20` |
| auditFromCache | Take the roster of resources to audit from the audit cache | `false` |
| auditChunkSize | Chunk size for listing cluster resources for audit (alpha feature) | `500` |
@@ -129,7 +129,7 @@
| crds.nodeSelector | The node selector to use for pod scheduling in crds hook jobs | `kubernetes.io/os: linux` -| auditInterval | The frequency with which audit is run | `60` +| auditInterval | The frequency with which audit is run | `300` |
| constraintViolationsLimit | The maximum # of audit violations reported on a constraint | `20`
2 changes: 1 addition & 1 deletion packages/rancher-gatekeeper/generated-changes/patch/templates/_helpers.tpl.patch
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@
imagePullPolicy: {{ .Values.postInstall.probeWebhook.image.pullPolicy }}
command:
- "curl"
@@ -69,10 +92,10 @@
@@ -70,10 +93,10 @@
resources:
{{- toYaml .Values.postInstall.resources | nindent 4 }}
securityContext:
Expand Down
8 changes: 4 additions & 4 deletions ...ncher-gatekeeper/generated-changes/patch/templates/gatekeeper-audit-deployment.yaml.patch
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
--- charts-original/templates/gatekeeper-audit-deployment.yaml
+++ charts/templates/gatekeeper-audit-deployment.yaml
@@ -42,11 +42,7 @@
@@ -45,11 +45,7 @@
{{- toYaml .Values.audit.affinity | nindent 8 }}
automountServiceAccountToken: true
containers:
Expand All @@ -13,7 +13,7 @@
args:
- --audit-interval={{ .Values.auditInterval }}
- --log-level={{ (.Values.audit.logLevel | empty | not) | ternary .Values.audit.logLevel .Values.logLevel }}
@@ -94,7 +90,7 @@
@@ -102,7 +98,7 @@
fieldPath: metadata.namespace
- name: CONTAINER_NAME
value: manager
Expand All @@ -22,7 +22,7 @@
livenessProbe:
httpGet:
path: /healthz
@@ -130,9 +126,11 @@
@@ -138,9 +134,11 @@
dnsPolicy: {{ .Values.audit.dnsPolicy }}
hostNetwork: {{ .Values.audit.hostNetwork }}
imagePullSecrets:
Expand All @@ -37,7 +37,7 @@
{{- if .Values.audit.priorityClassName }}
priorityClassName: {{ .Values.audit.priorityClassName }}
{{- end }}
@@ -140,8 +138,10 @@
@@ -148,8 +146,10 @@
{{- toYaml .Values.audit.podSecurityContext | nindent 8 }}
serviceAccountName: gatekeeper-admin
terminationGracePeriodSeconds: 60
Expand Down
8 changes: 4 additions & 4 deletions ...per/generated-changes/patch/templates/gatekeeper-controller-manager-deployment.yaml.patch
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
--- charts-original/templates/gatekeeper-controller-manager-deployment.yaml
+++ charts/templates/gatekeeper-controller-manager-deployment.yaml
@@ -42,11 +42,8 @@
@@ -44,11 +44,8 @@
{{- toYaml .Values.controllerManager.affinity | nindent 8 }}
automountServiceAccountToken: true
containers:
Expand All @@ -14,15 +14,15 @@
args:
- --port={{ .Values.controllerManager.port }}
- --health-addr=:{{ .Values.controllerManager.healthPort }}
@@ -111,7 +108,6 @@
@@ -113,7 +110,6 @@
fieldPath: metadata.namespace
- name: CONTAINER_NAME
value: manager
- imagePullPolicy: '{{ .Values.image.pullPolicy }}'
livenessProbe:
httpGet:
path: /healthz
@@ -148,9 +144,11 @@
@@ -150,9 +146,11 @@
dnsPolicy: {{ .Values.controllerManager.dnsPolicy }}
hostNetwork: {{ .Values.controllerManager.hostNetwork }}
imagePullSecrets:
Expand All @@ -37,7 +37,7 @@
{{- if .Values.controllerManager.priorityClassName }}
priorityClassName: {{ .Values.controllerManager.priorityClassName }}
{{- end }}
@@ -158,8 +156,10 @@
@@ -160,8 +158,10 @@
{{- toYaml .Values.controllerManager.podSecurityContext | nindent 8 }}
serviceAccountName: gatekeeper-admin
terminationGracePeriodSeconds: 60
Expand Down
2 changes: 1 addition & 1 deletion ...tekeeper/generated-changes/patch/templates/gatekeeper-manager-role-clusterrole.yaml.patch
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
--- charts-original/templates/gatekeeper-manager-role-clusterrole.yaml
+++ charts/templates/gatekeeper-manager-role-clusterrole.yaml
@@ -106,7 +106,7 @@
@@ -118,7 +118,7 @@
- patch
- update
- watch
Expand Down
