diff --git a/assets/rancher-gatekeeper/rancher-gatekeeper-crd-v3.1.000.tgz b/assets/rancher-gatekeeper/rancher-gatekeeper-crd-v3.1.000.tgz deleted file mode 100644 index 09022af07..000000000 Binary files a/assets/rancher-gatekeeper/rancher-gatekeeper-crd-v3.1.000.tgz and /dev/null differ diff --git a/assets/rancher-gatekeeper/rancher-gatekeeper-v3.1.000.tgz b/assets/rancher-gatekeeper/rancher-gatekeeper-v3.1.000.tgz deleted file mode 100644 index f05ffabc5..000000000 Binary files a/assets/rancher-gatekeeper/rancher-gatekeeper-v3.1.000.tgz and /dev/null differ diff --git a/packages/rancher-gatekeeper/package.yaml b/packages/rancher-gatekeeper/package.yaml index a9835e9e2..cb914f932 100644 --- a/packages/rancher-gatekeeper/package.yaml +++ b/packages/rancher-gatekeeper/package.yaml @@ -1,4 +1,4 @@ -url: https://open-policy-agent.github.io/gatekeeper/charts/gatekeeper-v3.1.0.tgz +url: https://open-policy-agent.github.io/gatekeeper/charts/gatekeeper-3.1.1.tgz packageVersion: 00 generateCRDChart: enabled: true diff --git a/packages/rancher-gatekeeper/rancher-gatekeeper.patch b/packages/rancher-gatekeeper/rancher-gatekeeper.patch index 89c247899..56b639b8b 100644 --- a/packages/rancher-gatekeeper/rancher-gatekeeper.patch +++ b/packages/rancher-gatekeeper/rancher-gatekeeper.patch @@ -3,7 +3,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/Cha +++ packages/rancher-gatekeeper/charts/Chart.yaml @@ -1,10 +1,17 @@ apiVersion: v1 - appVersion: v3.1.0 + appVersion: v3.1.1 -description: A Helm chart for Gatekeeper +description: Modifies Open Policy Agent's upstream gatekeeper chart that provides policy-based control for cloud native environments home: https://github.com/open-policy-agent/gatekeeper @@ -16,7 +16,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/Cha sources: -- https://github.com/open-policy-agent/gatekeeper.git + - https://github.com/open-policy-agent/gatekeeper.git - version: v3.1.0 + version: 3.1.1 +icon: https://charts.rancher.io/assets/logos/gatekeeper.svg +annotations: + catalog.cattle.io/certified: rancher @@ -28,401 +28,62 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/REA +++ packages/rancher-gatekeeper/charts/README.md @@ -4,7 +4,7 @@ - | Parameter | Description | Default | - |:--------------------------|:---------------------------------------------------------------------------------|:--------------------------------------------------------------------------| --| auditInterval | The frequency with which audit is run | `60` | -+| auditInterval | The frequency with which audit is run | `300` | - | constraintViolationsLimit | The maximum # of audit violations reported on a constraint | `20` | - | auditFromCache | Take the roster of resources to audit from the OPA cache | `false` | - | auditChunkSize | Chunk size for listing cluster resources for audit (alpha feature) | `0` | + | Parameter | Description | Default | + | :------------------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------ | +-| auditInterval | The frequency with which audit is run | `60` | ++| auditInterval | The frequency with which audit is run | `300` | + | constraintViolationsLimit | The maximum # of audit violations reported on a constraint | `20` | + | auditFromCache | Take the roster of resources to audit from the OPA cache | `false` | + | auditChunkSize | Chunk size for listing cluster resources for audit (alpha feature) | `0` | diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/crds/config-customresourcedefinition.yaml packages/rancher-gatekeeper/charts/crds/config-customresourcedefinition.yaml --- packages/rancher-gatekeeper/charts-original/crds/config-customresourcedefinition.yaml +++ packages/rancher-gatekeeper/charts/crds/config-customresourcedefinition.yaml -@@ -0,0 +1,111 @@ -+apiVersion: apiextensions.k8s.io/v1beta1 -+kind: CustomResourceDefinition -+metadata: -+ annotations: -+ controller-gen.kubebuilder.io/version: v0.3.0 -+ helm.sh/hook-delete-policy: before-hook-creation -+ creationTimestamp: null -+ labels: -+ app: '{{ .Chart.Name }}' -+ chart: '{{ .Chart.Name }}' -+ gatekeeper.sh/system: "yes" -+ heritage: '{{ .Release.Service }}' -+ release: '{{ .Release.Name }}' -+ name: configs.config.gatekeeper.sh -+spec: -+ group: config.gatekeeper.sh -+ names: -+ kind: Config -+ listKind: ConfigList -+ plural: configs -+ shortNames: -+ - config -+ singular: config -+ scope: Namespaced -+ validation: -+ openAPIV3Schema: -+ description: Config is the Schema for the configs API -+ properties: -+ apiVersion: -+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' -+ type: string -+ kind: -+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' -+ type: string -+ metadata: -+ type: object -+ spec: -+ description: ConfigSpec defines the desired state of Config -+ properties: -+ match: -+ description: Configuration for namespace exclusion -+ items: -+ properties: -+ excludedNamespaces: -+ items: -+ type: string -+ type: array -+ processes: -+ items: -+ type: string -+ type: array -+ type: object -+ type: array -+ readiness: -+ description: Configuration for readiness tracker -+ properties: -+ statsEnabled: -+ type: boolean -+ type: object -+ sync: -+ description: Configuration for syncing k8s objects -+ properties: -+ syncOnly: -+ description: If non-empty, only entries on this list will be replicated into OPA -+ items: -+ properties: -+ group: -+ type: string -+ kind: -+ type: string -+ version: -+ type: string -+ type: object -+ type: array -+ type: object -+ validation: -+ description: Configuration for validation -+ properties: -+ traces: -+ description: List of requests to trace. Both "user" and "kinds" must be specified -+ items: -+ properties: -+ dump: -+ description: Also dump the state of OPA with the trace. Set to `All` to dump everything. -+ type: string -+ kind: -+ description: Only trace requests of the following GroupVersionKind -+ properties: -+ group: -+ type: string -+ kind: -+ type: string -+ version: -+ type: string -+ type: object -+ user: -+ description: Only trace requests from the specified user -+ type: string -+ type: object -+ type: array -+ type: object -+ type: object -+ status: -+ description: ConfigStatus defines the observed state of Config -+ type: object -+ type: object -+ version: v1alpha1 -+ versions: -+ - name: v1alpha1 -+ served: true -+ storage: true +@@ -3,8 +3,6 @@ + metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 +- helm.sh/hook: crd-install +- helm.sh/hook-delete-policy: before-hook-creation + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/crds/constraintpodstatus-customresourcedefinition.yaml packages/rancher-gatekeeper/charts/crds/constraintpodstatus-customresourcedefinition.yaml --- packages/rancher-gatekeeper/charts-original/crds/constraintpodstatus-customresourcedefinition.yaml +++ packages/rancher-gatekeeper/charts/crds/constraintpodstatus-customresourcedefinition.yaml -@@ -0,0 +1,78 @@ -+apiVersion: apiextensions.k8s.io/v1beta1 -+kind: CustomResourceDefinition -+metadata: -+ annotations: -+ controller-gen.kubebuilder.io/version: v0.3.0 -+ creationTimestamp: null -+ labels: -+ app: '{{ .Chart.Name }}' -+ chart: '{{ .Chart.Name }}' -+ gatekeeper.sh/system: "yes" -+ heritage: '{{ .Release.Service }}' -+ release: '{{ .Release.Name }}' -+ name: constraintpodstatuses.status.gatekeeper.sh -+spec: -+ group: status.gatekeeper.sh -+ names: -+ kind: ConstraintPodStatus -+ listKind: ConstraintPodStatusList -+ plural: constraintpodstatuses -+ singular: constraintpodstatus -+ scope: Namespaced -+ validation: -+ openAPIV3Schema: -+ description: ConstraintPodStatus is the Schema for the constraintpodstatuses API -+ properties: -+ apiVersion: -+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' -+ type: string -+ kind: -+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' -+ type: string -+ metadata: -+ type: object -+ status: -+ description: ConstraintPodStatusStatus defines the observed state of ConstraintPodStatus -+ properties: -+ constraintUID: -+ description: Storing the constraint UID allows us to detect drift, such as when a constraint has been recreated after its CRD was deleted out from under it, interrupting the watch -+ type: string -+ enforced: -+ type: boolean -+ errors: -+ items: -+ description: Error represents a single error caught while adding a constraint to OPA -+ properties: -+ code: -+ type: string -+ location: -+ type: string -+ message: -+ type: string -+ required: -+ - code -+ - message -+ type: object -+ type: array -+ id: -+ type: string -+ observedGeneration: -+ format: int64 -+ type: integer -+ operations: -+ items: -+ type: string -+ type: array -+ type: object -+ type: object -+ version: v1beta1 -+ versions: -+ - name: v1beta1 -+ served: true -+ storage: true -+status: -+ acceptedNames: -+ kind: "" -+ plural: "" -+ conditions: [] -+ storedVersions: [] +@@ -3,8 +3,6 @@ + metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 +- helm.sh/hook: crd-install +- helm.sh/hook-delete-policy: before-hook-creation + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/crds/constrainttemplate-customresourcedefinition.yaml packages/rancher-gatekeeper/charts/crds/constrainttemplate-customresourcedefinition.yaml --- packages/rancher-gatekeeper/charts-original/crds/constrainttemplate-customresourcedefinition.yaml +++ packages/rancher-gatekeeper/charts/crds/constrainttemplate-customresourcedefinition.yaml -@@ -0,0 +1,106 @@ -+apiVersion: apiextensions.k8s.io/v1beta1 -+kind: CustomResourceDefinition -+metadata: -+ annotations: -+ helm.sh/hook-delete-policy: before-hook-creation -+ creationTimestamp: null -+ labels: -+ app: '{{ .Chart.Name }}' -+ chart: '{{ .Chart.Name }}' -+ controller-tools.k8s.io: "1.0" -+ gatekeeper.sh/system: "yes" -+ heritage: '{{ .Release.Service }}' -+ release: '{{ .Release.Name }}' -+ name: constrainttemplates.templates.gatekeeper.sh -+spec: -+ group: templates.gatekeeper.sh -+ names: -+ kind: ConstraintTemplate -+ plural: constrainttemplates -+ shortNames: -+ - constraints -+ scope: Cluster -+ subresources: -+ status: {} -+ validation: -+ openAPIV3Schema: -+ properties: -+ apiVersion: -+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' -+ type: string -+ kind: -+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' -+ type: string -+ metadata: -+ type: object -+ spec: -+ properties: -+ crd: -+ properties: -+ spec: -+ properties: -+ names: -+ properties: -+ kind: -+ type: string -+ shortNames: -+ items: -+ type: string -+ type: array -+ type: object -+ validation: -+ type: object -+ type: object -+ type: object -+ targets: -+ items: -+ properties: -+ libs: -+ items: -+ type: string -+ type: array -+ rego: -+ type: string -+ target: -+ type: string -+ type: object -+ type: array -+ type: object -+ status: -+ properties: -+ byPod: -+ items: -+ properties: -+ errors: -+ items: -+ properties: -+ code: -+ type: string -+ location: -+ type: string -+ message: -+ type: string -+ required: -+ - code -+ - message -+ type: object -+ type: array -+ id: -+ description: a unique identifier for the pod that wrote the status -+ type: string -+ observedGeneration: -+ format: int64 -+ type: integer -+ type: object -+ type: array -+ created: -+ type: boolean -+ type: object -+ version: v1beta1 -+ versions: -+ - name: v1beta1 -+ served: true -+ storage: true -+ - name: v1alpha1 -+ served: true -+ storage: false +@@ -1,9 +1,6 @@ + apiVersion: apiextensions.k8s.io/v1beta1 + kind: CustomResourceDefinition + metadata: +- annotations: +- helm.sh/hook: crd-install +- helm.sh/hook-delete-policy: before-hook-creation + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/crds/constrainttemplatepodstatus-customresourcedefinition.yaml packages/rancher-gatekeeper/charts/crds/constrainttemplatepodstatus-customresourcedefinition.yaml --- packages/rancher-gatekeeper/charts-original/crds/constrainttemplatepodstatus-customresourcedefinition.yaml +++ packages/rancher-gatekeeper/charts/crds/constrainttemplatepodstatus-customresourcedefinition.yaml -@@ -0,0 +1,77 @@ -+apiVersion: apiextensions.k8s.io/v1beta1 -+kind: CustomResourceDefinition -+metadata: -+ annotations: -+ controller-gen.kubebuilder.io/version: v0.3.0 -+ creationTimestamp: null -+ labels: -+ app: '{{ .Chart.Name }}' -+ chart: '{{ .Chart.Name }}' -+ gatekeeper.sh/system: "yes" -+ heritage: '{{ .Release.Service }}' -+ release: '{{ .Release.Name }}' -+ name: constrainttemplatepodstatuses.status.gatekeeper.sh -+spec: -+ group: status.gatekeeper.sh -+ names: -+ kind: ConstraintTemplatePodStatus -+ listKind: ConstraintTemplatePodStatusList -+ plural: constrainttemplatepodstatuses -+ singular: constrainttemplatepodstatus -+ scope: Namespaced -+ validation: -+ openAPIV3Schema: -+ description: ConstraintTemplatePodStatus is the Schema for the constrainttemplatepodstatuses API -+ properties: -+ apiVersion: -+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' -+ type: string -+ kind: -+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' -+ type: string -+ metadata: -+ type: object -+ status: -+ description: ConstraintTemplatePodStatusStatus