andata
/
rancher-charts
mirror of https://git.rancher.io/charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #670 from PennyScissors/update-gk-v3.1.1 

Update gatekeeper to version 3.1.1
pull/673/head
Steven Crespo 2020-09-21 15:01:46 -07:00 committed by GitHub
parent 66cf6d5927 5757f8cc15
commit 32f1b41934
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 62 additions and 780 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/rancher-gatekeeper/rancher-gatekeeper-crd-v3.1.000.tgz
View File

Binary file not shown.

BIN
assets/rancher-gatekeeper/rancher-gatekeeper-v3.1.000.tgz
View File

Binary file not shown.

2
packages/rancher-gatekeeper/package.yaml
View File

@ -1,4 +1,4 @@
url: https://open-policy-agent.github.io/gatekeeper/charts/gatekeeper-v3.1.0.tgz
url: https://open-policy-agent.github.io/gatekeeper/charts/gatekeeper-3.1.1.tgz
packageVersion: 00
generateCRDChart:
enabled: true

840
packages/rancher-gatekeeper/rancher-gatekeeper.patch
View File

@ -3,7 +3,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/Cha
+++ packages/rancher-gatekeeper/charts/Chart.yaml
@@ -1,10 +1,17 @@
apiVersion: v1
appVersion: v3.1.0
appVersion: v3.1.1
-description: A Helm chart for Gatekeeper
+description: Modifies Open Policy Agent's upstream gatekeeper chart that provides policy-based control for cloud native environments
home: https://github.com/open-policy-agent/gatekeeper
@ -16,7 +16,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/Cha
sources:
-- https://github.com/open-policy-agent/gatekeeper.git
+ - https://github.com/open-policy-agent/gatekeeper.git
version: v3.1.0
version: 3.1.1
+icon: https://charts.rancher.io/assets/logos/gatekeeper.svg
+annotations:
+ catalog.cattle.io/certified: rancher
@ -28,401 +28,62 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/REA
+++ packages/rancher-gatekeeper/charts/README.md
@@ -4,7 +4,7 @@
| Parameter | Description | Default |
|:--------------------------|:---------------------------------------------------------------------------------|:--------------------------------------------------------------------------|
-| auditInterval | The frequency with which audit is run | `60` |
+| auditInterval | The frequency with which audit is run | `300` |
| constraintViolationsLimit | The maximum # of audit violations reported on a constraint | `20` |
| auditFromCache | Take the roster of resources to audit from the OPA cache | `false` |
| auditChunkSize | Chunk size for listing cluster resources for audit (alpha feature) | `0` |
| Parameter | Description | Default |
| :------------------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------ |
-| auditInterval | The frequency with which audit is run | `60` |
+| auditInterval | The frequency with which audit is run | `300` |
| constraintViolationsLimit | The maximum # of audit violations reported on a constraint | `20` |
| auditFromCache | Take the roster of resources to audit from the OPA cache | `false` |
| auditChunkSize | Chunk size for listing cluster resources for audit (alpha feature) | `0` |
diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/crds/config-customresourcedefinition.yaml packages/rancher-gatekeeper/charts/crds/config-customresourcedefinition.yaml
--- packages/rancher-gatekeeper/charts-original/crds/config-customresourcedefinition.yaml
+++ packages/rancher-gatekeeper/charts/crds/config-customresourcedefinition.yaml
@@ -0,0 +1,111 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.3.0
+ helm.sh/hook-delete-policy: before-hook-creation
+ creationTimestamp: null
+ labels:
+ app: '{{ .Chart.Name }}'
+ chart: '{{ .Chart.Name }}'
+ gatekeeper.sh/system: "yes"
+ heritage: '{{ .Release.Service }}'
+ release: '{{ .Release.Name }}'
+ name: configs.config.gatekeeper.sh
+spec:
+ group: config.gatekeeper.sh
+ names:
+ kind: Config
+ listKind: ConfigList
+ plural: configs
+ shortNames:
+ - config
+ singular: config
+ scope: Namespaced
+ validation:
+ openAPIV3Schema:
+ description: Config is the Schema for the configs API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ConfigSpec defines the desired state of Config
+ properties:
+ match:
+ description: Configuration for namespace exclusion
+ items:
+ properties:
+ excludedNamespaces:
+ items:
+ type: string
+ type: array
+ processes:
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ readiness:
+ description: Configuration for readiness tracker
+ properties:
+ statsEnabled:
+ type: boolean
+ type: object
+ sync:
+ description: Configuration for syncing k8s objects
+ properties:
+ syncOnly:
+ description: If non-empty, only entries on this list will be replicated into OPA
+ items:
+ properties:
+ group:
+ type: string
+ kind:
+ type: string
+ version:
+ type: string
+ type: object
+ type: array
+ type: object
+ validation:
+ description: Configuration for validation
+ properties:
+ traces:
+ description: List of requests to trace. Both "user" and "kinds" must be specified
+ items:
+ properties:
+ dump:
+ description: Also dump the state of OPA with the trace. Set to `All` to dump everything.
+ type: string
+ kind:
+ description: Only trace requests of the following GroupVersionKind
+ properties:
+ group:
+ type: string
+ kind:
+ type: string
+ version:
+ type: string
+ type: object
+ user:
+ description: Only trace requests from the specified user
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ status:
+ description: ConfigStatus defines the observed state of Config
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
@@ -3,8 +3,6 @@
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
- helm.sh/hook: crd-install
- helm.sh/hook-delete-policy: before-hook-creation
creationTimestamp: null
labels:
gatekeeper.sh/system: "yes"
diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/crds/constraintpodstatus-customresourcedefinition.yaml packages/rancher-gatekeeper/charts/crds/constraintpodstatus-customresourcedefinition.yaml
--- packages/rancher-gatekeeper/charts-original/crds/constraintpodstatus-customresourcedefinition.yaml
+++ packages/rancher-gatekeeper/charts/crds/constraintpodstatus-customresourcedefinition.yaml
@@ -0,0 +1,78 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.3.0
+ creationTimestamp: null
+ labels:
+ app: '{{ .Chart.Name }}'
+ chart: '{{ .Chart.Name }}'
+ gatekeeper.sh/system: "yes"
+ heritage: '{{ .Release.Service }}'
+ release: '{{ .Release.Name }}'
+ name: constraintpodstatuses.status.gatekeeper.sh
+spec:
+ group: status.gatekeeper.sh
+ names:
+ kind: ConstraintPodStatus
+ listKind: ConstraintPodStatusList
+ plural: constraintpodstatuses
+ singular: constraintpodstatus
+ scope: Namespaced
+ validation:
+ openAPIV3Schema:
+ description: ConstraintPodStatus is the Schema for the constraintpodstatuses API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ status:
+ description: ConstraintPodStatusStatus defines the observed state of ConstraintPodStatus
+ properties:
+ constraintUID:
+ description: Storing the constraint UID allows us to detect drift, such as when a constraint has been recreated after its CRD was deleted out from under it, interrupting the watch
+ type: string
+ enforced:
+ type: boolean
+ errors:
+ items:
+ description: Error represents a single error caught while adding a constraint to OPA
+ properties:
+ code:
+ type: string
+ location:
+ type: string
+ message:
+ type: string
+ required:
+ - code
+ - message
+ type: object
+ type: array
+ id:
+ type: string
+ observedGeneration:
+ format: int64
+ type: integer
+ operations:
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ version: v1beta1
+ versions:
+ - name: v1beta1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
@@ -3,8 +3,6 @@
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
- helm.sh/hook: crd-install
- helm.sh/hook-delete-policy: before-hook-creation
creationTimestamp: null
labels:
gatekeeper.sh/system: "yes"
diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/crds/constrainttemplate-customresourcedefinition.yaml packages/rancher-gatekeeper/charts/crds/constrainttemplate-customresourcedefinition.yaml
--- packages/rancher-gatekeeper/charts-original/crds/constrainttemplate-customresourcedefinition.yaml
+++ packages/rancher-gatekeeper/charts/crds/constrainttemplate-customresourcedefinition.yaml
@@ -0,0 +1,106 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ helm.sh/hook-delete-policy: before-hook-creation
+ creationTimestamp: null
+ labels:
+ app: '{{ .Chart.Name }}'
+ chart: '{{ .Chart.Name }}'
+ controller-tools.k8s.io: "1.0"
+ gatekeeper.sh/system: "yes"
+ heritage: '{{ .Release.Service }}'
+ release: '{{ .Release.Name }}'
+ name: constrainttemplates.templates.gatekeeper.sh
+spec:
+ group: templates.gatekeeper.sh
+ names:
+ kind: ConstraintTemplate
+ plural: constrainttemplates
+ shortNames:
+ - constraints
+ scope: Cluster
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ crd:
+ properties:
+ spec:
+ properties:
+ names:
+ properties:
+ kind:
+ type: string
+ shortNames:
+ items:
+ type: string
+ type: array
+ type: object
+ validation:
+ type: object
+ type: object
+ type: object
+ targets:
+ items:
+ properties:
+ libs:
+ items:
+ type: string
+ type: array
+ rego:
+ type: string
+ target:
+ type: string
+ type: object
+ type: array
+ type: object
+ status:
+ properties:
+ byPod:
+ items:
+ properties:
+ errors:
+ items:
+ properties:
+ code:
+ type: string
+ location:
+ type: string
+ message:
+ type: string
+ required:
+ - code
+ - message
+ type: object
+ type: array
+ id:
+ description: a unique identifier for the pod that wrote the status
+ type: string
+ observedGeneration:
+ format: int64
+ type: integer
+ type: object
+ type: array
+ created:
+ type: boolean
+ type: object
+ version: v1beta1