6 changes: 3 additions & 3 deletions ...es/rancher-gatekeeper/generated-changes/patch/templates/namespace-post-install.yaml.patch
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
--- charts-original/templates/namespace-post-install.yaml
+++ charts/templates/namespace-post-install.yaml
@@ -44,7 +44,7 @@
@@ -47,7 +47,7 @@
{{- end }}
containers:
- name: kubectl-label
Expand All @@ -9,7 +9,7 @@
imagePullPolicy: {{ .Values.postInstall.labelNamespace.image.pullPolicy }}
args:
- label
@@ -85,12 +85,10 @@
@@ -88,12 +88,10 @@
{{- toYaml .Values.postInstall.securityContext | nindent 12 }}
{{- end }}
{{- with .Values.postInstall }}
Expand All @@ -24,7 +24,7 @@
{{- end }}
---
apiVersion: v1
@@ -132,6 +130,12 @@
@@ -135,6 +133,12 @@
{{- range .Values.postInstall.labelNamespace.extraNamespaces }}
- {{ . }}
{{- end }}
Expand Down
8 changes: 4 additions & 4 deletions ...es/rancher-gatekeeper/generated-changes/patch/templates/namespace-post-upgrade.yaml.patch
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
--- charts-original/templates/namespace-post-upgrade.yaml
+++ charts/templates/namespace-post-upgrade.yaml
@@ -36,7 +36,7 @@
serviceAccount: gatekeeper-update-namespace-label-post-upgrade
@@ -39,7 +39,7 @@
{{- end }}
containers:
- name: kubectl-label
- image: "{{ .Values.postUpgrade.labelNamespace.image.repository }}:{{ .Values.postUpgrade.labelNamespace.image.tag }}"
+ image: '{{ template "system_default_registry" . }}{{ .Values.postUpgrade.labelNamespace.image.repository }}:{{ .Values.postUpgrade.labelNamespace.image.tag }}'
imagePullPolicy: {{ .Values.postUpgrade.labelNamespace.image.pullPolicy }}
args:
- label
@@ -77,12 +77,10 @@
@@ -80,12 +80,10 @@
{{- toYaml .Values.postUpgrade.securityContext | nindent 12 }}
{{- end }}
{{- with .Values.postUpgrade }}
Expand All @@ -24,7 +24,7 @@
{{- end }}
---
apiVersion: v1
@@ -123,6 +121,12 @@
@@ -126,6 +124,12 @@
{{- range .Values.postUpgrade.labelNamespace.extraNamespaces }}
- {{ . }}
{{- end }}
Expand Down
4 changes: 2 additions & 2 deletions ...ancher-gatekeeper/generated-changes/patch/templates/probe-webhook-post-install.yaml.patch
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
--- charts-original/templates/probe-webhook-post-install.yaml
+++ charts/templates/probe-webhook-post-install.yaml
@@ -37,12 +37,10 @@
@@ -40,12 +40,10 @@
containers:
{{- include "gatekeeper.postInstallWebhookProbeContainer" . | nindent 8 }}
{{- with .Values.postInstall }}
Expand All @@ -13,5 +13,5 @@
- nodeSelector:
- {{- toYaml .nodeSelector | nindent 8 }}
{{- end }}
{{- end }}
backoffLimit: 3
{{- end }}
13 changes: 7 additions & 6 deletions packages/rancher-gatekeeper/generated-changes/patch/templates/upgrade-crds-hook.yaml.patch
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,15 @@
--- charts-original/templates/upgrade-crds-hook.yaml
+++ charts/templates/upgrade-crds-hook.yaml
@@ -87,26 +87,14 @@
@@ -87,7 +87,7 @@
spec:
serviceAccountName: gatekeeper-admin-upgrade-crds
restartPolicy: Never
- {{- if .Values.image.pullSecrets }}
+ {{- if .Values.images.pullSecrets }}
imagePullSecrets:
- {{- toYaml .Values.image.pullSecrets | nindent 8 }}
+ {{- toYaml .Values.images.pullSecrets | nindent 8 }}
{{- toYaml .Values.image.pullSecrets | nindent 8 }}
{{- end }}
@@ -96,20 +96,8 @@
{{- end }}
containers:
- name: crds-upgrade
Expand All @@ -31,12 +32,12 @@
args:
- apply
- -f
@@ -120,11 +108,9 @@
@@ -123,11 +111,9 @@
{{- end }}
{{- toYaml .Values.crds.securityContext | nindent 10 }}
{{- with .Values.crds }}
+ nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+ tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+ nodeSelector: { { include "linux-node-selector" . | nindent 8 } }
+ tolerations: { { include "linux-node-tolerations" . | nindent 8 } }
affinity:
{{- toYaml .affinity | nindent 8 }}
- tolerations:
Expand Down
17 changes: 4 additions & 13 deletions ...ancher-gatekeeper/generated-changes/patch/templates/webhook-configs-pre-delete.yaml.patch
View file
Original file line number Diff line number Diff line change
@@ -1,26 +1,17 @@