defines the observed state of ConstraintTemplatePodStatus -+ properties: -+ errors: -+ items: -+ description: CreateCRDError represents a single error caught during parsing, compiling, etc. -+ properties: -+ code: -+ type: string -+ location: -+ type: string -+ message: -+ type: string -+ required: -+ - code -+ - message -+ type: object -+ type: array -+ id: -+ description: 'Important: Run "make" to regenerate code after modifying this file' -+ type: string -+ observedGeneration: -+ format: int64 -+ type: integer -+ operations: -+ items: -+ type: string -+ type: array -+ templateUID: -+ description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. -+ type: string -+ type: object -+ type: object -+ version: v1beta1 -+ versions: -+ - name: v1beta1 -+ served: true -+ storage: true -+status: -+ acceptedNames: -+ kind: "" -+ plural: "" -+ conditions: [] -+ storedVersions: [] +@@ -3,8 +3,6 @@ + metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 +- helm.sh/hook: crd-install +- helm.sh/hook-delete-policy: before-hook-creation + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/_helpers.tpl packages/rancher-gatekeeper/charts/templates/_helpers.tpl --- packages/rancher-gatekeeper/charts-original/templates/_helpers.tpl +++ packages/rancher-gatekeeper/charts/templates/_helpers.tpl @@ -438,397 +99,16 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/tem +{{- "" -}} +{{- end -}} +{{- end -}} -\ No newline at end of file -diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/config-customresourcedefinition.yaml packages/rancher-gatekeeper/charts/templates/config-customresourcedefinition.yaml ---- packages/rancher-gatekeeper/charts-original/templates/config-customresourcedefinition.yaml -+++ packages/rancher-gatekeeper/charts/templates/config-customresourcedefinition.yaml -@@ -1,112 +0,0 @@ --apiVersion: apiextensions.k8s.io/v1beta1 --kind: CustomResourceDefinition --metadata: -- annotations: -- controller-gen.kubebuilder.io/version: v0.3.0 -- helm.sh/hook: crd-install -- helm.sh/hook-delete-policy: before-hook-creation -- creationTimestamp: null -- labels: -- app: '{{ template "gatekeeper.name" . }}' -- chart: '{{ template "gatekeeper.name" . }}' -- gatekeeper.sh/system: "yes" -- heritage: '{{ .Release.Service }}' -- release: '{{ .Release.Name }}' -- name: configs.config.gatekeeper.sh --spec: -- group: config.gatekeeper.sh -- names: -- kind: Config -- listKind: ConfigList -- plural: configs -- shortNames: -- - config -- singular: config -- scope: Namespaced -- validation: -- openAPIV3Schema: -- description: Config is the Schema for the configs API -- properties: -- apiVersion: -- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' -- type: string -- kind: -- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' -- type: string -- metadata: -- type: object -- spec: -- description: ConfigSpec defines the desired state of Config -- properties: -- match: -- description: Configuration for namespace exclusion -- items: -- properties: -- excludedNamespaces: -- items: -- type: string -- type: array -- processes: -- items: -- type: string -- type: array -- type: object -- type: array -- readiness: -- description: Configuration for readiness tracker -- properties: -- statsEnabled: -- type: boolean -- type: object -- sync: -- description: Configuration for syncing k8s objects -- properties: -- syncOnly: -- description: If non-empty, only entries on this list will be replicated into OPA -- items: -- properties: -- group: -- type: string -- kind: -- type: string -- version: -- type: string -- type: object -- type: array -- type: object -- validation: -- description: Configuration for validation -- properties: -- traces: -- description: List of requests to trace. Both "user" and "kinds" must be specified -- items: -- properties: -- dump: -- description: Also dump the state of OPA with the trace. Set to `All` to dump everything. -- type: string -- kind: -- description: Only trace requests of the following GroupVersionKind -- properties: -- group: -- type: string -- kind: -- type: string -- version: -- type: string -- type: object -- user: -- description: Only trace requests from the specified user -- type: string -- type: object -- type: array -- type: object -- type: object -- status: -- description: ConfigStatus defines the observed state of Config -- type: object -- type: object -- version: v1alpha1 -- versions: -- - name: v1alpha1 -- served: true -- storage: true -diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/constraintpodstatus-customresourcedefinition.yaml packages/rancher-gatekeeper/charts/templates/constraintpodstatus-customresourcedefinition.yaml ---- packages/rancher-gatekeeper/charts-original/templates/constraintpodstatus-customresourcedefinition.yaml -+++ packages/rancher-gatekeeper/charts/templates/constraintpodstatus-customresourcedefinition.yaml -@@ -1,78 +0,0 @@ --apiVersion: apiextensions.k8s.io/v1beta1 --kind: CustomResourceDefinition --metadata: -- annotations: -- controller-gen.kubebuilder.io/version: v0.3.0 -- creationTimestamp: null -- labels: -- app: '{{ template "gatekeeper.name" . }}' -- chart: '{{ template "gatekeeper.name" . }}' -- gatekeeper.sh/system: "yes" -- heritage: '{{ .Release.Service }}' -- release: '{{ .Release.Name }}' -- name: constraintpodstatuses.status.gatekeeper.sh --spec: -- group: status.gatekeeper.sh -- names: -- kind: ConstraintPodStatus -- listKind: ConstraintPodStatusList -- plural: constraintpodstatuses -- singular: constraintpodstatus -- scope: Namespaced -- validation: -- openAPIV3Schema: -- description: ConstraintPodStatus is the Schema for the constraintpodstatuses API -- properties: -- apiVersion: -- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' -- type: string -- kind: -- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' -- type: string -- metadata: -- type: object -- status: -- description: ConstraintPodStatusStatus defines the observed state of ConstraintPodStatus -- properties: -- constraintUID: -- description: Storing the constraint UID allows us to detect drift, such as when a constraint has been recreated after its CRD was deleted out from under it, interrupting the watch -- type: string -- enforced: -- type: boolean -- errors: -- items: -- description: Error represents a single error caught while adding a constraint to OPA -- properties: -- code: -- type: string -- location: -- type: string -- message: -- type: string -- required: -- - code -- - message -- type: object -- type: array -- id: -- type: string -- observedGeneration: -- format: int64 -- type: integer -- operations: -- items: -- type: string -- type: array -- type: object -- type: object -- version: v1beta1 -- versions: -- - name: v1beta1 -- served: true -- storage: true --status: -- acceptedNames: -- kind: "" -- plural: "" -- conditions: [] -- storedVersions: [] -diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/constrainttemplate-customresourcedefinition.yaml packages/rancher-gatekeeper/charts/templates/constrainttemplate-customresourcedefinition.yaml ---- packages/rancher-gatekeeper/charts-original/templates/constrainttemplate-customresourcedefinition.yaml -+++ packages/rancher-gatekeeper/charts/templates/constrainttemplate-customresourcedefinition.yaml -@@ -1,107 +0,0 @@ --apiVersion: apiextensions.k8s.io/v1beta1 --kind: CustomResourceDefinition --metadata: -- annotations: -- helm.sh/hook: crd-install -- helm.sh/hook-delete-policy: before-hook-creation -- creationTimestamp: null -- labels: -- app: '{{ template "gatekeeper.name" . }}' -- chart: '{{ template "gatekeeper.name" . }}' -- controller-tools.k8s.io: "1.0" -- gatekeeper.sh/system: "yes" -- heritage: '{{ .Release.Service }}' -- release: '{{ .Release.Name }}' -- name: constrainttemplates.templates.gatekeeper.sh --spec: -- group: templates.gatekeeper.sh -- names: -- kind: ConstraintTemplate -- plural: constrainttemplates -- shortNames: -- - constraints -- scope: Cluster -- subresources: -- status: {} -- validation: -- openAPIV3Schema: -- properties: -- apiVersion: -- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' -- type: string -- kind: -- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' -- type: string -- metadata: -- type: object -- spec: -- properties: -- crd: -- properties: -- spec: -- properties: -- names: -- properties: -- kind: -- type: string -- shortNames: -- items: -- type: string -- type: array -- type: object -- validation: -- type: object -- type: object -- type: object -- targets: -- items: -- properties: -- libs: -- items: -- type: string -- type: array -- rego: -- type: string -- target: -- type: string -- type: object -- type: array -- type: object -- status: -- properties: -- byPod: -- items: -- properties: -- errors: -- items: -- properties: -- code: -- type: string -- location: -- type: string -- message: -- type: string -- required: -- - code -- - message -- type: object -- type: array -- id: -- description: a unique identifier for the pod that wrote the status -- type: string -- observedGeneration: -- format: int64 -- type: integer -- type: object -- type: array -- created: -- type: boolean -- type: object -- version: v1beta1 -- versions: -- - name: v1beta1 -- served: true -- storage: true -- - name: v1alpha1 -- served: true -- storage: false -diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/constrainttemplatepodstatus-customresourcedefinition.yaml packages/rancher-gatekeeper/charts/templates/constrainttemplatepodstatus-customresourcedefinition.yaml ---- packages/rancher-gatekeeper/charts-original/templates/constrainttemplatepodstatus-customresourcedefinition.yaml -+++ packages/rancher-gatekeeper/charts/templates/constrainttemplatepodstatus-customresourcedefinition.yaml -@@ -1,77 +0,0 @@ --apiVersion: apiextensions.k8s.io/v1beta1 --kind: CustomResourceDefinition --metadata: -- annotations: -- controller-gen.kubebuilder.io/version: v0.3.0 -- creationTimestamp: null -- labels: -- app: '{{ template "gatekeeper.name" . }}' -- chart: '{{ template "gatekeeper.name" . }}' -- gatekeeper.sh/system: "yes" -- heritage: '{{ .Release.Service }}' -- release: '{{ .Release.Name }}' -- name: constrainttemplatepodstatuses.status.gatekeeper.sh --spec: -- group: status.gatekeeper.sh -- names: -- kind: ConstraintTemplatePodStatus -- listKind: ConstraintTemplatePodStatusList -- plural: constrainttemplatepodstatuses -- singular: constrainttemplatepodstatus -- scope: Namespaced -- validation: -- openAPIV3Schema: -- description: ConstraintTemplatePodStatus is the Schema for the constrainttemplatepodstatuses API -- properties: -- apiVersion: -- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' -- type: string -- kind: -- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' -- type: string -- metadata: -- type: object -- status: -- description: ConstraintTemplatePodStatusStatus defines the observed state of ConstraintTemplatePodStatus -- properties: -- errors: -- items: -- description: CreateCRDError represents a single error caught during parsing, compiling, etc. -- properties: -- code: -- type: string -- location: -- type: string -- message: -- type: string -- required: -- - code -- - message -- type: object -- type: array -- id: -- description: 'Important: Run "make" to regenerate code after modifying this file' -- type: string -- observedGeneration: -- format: int64 -- type: integer -- operations: -- items: -- type: string -- type: array -- templateUID: -- description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. -- type: string -- type: object -- type: object -- version: v1beta1 -- versions: -- - name: v1beta1 -- served: true -- storage: true --status: -- acceptedNames: -- kind: "" -- plural: "" -- conditions: [] -- storedVersions: [] +diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/crds.yaml packages/rancher-gatekeeper/charts/templates/crds.yaml +--- packages/rancher-gatekeeper/charts-original/templates/crds.yaml ++++ packages/rancher-gatekeeper/charts/templates/crds.yaml +@@ -1,6 +0,0 @@ +-{{- if .Values.customResourceDefinitions.create }} +-{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }} +-{{ $.Files.Get $path }} +---- +-{{- end }} +-{{- end }} diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/gatekeeper-admin-serviceaccount.yaml packages/rancher-gatekeeper/charts/templates/gatekeeper-admin-serviceaccount.yaml --- packages/rancher-gatekeeper/charts-original/templates/gatekeeper-admin-serviceaccount.yaml +++ packages/rancher-gatekeeper/charts/templates/gatekeeper-admin-serviceaccount.yaml @@ -992,16 +272,18 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/val emitAuditEvents: false image: - repository: openpolicyagent/gatekeeper -- release: v3.1.0 +- release: v3.1.1 + repository: rancher/openpolicyagent-gatekeeper -+ tag: v3.1.0 ++ tag: v3.1.1 pullPolicy: IfNotPresent nodeSelector: { kubernetes.io/os: linux } affinity: {} -@@ -23,3 +23,9 @@ +@@ -23,5 +23,9 @@ requests: cpu: 100m memory: 256Mi +-customResourceDefinitions: +- create: true +global: + cattle: + systemDefaultRegistry: ""