add gatekeeper:3.7.1

packages/rancher-gatekeeper/generated-changes/patch/Chart.yaml.patch

@@ -12,7 +12,7 @@
 +  catalog.cattle.io/type: cluster-tool
 +  catalog.cattle.io/ui-component: gatekeeper
  apiVersion: v2
- appVersion: v3.6.0
+ appVersion: v3.7.1
 -description: A Helm chart for Gatekeeper
 +description: Modifies Open Policy Agent's upstream gatekeeper chart that provides
 +  policy-based control for cloud native environments
@@ -25,4 +25,4 @@
 +name: rancher-gatekeeper
  sources:
  - https://github.com/open-policy-agent/gatekeeper.git
- version: 3.6.0
+ version: 3.7.1

packages/rancher-gatekeeper/generated-changes/patch/README.md.patch

@@ -1,11 +1,11 @@
 --- charts-original/README.md
 +++ charts/README.md
-@@ -69,7 +69,7 @@
+@@ -71,7 +71,7 @@
- | postInstall.labelNamespace.image.tag         | Image tag                                                                              | `1.20.4-4.0.5`                                                            |
- | postInstall.labelNamespace.image.pullPolicy  | Image pullPolicy                                                                       | `IfNotPresent`                                                            |
  | postInstall.labelNamespace.image.pullSecrets | Image pullSecrets                                                                      | `[]`                                                                      |
+ | psp.enabled                                  | Enabled PodSecurityPolicy                                                              | `true`                                                                    |
+ | upgradeCRDs.enabled                          | Upgrade CRDs using pre-install/pre-upgrade hooks                                       | `true`                                                                    |
 -| auditInterval                                | The frequency with which audit is run                                                  | `60`                                                                      |
-+| auditInterval                                | The frequency with which audit is run                                                  | `300`                                                                     |
++| auditInterval                                | The frequency with which audit is run                                                  | `300`                                                                      |
  | constraintViolationsLimit                    | The maximum # of audit violations reported on a constraint                             | `20`                                                                      |
  | auditFromCache                               | Take the roster of resources to audit from the OPA cache                               | `false`                                                                   |
  | auditChunkSize                               | Chunk size for listing cluster resources for audit (alpha feature)                     | `0`                                                                       |

packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-audit-deployment.yaml.patch

@@ -1,6 +1,6 @@
 --- charts-original/templates/gatekeeper-audit-deployment.yaml
 +++ charts/templates/gatekeeper-audit-deployment.yaml
-@@ -65,8 +65,8 @@
+@@ -67,8 +67,8 @@
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
@@ -11,8 +11,8 @@
          livenessProbe:
            httpGet:
              path: /healthz
-@@ -96,7 +96,7 @@
+@@ -102,7 +102,7 @@
-           runAsUser: 1000
+       dnsPolicy: {{ .Values.audit.dnsPolicy }}
        hostNetwork: {{ .Values.audit.hostNetwork }}
        imagePullSecrets:
 -        {{- toYaml .Values.image.pullSecrets | nindent 8 }}

packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-controller-manager-deployment.yaml.patch

@@ -1,6 +1,6 @@
 --- charts-original/templates/gatekeeper-controller-manager-deployment.yaml
 +++ charts/templates/gatekeeper-controller-manager-deployment.yaml
-@@ -71,8 +71,8 @@
+@@ -76,8 +76,8 @@
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
@@ -11,8 +11,8 @@
          livenessProbe:
            httpGet:
              path: /healthz
-@@ -109,7 +109,7 @@
+@@ -115,7 +115,7 @@
-           readOnly: true
+       dnsPolicy: {{ .Values.controllerManager.dnsPolicy }}
        hostNetwork: {{ .Values.controllerManager.hostNetwork }}
        imagePullSecrets:
 -        {{- toYaml .Values.image.pullSecrets | nindent 8 }}

packages/rancher-gatekeeper/generated-changes/patch/templates/namespace-post-install.yaml.patch

@@ -7,5 +7,5 @@
 -          image: "{{ .Values.postInstall.labelNamespace.image.repository }}:{{ .Values.postInstall.labelNamespace.image.tag }}"
 +          image: '{{ template "system_default_registry" . }}{{ .Values.postInstall.labelNamespace.image.repository }}:{{ .Values.postInstall.labelNamespace.image.tag }}'
            imagePullPolicy: {{ .Values.postInstall.labelNamespace.image.pullPolicy }}
-           command:
+           args:
-             - kubectl
+             - label

packages/rancher-gatekeeper/generated-changes/patch/templates/upgrade-crds-hook.yaml.patch

@@ -1,7 +1,15 @@
 --- charts-original/templates/upgrade-crds-hook.yaml
 +++ charts/templates/upgrade-crds-hook.yaml
-@@ -72,8 +72,8 @@
+@@ -75,14 +75,14 @@
+     spec:
+       serviceAccountName: gatekeeper-admin-upgrade-crds
        restartPolicy: Never
+-      {{- if .Values.image.pullSecrets }}
++      {{- if .Values.images.pullSecrets }}
+       imagePullSecrets:
+-        {{- toYaml .Values.image.pullSecrets | nindent 8 }}
++        {{- toYaml .Values.images.pullSecrets | nindent 8 }}
+       {{- end }}
        containers:
        - name: crds-upgrade
 -        image: '{{ .Values.image.crdRepository }}:{{ .Values.image.release }}'

packages/rancher-gatekeeper/generated-changes/patch/values.yaml.patch

@@ -7,12 +7,12 @@
  auditMatchKindOnly: false
  constraintViolationsLimit: 20
  auditFromCache: false
-@@ -19,14 +19,17 @@
+@@ -22,14 +22,17 @@
    labelNamespace:
      enabled: true
      image:
--      repository: line/kubectl-kustomize
+-      repository: openpolicyagent/gatekeeper-crds
--      tag: 1.20.4-4.0.5
+-      tag: v3.7.1
 +      repository: rancher/kubectl
 +      tag: v1.20.2
        pullPolicy: IfNotPresent
@@ -20,18 +20,18 @@
 -image:
 -  repository: openpolicyagent/gatekeeper
 -  crdRepository: openpolicyagent/gatekeeper-crds
--  release: v3.6.0
+-  release: v3.7.1
 +images:
 +  gatekeeper:
 +    repository: rancher/mirrored-openpolicyagent-gatekeeper
-+    tag: v3.6.0
++    tag: v3.7.1
 +  gatekeepercrd:
 +    repository: rancher/mirrored-openpolicyagent-gatekeeper-crds
-+    tag: v3.6.0
++    tag: v3.7.1
    pullPolicy: IfNotPresent
    pullSecrets: []
  podAnnotations:
-@@ -80,5 +83,11 @@
+@@ -89,6 +92,12 @@
  pdb:
    controllerManager:
      minAvailable: 1
@@ -43,3 +43,4 @@
 +    tag: v1.20.2
  service: {}
  disabledBuiltins:
+ psp:

packages/rancher-gatekeeper/package.yaml

@@ -1,5 +1,5 @@
-url: https://open-policy-agent.github.io/gatekeeper/charts/gatekeeper-3.6.0.tgz
+url: https://open-policy-agent.github.io/gatekeeper/charts/gatekeeper-3.7.1.tgz
-version: 100.0.1
+version: 100.1.0
 additionalCharts:
   - workingDir: charts-crd
     crdOptions:

release.yaml

@@ -31,8 +31,11 @@ rancher-aks-operator-crd:
 - 100.0.4+up1.0.5-rc1
 rancher-istio:
 - 100.2.0+up1.12.6
-
 neuvector:
 - 100.0.0+up2.2.0-b1
 neuvector-crd:
 - 100.0.0+up2.2.0-b1
+rancher-gatekeeper:
+- 100.1.0+up3.7.1
+rancher-gatekeeper-crd:
+- 100.1.0+up3.7.1