--- charts-original/templates/webhook-configs-pre-delete.yaml
+++ charts/templates/webhook-configs-pre-delete.yaml
@@ -35,7 +35,7 @@
serviceAccount: gatekeeper-delete-webhook-configs
@@ -38,7 +38,7 @@
{{- end }}
containers:
- name: kubectl-delete
- image: "{{ .Values.preUninstall.deleteWebhookConfigurations.image.repository }}:{{ .Values.preUninstall.deleteWebhookConfigurations.image.tag }}"
+ image: '{{ template "system_default_registry" . }}{{ .Values.preUninstall.deleteWebhookConfigurations.image.repository }}:{{ .Values.preUninstall.deleteWebhookConfigurations.image.tag }}'
imagePullPolicy: {{ .Values.preUninstall.deleteWebhookConfigurations.image.pullPolicy }}
args:
- delete
@@ -46,7 +46,7 @@
- mutatingwebhookconfiguration/{{ .Values.mutatingWebhookName }}
{{- end }}
resources:
- {{- toYaml .Values.preUninstall.resources | nindent 10 }}
+ {{- toYaml .Values.preUninstall.resources | nindent 12 }}
securityContext:
{{- if .Values.enableRuntimeDefaultSeccompProfile }}
seccompProfile:
@@ -54,12 +54,16 @@
@@ -57,12 +57,16 @@
{{- end }}
{{- toYaml .Values.preUninstall.securityContext | nindent 10 }}
{{- toYaml .Values.preUninstall.securityContext | nindent 12 }}
{{- with .Values.preUninstall }}
- nodeSelector:
- {{- toYaml .nodeSelector | nindent 8 }}
Expand Down
30 changes: 14 additions & 16 deletions packages/rancher-gatekeeper/generated-changes/patch/values.yaml.patch
View file
Original file line number Diff line number Diff line change
@@ -1,44 +1,41 @@
--- charts-original/values.yaml
+++ charts/values.yaml
@@ -37,10 +37,13 @@
@@ -39,10 +39,10 @@
admissionEventsInvolvedNamespace: false
auditEventsInvolvedNamespace: false
resourceQuota: true
-image:
- repository: openpolicyagent/gatekeeper
- crdRepository: openpolicyagent/gatekeeper-crds
- release: v3.12.0
- release: v3.13.0
+images:
+ gatekeeper:
+ repository: rancher/mirrored-openpolicyagent-gatekeeper
+ tag: v3.12.0
+ gatekeepercrd:
+ repository: rancher/mirrored-openpolicyagent-gatekeeper-crds
+ tag: v3.12.0
+ tag: v3.13.0
pullPolicy: IfNotPresent
pullSecrets: []
preInstall:
@@ -52,8 +55,8 @@
@@ -54,8 +54,8 @@
labelNamespace:
enabled: false
image:
- repository: openpolicyagent/gatekeeper-crds
- tag: v3.12.0
- tag: v3.13.0
+ repository: rancher/kubectl
+ tag: v1.20.2
pullPolicy: IfNotPresent
pullSecrets: []
extraNamespaces: []
@@ -82,7 +85,7 @@
@@ -85,7 +85,7 @@
enabled: true
extraRules: []
image:
- repository: openpolicyagent/gatekeeper-crds
+ repository: rancher/mirrored-openpolicyagent-gatekeeper-crds
tag: v3.12.0
tag: v3.13.0
pullPolicy: IfNotPresent
pullSecrets: []
@@ -97,7 +100,7 @@
@@ -101,7 +101,7 @@
probeWebhook:
enabled: true
image:
Expand All @@ -47,23 +44,24 @@
tag: 7.83.1
pullPolicy: IfNotPresent
pullSecrets: []
@@ -121,13 +124,13 @@
@@ -126,14 +126,14 @@
extraRules: []
enabled: false
image:
- repository: openpolicyagent/gatekeeper-crds
+ repository: rancher/mirrored-openpolicyagent-gatekeeper-crds
tag: v3.12.0
tag: v3.13.0
pullPolicy: IfNotPresent
pullSecrets: []
priorityClassName: ""
affinity: {}
tolerations: []
- nodeSelector: {kubernetes.io/os: linux}
+ nodeSelector: {}
resources: {}
securityContext:
allowPrivilegeEscalation: false
@@ -171,7 +174,7 @@
@@ -179,7 +179,7 @@
weight: 100
topologySpreadConstraints: []
tolerations: []
Expand All @@ -72,7 +70,7 @@
resources:
limits:
memory: 512Mi
@@ -209,7 +212,7 @@
@@ -218,7 +218,7 @@
disableCertRotation: true
affinity: {}
tolerations: []
Expand All @@ -81,7 +79,7 @@
resources:
limits:
memory: 512Mi
@@ -248,10 +251,16 @@
@@ -257,10 +257,16 @@
pdb:
controllerManager:
minAvailable: 1
Expand Down
4 changes: 2 additions & 2 deletions packages/rancher-gatekeeper/package.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
url: https://open-policy-agent.github.io/gatekeeper/charts/gatekeeper-3.12.0.tgz
version: 103.0.0
url: https://open-policy-agent.github.io/gatekeeper/charts/gatekeeper-3.13.0.tgz
version: 103.1.0
additionalCharts:
- workingDir: charts-crd
crdOptions:
Expand Down

0 comments on commit bf84f23

Please sign in to comment.