diff --git a/assets/rancher-webhook/rancher-webhook-103.0.0+up0.4.1-rc1.tgz b/assets/rancher-webhook/rancher-webhook-103.0.0+up0.4.1-rc1.tgz deleted file mode 100644 index 570f3a6a4..000000000 Binary files a/assets/rancher-webhook/rancher-webhook-103.0.0+up0.4.1-rc1.tgz and /dev/null differ diff --git a/charts/rancher-webhook/103.0.0+up0.4.1-rc1/Chart.yaml b/charts/rancher-webhook/103.0.0+up0.4.1-rc1/Chart.yaml deleted file mode 100644 index b35acf056..000000000 --- a/charts/rancher-webhook/103.0.0+up0.4.1-rc1/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.28.0-0' - catalog.cattle.io/namespace: cattle-system - catalog.cattle.io/os: linux - catalog.cattle.io/permits-os: linux,windows - catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0' - catalog.cattle.io/release-name: rancher-webhook -apiVersion: v2 -appVersion: 0.4.1-rc1 -dependencies: -- condition: capi.enabled - name: capi - repository: "" -description: ValidatingAdmissionWebhook for Rancher types -name: rancher-webhook -version: 103.0.0+up0.4.1-rc1 diff --git a/charts/rancher-webhook/103.0.0+up0.4.1-rc1/charts/capi/Chart.yaml b/charts/rancher-webhook/103.0.0+up0.4.1-rc1/charts/capi/Chart.yaml deleted file mode 100644 index 388210bef..000000000 --- a/charts/rancher-webhook/103.0.0+up0.4.1-rc1/charts/capi/Chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v2 -appVersion: 0.0.0 -name: capi -version: 0.0.0 diff --git a/charts/rancher-webhook/103.0.0+up0.4.1-rc1/charts/capi/templates/service.yaml b/charts/rancher-webhook/103.0.0+up0.4.1-rc1/charts/capi/templates/service.yaml deleted file mode 100644 index de7c255c4..000000000 --- a/charts/rancher-webhook/103.0.0+up0.4.1-rc1/charts/capi/templates/service.yaml +++ /dev/null @@ -1,13 +0,0 @@ -kind: Service -apiVersion: v1 -metadata: - name: webhook-service - annotations: - need-a-cert.cattle.io/secret-name: rancher-webhook-tls -spec: - ports: - - name: https - port: 443 - targetPort: {{ .Values.port | default 8777 }} - selector: - app: rancher-webhook diff --git a/charts/rancher-webhook/103.0.0+up0.4.1-rc1/templates/_helpers.tpl b/charts/rancher-webhook/103.0.0+up0.4.1-rc1/templates/_helpers.tpl deleted file mode 100644 index c37a65c6f..000000000 --- a/charts/rancher-webhook/103.0.0+up0.4.1-rc1/templates/_helpers.tpl +++ /dev/null @@ -1,22 +0,0 @@ -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} - -{{- define "rancher-webhook.labels" -}} -app: rancher-webhook -{{- end }} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -kubernetes.io/os: linux -{{- end -}} \ No newline at end of file diff --git a/charts/rancher-webhook/103.0.0+up0.4.1-rc1/templates/deployment.yaml b/charts/rancher-webhook/103.0.0+up0.4.1-rc1/templates/deployment.yaml deleted file mode 100644 index a0cc77c2d..000000000 --- a/charts/rancher-webhook/103.0.0+up0.4.1-rc1/templates/deployment.yaml +++ /dev/null @@ -1,102 +0,0 @@ -{{- $auth := .Values.auth | default dict }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: rancher-webhook -spec: - selector: - matchLabels: - app: rancher-webhook - template: - metadata: - labels: - app: rancher-webhook - spec: - {{- if or .Values.capi.enabled $auth.clientCA }} - volumes: - {{- end }} - {{- if .Values.capi.enabled }} - - name: tls - secret: - secretName: rancher-webhook-tls - {{- end }} - {{- if $auth.clientCA }} - - name: client-ca - secret: - secretName: client-ca - {{- end }} - {{- if .Values.global.hostNetwork }} - hostNetwork: true - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} - {{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 6 }} - {{- if .Values.tolerations }} -{{ toYaml .Values.tolerations | indent 6 }} - {{- end }} - containers: - - env: - - name: STAMP - value: "{{.Values.stamp}}" - - name: ENABLE_CAPI - value: "{{.Values.capi.enabled}}" - - name: ENABLE_MCM - value: "{{.Values.mcm.enabled}}" - - name: CATTLE_PORT - value: {{.Values.port | default 9443 | quote}} - - name: CATTLE_CAPI_PORT - value: {{.Values.capi.port | default 8777 | quote}} - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- if $auth.allowedCNs }} - - name: ALLOWED_CNS - value: '{{ join "," $auth.allowedCNs }}' - {{- end }} - image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' - name: rancher-webhook - imagePullPolicy: "{{ .Values.image.imagePullPolicy }}" - ports: - - name: https - containerPort: {{ .Values.port | default 9443 }} - - name: capi-https - containerPort: {{ .Values.capi.port | default 8777}} - startupProbe: - httpGet: - path: "/healthz" - port: "https" - scheme: "HTTPS" - failureThreshold: 60 - periodSeconds: 5 - livenessProbe: - httpGet: - path: "/healthz" - port: "https" - scheme: "HTTPS" - periodSeconds: 5 - {{- if or .Values.capi.enabled $auth.clientCA }} - volumeMounts: - {{- end }} - {{- if .Values.capi.enabled }} - - name: tls - mountPath: /tmp/k8s-webhook-server/serving-certs - readOnly: true - {{- end }} - {{- if $auth.clientCA }} - - name: client-ca - mountPath: /tmp/k8s-webhook-server/client-ca - readOnly: true - {{- end }} - {{- if .Values.capNetBindService }} - securityContext: - capabilities: - add: - - NET_BIND_SERVICE - {{- end }} - serviceAccountName: rancher-webhook - {{- if .Values.priorityClassName }} - priorityClassName: "{{.Values.priorityClassName}}" - {{- end }} diff --git a/charts/rancher-webhook/103.0.0+up0.4.1-rc1/templates/rbac.yaml b/charts/rancher-webhook/103.0.0+up0.4.1-rc1/templates/rbac.yaml deleted file mode 100644 index f4364995c..000000000 --- a/charts/rancher-webhook/103.0.0+up0.4.1-rc1/templates/rbac.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: rancher-webhook -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: -- kind: ServiceAccount - name: rancher-webhook - namespace: {{.Release.Namespace}} \ No newline at end of file diff --git a/charts/rancher-webhook/103.0.0+up0.4.1-rc1/templates/secret.yaml b/charts/rancher-webhook/103.0.0+up0.4.1-rc1/templates/secret.yaml deleted file mode 100644 index 9fd331dc1..000000000 --- a/charts/rancher-webhook/103.0.0+up0.4.1-rc1/templates/secret.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- $auth := .Values.auth | default dict }} -{{- if $auth.clientCA }} -apiVersion: v1 -data: - ca.crt: {{ $auth.clientCA }} -kind: Secret -metadata: - name: client-ca - namespace: cattle-system -type: Opaque -{{- end }} diff --git a/charts/rancher-webhook/103.0.0+up0.4.1-rc1/templates/service.yaml b/charts/rancher-webhook/103.0.0+up0.4.1-rc1/templates/service.yaml deleted file mode 100644 index 220afebea..000000000 --- a/charts/rancher-webhook/103.0.0+up0.4.1-rc1/templates/service.yaml +++ /dev/null @@ -1,13 +0,0 @@ -kind: Service -apiVersion: v1 -metadata: - name: rancher-webhook - namespace: cattle-system -spec: - ports: - - port: 443 - targetPort: {{ .Values.port | default 9443 }} - protocol: TCP - name: https - selector: - app: rancher-webhook diff --git a/charts/rancher-webhook/103.0.0+up0.4.1-rc1/templates/serviceaccount.yaml b/charts/rancher-webhook/103.0.0+up0.4.1-rc1/templates/serviceaccount.yaml deleted file mode 100644 index 9e7ad7e1f..000000000 --- a/charts/rancher-webhook/103.0.0+up0.4.1-rc1/templates/serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: rancher-webhook ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: rancher-webhook-sudo - annotations: - cattle.io/description: "SA which can be impersonated to bypass rancher-webhook validation" \ No newline at end of file diff --git a/charts/rancher-webhook/103.0.0+up0.4.1-rc1/templates/webhook.yaml b/charts/rancher-webhook/103.0.0+up0.4.1-rc1/templates/webhook.yaml deleted file mode 100644 index 53a0687b6..000000000 --- a/charts/rancher-webhook/103.0.0+up0.4.1-rc1/templates/webhook.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: rancher.cattle.io ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: rancher.cattle.io diff --git a/charts/rancher-webhook/103.0.0+up0.4.1-rc1/tests/README.md b/charts/rancher-webhook/103.0.0+up0.4.1-rc1/tests/README.md deleted file mode 100644 index 6d3059a00..000000000 --- a/charts/rancher-webhook/103.0.0+up0.4.1-rc1/tests/README.md +++ /dev/null @@ -1,16 +0,0 @@ - -## local dev testing instructions - -Option 1: Full chart CI run with a live cluster - -```bash -./scripts/charts/ci -``` - -Option 2: Test runs against the chart only - -```bash -# install the helm plugin first - helm plugin install https://github.com/helm-unittest/helm-unittest.git -bash dev-scripts/helm-unittest.sh -``` - diff --git a/charts/rancher-webhook/103.0.0+up0.4.1-rc1/tests/capi-service_test.yaml b/charts/rancher-webhook/103.0.0+up0.4.1-rc1/tests/capi-service_test.yaml deleted file mode 100644 index 4ee94a84a..000000000 --- a/charts/rancher-webhook/103.0.0+up0.4.1-rc1/tests/capi-service_test.yaml +++ /dev/null @@ -1,20 +0,0 @@ -suite: Test Service -templates: - - charts/capi/templates/service.yaml -tests: - - it: should set webhook default port values - set: - capi.enabled: true - asserts: - - equal: - path: spec.ports[0].targetPort - value: 8777 - - - it: should set updated target port - set: - capi.port: 2319 - capi.enabled: true - asserts: - - equal: - path: spec.ports[0].targetPort - value: 2319 diff --git a/charts/rancher-webhook/103.0.0+up0.4.1-rc1/tests/deployment_test.yaml b/charts/rancher-webhook/103.0.0+up0.4.1-rc1/tests/deployment_test.yaml deleted file mode 100644 index 5f153461c..000000000 --- a/charts/rancher-webhook/103.0.0+up0.4.1-rc1/tests/deployment_test.yaml +++ /dev/null @@ -1,94 +0,0 @@ -suite: Test Deployment -templates: - - deployment.yaml - -tests: - - it: should set webhook default port values - asserts: - - equal: - path: spec.template.spec.containers[0].ports[0].containerPort - value: 9443 - - equal: - path: spec.template.spec.containers[0].ports[1].containerPort - value: 8777 - - contains: - path: spec.template.spec.containers[0].env - content: - name: CATTLE_PORT - value: "9443" - - contains: - path: spec.template.spec.containers[0].env - content: - name: CATTLE_CAPI_PORT - value: "8777" - - - it: should set updated webhook port - set: - port: 2319 - asserts: - - equal: - path: spec.template.spec.containers[0].ports[0].containerPort - value: 2319 - - contains: - path: spec.template.spec.containers[0].env - content: - name: CATTLE_PORT - value: "2319" - - - it: should set updated capi port - set: - capi.port: 2319 - asserts: - - equal: - path: spec.template.spec.containers[0].ports[1].containerPort - value: 2319 - - contains: - path: spec.template.spec.containers[0].env - content: - name: CATTLE_CAPI_PORT - value: "2319" - - - it: should not set capabilities by default. - asserts: - - isNull: - path: spec.template.spec.containers[0].securityContext - - - it: should set net capabilities when capNetBindService is true. - set: - capNetBindService: true - asserts: - - contains: - path: spec.template.spec.containers[0].securityContext.capabilities.add - content: NET_BIND_SERVICE - - - it: should not set volumes or volumeMounts by default - asserts: - - isNull: - path: spec.template.spec.volumes - - isNull: - path: spec.template.spec.volumeMounts - - - it: should set CA fields when CA options are set - set: - auth.clientCA: base64-encoded-cert - auth.allowedCNs: - - kube-apiserver - - joe - asserts: - - contains: - path: spec.template.spec.volumes - content: - name: client-ca - secret: - secretName: client-ca - - contains: - path: spec.template.spec.containers[0].volumeMounts - content: - name: client-ca - mountPath: /tmp/k8s-webhook-server/client-ca - readOnly: true - - contains: - path: spec.template.spec.containers[0].env - content: - name: ALLOWED_CNS - value: kube-apiserver,joe diff --git a/charts/rancher-webhook/103.0.0+up0.4.1-rc1/tests/service_test.yaml b/charts/rancher-webhook/103.0.0+up0.4.1-rc1/tests/service_test.yaml deleted file mode 100644 index 03172ad03..000000000 --- a/charts/rancher-webhook/103.0.0+up0.4.1-rc1/tests/service_test.yaml +++ /dev/null @@ -1,18 +0,0 @@ -suite: Test Service -templates: - - service.yaml - -tests: - - it: should set webhook default port values - asserts: - - equal: - path: spec.ports[0].targetPort - value: 9443 - - - it: should set updated target port - set: - port: 2319 - asserts: - - equal: - path: spec.ports[0].targetPort - value: 2319 diff --git a/charts/rancher-webhook/103.0.0+up0.4.1-rc1/values.yaml b/charts/rancher-webhook/103.0.0+up0.4.1-rc1/values.yaml deleted file mode 100644 index 2b08a89f0..000000000 --- a/charts/rancher-webhook/103.0.0+up0.4.1-rc1/values.yaml +++ /dev/null @@ -1,34 +0,0 @@ -image: - repository: rancher/rancher-webhook - tag: v0.4.1-rc1 - imagePullPolicy: IfNotPresent - -global: - cattle: - systemDefaultRegistry: "" - hostNetwork: false - -capi: - enabled: false - port: 8777 - -mcm: - enabled: true - -# tolerations for the webhook deployment. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ for more info -tolerations: [] -nodeSelector: {} - -## PriorityClassName assigned to deployment. -priorityClassName: "" - -# port assigns which port to use when running rancher-webhook -port: 9443 - -# Parameters for authenticating the kube-apiserver. -auth: - # CA for authenticating kube-apiserver client certs. If empty, client connections will not be authenticated. - # Must be base64-encoded. - clientCA: "" - # Allowlist of CNs for kube-apiserver client certs. If empty, any cert signed by the CA provided in clientCA will be accepted. - allowedCNs: []