make charts

2023-02-08 20:12:56 +05:30 · 2023-02-08 20:12:56 +05:30 · 02556334fb
parent 1cfe8a9154
commit 02556334fb
8 changed files with 46 additions and 4 deletions
--- a/assets/rancher-gatekeeper-crd/rancher-gatekeeper-crd-102.0.0+up3.10.0.tgz
+++ b/assets/rancher-gatekeeper-crd/rancher-gatekeeper-crd-102.0.0+up3.10.0.tgz
--- a/assets/rancher-gatekeeper/rancher-gatekeeper-102.0.0+up3.10.0.tgz
+++ b/assets/rancher-gatekeeper/rancher-gatekeeper-102.0.0+up3.10.0.tgz
--- a/charts/rancher-gatekeeper-crd/102.0.0+up3.10.0/templates/jobs.yaml
+++ b/charts/rancher-gatekeeper-crd/102.0.0+up3.10.0/templates/jobs.yaml
@ -40,6 +40,12 @@ spec:
            - name: crd-manifest
              readOnly: true
              mountPath: /etc/config
+          securityContext:
+            {{- if .Values.enableRuntimeDefaultSeccompProfile }}
+            seccompProfile:
+              type: RuntimeDefault
+            {{- end }}
+            {{- toYaml .Values.securityContext | nindent 12 }}
      restartPolicy: OnFailure
      volumes:
      - name: crd-manifest
@ -88,6 +94,12 @@ spec:
            - name: crd-manifest
              readOnly: true
              mountPath: /etc/config
+          securityContext:
+            {{- if .Values.enableRuntimeDefaultSeccompProfile }}
+            seccompProfile:
+              type: RuntimeDefault
+            {{- end }}
+            {{- toYaml .Values.securityContext | nindent 12 }}
      containers:
        - name: delete-crds
          image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
@ -101,6 +113,12 @@ spec:
            - name: crd-manifest
              readOnly: true
              mountPath: /etc/config
+          securityContext:
+            {{- if .Values.enableRuntimeDefaultSeccompProfile }}
+            seccompProfile:
+              type: RuntimeDefault
+            {{- end }}
+            {{- toYaml .Values.securityContext | nindent 12 }}
      restartPolicy: OnFailure
      volumes:
      - name: crd-manifest
--- a/charts/rancher-gatekeeper-crd/102.0.0+up3.10.0/values.yaml
+++ b/charts/rancher-gatekeeper-crd/102.0.0+up3.10.0/values.yaml
@ -11,3 +11,11 @@ global:
 image:
  repository: rancher/kubectl
  tag: v1.20.2
+
+enableRuntimeDefaultSeccompProfile: true
+
+securityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+    - ALL
--- a/charts/rancher-gatekeeper/102.0.0+up3.10.0/templates/_helpers.tpl
+++ b/charts/rancher-gatekeeper/102.0.0+up3.10.0/templates/_helpers.tpl
@ -91,6 +91,10 @@ Output post install webhook probe container entry
  resources:
  {{- toYaml .Values.postInstall.resources | nindent 4 }}
  securityContext:
+  {{- if .Values.enableRuntimeDefaultSeccompProfile }}
+    seccompProfile:
+      type: RuntimeDefault
+  {{- end }}
  {{- toYaml .Values.postInstall.securityContext | nindent 4 }}
  volumeMounts:
  - mountPath: /certs
--- a/charts/rancher-gatekeeper/102.0.0+up3.10.0/templates/namespace-post-install.yaml
+++ b/charts/rancher-gatekeeper/102.0.0+up3.10.0/templates/namespace-post-install.yaml
@ -107,6 +107,12 @@ rules:
      {{- range .Values.postInstall.labelNamespace.extraNamespaces }}
      - {{ . }}
      {{- end }}
+  - apiGroups:
+      - management.cattle.io
+    resources:
+      - projects
+    verbs:
+      - updatepsa
 {{- with .Values.postInstall.labelNamespace.extraRules }}
  {{- toYaml . | nindent 2 }}
 {{- end }}
--- a/charts/rancher-gatekeeper/102.0.0+up3.10.0/templates/namespace-post-upgrade.yaml
+++ b/charts/rancher-gatekeeper/102.0.0+up3.10.0/templates/namespace-post-upgrade.yaml
@ -95,6 +95,12 @@ rules:
      {{- range .Values.postUpgrade.labelNamespace.extraNamespaces }}
      - {{ . }}
      {{- end }}
+  - apiGroups:
+      - management.cattle.io
+    resources:
+      - projects
+    verbs:
+      - updatepsa
 {{- end }}
 ---
 {{- if .Values.rbac.create }}
--- a/index.yaml
+++ b/index.yaml
@ -5808,10 +5808,10 @@ entries:
      catalog.cattle.io/ui-component: gatekeeper
    apiVersion: v2
    appVersion: v3.10.0
-    created: "2023-01-27T17:26:15.997458-05:00"
+    created: "2023-02-08T20:12:49.919744747+05:30"
    description: Modifies Open Policy Agent's upstream gatekeeper chart that provides
      policy-based control for cloud native environments
-    digest: 932abb4e8aa3702ba2ffba15bc5564d85a9e7ba0b1ed68d074ab35889d5e61c3
+    digest: 96dae222306d3764d91b9ba4de18699a1a76f5d04746a2fc8931a0fb40d78056
    home: https://github.com/open-policy-agent/gatekeeper
    icon: https://charts.rancher.io/assets/logos/gatekeeper.svg
    keywords:
@ -6142,9 +6142,9 @@ entries:
      catalog.cattle.io/namespace: cattle-gatekeeper-system
      catalog.cattle.io/release-name: rancher-gatekeeper-crd
    apiVersion: v1
-    created: "2023-01-27T19:37:41.424303-05:00"
+    created: "2023-02-08T20:12:49.933272881+05:30"
    description: Installs the CRDs for rancher-gatekeeper.
-    digest: 2418c52e443629f46b6bb4ae96ffd68872c1a42fca9153ca3818d43d5cb65d70
+    digest: e7038b05e2cf9ac04d403996426c54aac56cd1be7ba7b83805a9ad4d3992bad8
    name: rancher-gatekeeper-crd
    type: application
    urls: