Generated changes

2020-12-10 23:35:02 +00:00 · 2020-12-10 23:35:02 +00:00 · 090bd1f72c
parent 168bcb29fe
commit 090bd1f72c
9 changed files with 88 additions and 13 deletions
--- a/assets/index.yaml
+++ b/assets/index.yaml
@ -794,6 +794,33 @@ entries:
    - assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.100.tgz
    version: 1.0.100
  rancher-external-ip-webhook:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: External IP Webhook
+      catalog.cattle.io/namespace: cattle-externalip-system
+      catalog.cattle.io/release-name: rancher-external-ip-webhook
+      catalog.cattle.io/ui-component: rancher-external-ip-webhook
+    apiVersion: v1
+    appVersion: v0.1.5
+    created: "2020-12-10T23:35:02.052471973Z"
+    description: |
+      Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554
+    digest: df88b40e17a9951ba481a7291882a6f5a7cb9367a96518e12df44171413273f2
+    home: https://github.com/rancher/externalip-webhook
+    keywords:
+    - cve
+    - externalip
+    - webhook
+    - security
+    maintainers:
+    - email: raul@rancher.com
+      name: rawmind0
+    name: rancher-external-ip-webhook
+    sources:
+    - https://github.com/rancher/externalip-webhook
+    urls:
+    - assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.500.tgz
+    version: 0.1.500
  - annotations:
      catalog.cattle.io/certified: rancher
      catalog.cattle.io/display-name: External IP Webhook
@ -2218,4 +2245,4 @@ entries:
    urls:
    - assets/rio/rio-0.8.000.tgz
    version: 0.8.000
-generated: "2020-12-09T00:19:04.804197372Z"
+generated: "2020-12-10T23:35:02.050697664Z"
--- a/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.500.tgz
+++ b/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.500.tgz
--- a/charts/rancher-external-ip-webhook/Chart.yaml
+++ b/charts/rancher-external-ip-webhook/Chart.yaml
@ -5,7 +5,7 @@ annotations:
  catalog.cattle.io/release-name: rancher-external-ip-webhook
  catalog.cattle.io/ui-component: rancher-external-ip-webhook
 apiVersion: v1
-appVersion: v0.1.4
+appVersion: v0.1.5
 description: |
  Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554
 home: https://github.com/rancher/externalip-webhook
@ -20,4 +20,4 @@ maintainers:
 name: rancher-external-ip-webhook
 sources:
 - https://github.com/rancher/externalip-webhook
-version: 0.1.400
+version: 0.1.500
--- a/charts/rancher-external-ip-webhook/README.md
+++ b/charts/rancher-external-ip-webhook/README.md
@ -8,7 +8,6 @@ This chart will create a deployment of `externalip-webhook` within your Kubernet

 To install the chart with the release name `rancher-external-ip-webhook`:

-
 ```bash
 $ helm repo add rancher-chart https://charts.rancher.io
 $ helm repo update
@ -67,4 +66,4 @@ $ helm repo update
 $ helm install rancher-external-ip-webhook rancher-chart/rancher-external-ip-webhook --namespace cattle-externalip-system -f values.yaml
 ```

-> **Tip**: You can use the default [values.yaml](values.yaml)
+> **Tip**: You can use the default [values.yaml](https://github.com/rancher/externalip-webhook/blob/master/chart/values.yaml)
--- a/charts/rancher-external-ip-webhook/app-README.md
+++ b/charts/rancher-external-ip-webhook/app-README.md
@ -2,8 +2,11 @@

 This chart was created to mitigate [CVE-2020-8554](https://www.cvedetails.com/cve/CVE-2020-8554/)

-External IP Webhook is a validating k8s webhook which prevents services from using random external IPs. Cluster administrators
-can specify list of CIDRs allowed to be used as external IP by specifying `allowed-external-ip-cidrs` parameter. 
-The webhook will only allow services which either don’t set external IP, or whose external IPs are within the range specified by the administrator.
+External IP Webhook is a validating k8s webhook which prevents services from using random external IPs. 
+Cluster administrators can specify list of CIDRs allowed to be used as external IP by specifying `allowed-external-ip-cidrs` parameter. The webhook will only allow services which either don’t set external IP, or whose external IPs are within the range specified by the administrator.
+
+External IP Webhook certificates are required. They can be generated in 2 ways:
+* cert-manager: This is the default chart configuration. Cert manager should be already installed at the k8s cluster
+* uploading certs: Disable `Cert Manager integration` and set `Secret name` and `CA Bundle` at  `Certificates` section.

 For more information, review the Helm README of this chart.
--- a/charts/rancher-external-ip-webhook/questions.yaml
+++ b/charts/rancher-external-ip-webhook/questions.yaml
@ -4,4 +4,23 @@ questions:
  label: Allowed external IP cidrs
  description: Set allowed external IP CIDRs separated by a comma
  type: string
-  group: Configuration
+  group: Configuration
+- variable: certificates.certManager.enabled
+  default: true
+  description: Enable cert manager integration. Cert manager should be already installed
+  label: Enable Cert Manager integration
+  type: boolean
+  group: "Certificates"
+  show_subquestion_if: false
+  subquestions:
+  - variable: certificates.secretName
+    default: webhook-server-cert
+    description: Use certificates from secret. Secret should exists in the app namespace, with certs data (ca.crt, tls.crt & tls.key)
+    label: Secret name
+    type: string
+    required: true
+  - variable: certificates.caBundle
+    description: Use self signed CA Bundle. It should be provided in base64 format
+    label: CA Bundle
+    type: string
+    required: true
--- a/charts/rancher-external-ip-webhook/values.yaml
+++ b/charts/rancher-external-ip-webhook/values.yaml
@ -15,7 +15,7 @@ image:
  pullPolicy: IfNotPresent
  pullSecrets: []
  repository: rancher/externalip-webhook
-  tag: v0.1.4
+  tag: v0.1.5
 ## Enabling metrics endpoint
 # Webhook emits `webhook_failed_request_count` metrics whenever it rejects service creation or update operation
 metrics:
--- a/index.yaml
+++ b/index.yaml
@ -794,6 +794,33 @@ entries:
    - assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.100.tgz
    version: 1.0.100
  rancher-external-ip-webhook:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: External IP Webhook
+      catalog.cattle.io/namespace: cattle-externalip-system
+      catalog.cattle.io/release-name: rancher-external-ip-webhook
+      catalog.cattle.io/ui-component: rancher-external-ip-webhook
+    apiVersion: v1
+    appVersion: v0.1.5
+    created: "2020-12-10T23:35:02.052471973Z"
+    description: |
+      Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554
+    digest: df88b40e17a9951ba481a7291882a6f5a7cb9367a96518e12df44171413273f2
+    home: https://github.com/rancher/externalip-webhook
+    keywords:
+    - cve
+    - externalip
+    - webhook
+    - security
+    maintainers:
+    - email: raul@rancher.com
+      name: rawmind0
+    name: rancher-external-ip-webhook
+    sources:
+    - https://github.com/rancher/externalip-webhook
+    urls:
+    - assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.500.tgz
+    version: 0.1.500
  - annotations:
      catalog.cattle.io/certified: rancher
      catalog.cattle.io/display-name: External IP Webhook
@ -2218,4 +2245,4 @@ entries:
    urls:
    - assets/rio/rio-0.8.000.tgz
    version: 0.8.000
-generated: "2020-12-09T00:19:04.804197372Z"
+generated: "2020-12-10T23:35:02.050697664Z"
--- a/sha256sum/rancher-external-ip-webhook/rancher-external-ip-webhook.sum
+++ b/sha256sum/rancher-external-ip-webhook/rancher-external-ip-webhook.sum
@ -1,2 +1,2 @@
-9f7d1eaa86b2b929e679dac7bb94e1632e959e6bc3f1137010474a24a38844b2  packages/rancher-external-ip-webhook/package.yaml
-98bb6cea7a63466baaf420932e03dec62c4a0460b50303ec46f1836b5c7b00d2  packages/rancher-external-ip-webhook/rancher-external-ip-webhook.patch
+33c0de67554dd98c9402b2bbaa02e55db6795748eaeb74b908e04a9c2b194495  packages/rancher-external-ip-webhook/package.yaml
+15390155a0619001eccdfbf5421bdcb93e2fde9298f0d137f54777cae19804ad  packages/rancher-external-ip-webhook/rancher-external-ip-webhook.patch