+ versions:
+ - name: v1beta1
+ served: true
+ storage: true
+ - name: v1alpha1
+ served: true
+ storage: false
@@ -1,9 +1,6 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
- annotations:
- helm.sh/hook: crd-install
- helm.sh/hook-delete-policy: before-hook-creation
creationTimestamp: null
labels:
gatekeeper.sh/system: "yes"
diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/crds/constrainttemplatepodstatus-customresourcedefinition.yaml packages/rancher-gatekeeper/charts/crds/constrainttemplatepodstatus-customresourcedefinition.yaml
--- packages/rancher-gatekeeper/charts-original/crds/constrainttemplatepodstatus-customresourcedefinition.yaml
+++ packages/rancher-gatekeeper/charts/crds/constrainttemplatepodstatus-customresourcedefinition.yaml
@@ -0,0 +1,77 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.3.0
+ creationTimestamp: null
+ labels:
+ app: '{{ .Chart.Name }}'
+ chart: '{{ .Chart.Name }}'
+ gatekeeper.sh/system: "yes"
+ heritage: '{{ .Release.Service }}'
+ release: '{{ .Release.Name }}'
+ name: constrainttemplatepodstatuses.status.gatekeeper.sh
+spec:
+ group: status.gatekeeper.sh
+ names:
+ kind: ConstraintTemplatePodStatus
+ listKind: ConstraintTemplatePodStatusList
+ plural: constrainttemplatepodstatuses
+ singular: constrainttemplatepodstatus
+ scope: Namespaced
+ validation:
+ openAPIV3Schema:
+ description: ConstraintTemplatePodStatus is the Schema for the constrainttemplatepodstatuses API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ status:
+ description: ConstraintTemplatePodStatusStatus defines the observed state of ConstraintTemplatePodStatus
+ properties:
+ errors:
+ items:
+ description: CreateCRDError represents a single error caught during parsing, compiling, etc.
+ properties:
+ code:
+ type: string
+ location:
+ type: string
+ message:
+ type: string
+ required:
+ - code
+ - message
+ type: object
+ type: array
+ id:
+ description: 'Important: Run "make" to regenerate code after modifying this file'
+ type: string
+ observedGeneration:
+ format: int64
+ type: integer
+ operations:
+ items:
+ type: string
+ type: array
+ templateUID:
+ description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated.
+ type: string
+ type: object
+ type: object
+ version: v1beta1
+ versions:
+ - name: v1beta1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
@@ -3,8 +3,6 @@
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
- helm.sh/hook: crd-install
- helm.sh/hook-delete-policy: before-hook-creation
creationTimestamp: null
labels:
gatekeeper.sh/system: "yes"
diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/_helpers.tpl packages/rancher-gatekeeper/charts/templates/_helpers.tpl
--- packages/rancher-gatekeeper/charts-original/templates/_helpers.tpl
+++ packages/rancher-gatekeeper/charts/templates/_helpers.tpl
@ -438,397 +99,16 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/tem
+{{- "" -}}
+{{- end -}}
+{{- end -}}
\ No newline at end of file
diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/config-customresourcedefinition.yaml packages/rancher-gatekeeper/charts/templates/config-customresourcedefinition.yaml
--- packages/rancher-gatekeeper/charts-original/templates/config-customresourcedefinition.yaml
+++ packages/rancher-gatekeeper/charts/templates/config-customresourcedefinition.yaml
@@ -1,112 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.3.0
- helm.sh/hook: crd-install
- helm.sh/hook-delete-policy: before-hook-creation
- creationTimestamp: null
- labels:
- app: '{{ template "gatekeeper.name" . }}'
- chart: '{{ template "gatekeeper.name" . }}'
- gatekeeper.sh/system: "yes"
- heritage: '{{ .Release.Service }}'
- release: '{{ .Release.Name }}'
- name: configs.config.gatekeeper.sh
-spec:
- group: config.gatekeeper.sh
- names:
- kind: Config
- listKind: ConfigList
- plural: configs
- shortNames:
- - config
- singular: config
- scope: Namespaced
- validation:
- openAPIV3Schema:
- description: Config is the Schema for the configs API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: ConfigSpec defines the desired state of Config
- properties:
- match:
- description: Configuration for namespace exclusion
- items:
- properties:
- excludedNamespaces:
- items:
- type: string
- type: array
- processes:
- items:
- type: string
- type: array
- type: object
- type: array
- readiness:
- description: Configuration for readiness tracker
- properties:
- statsEnabled:
- type: boolean
- type: object
- sync:
- description: Configuration for syncing k8s objects
- properties:
- syncOnly:
- description: If non-empty, only entries on this list will be replicated into OPA
- items:
- properties:
- group:
- type: string
- kind:
- type: string
- version:
- type: string
- type: object
- type: array
- type: object
- validation:
- description: Configuration for validation
- properties:
- traces:
- description: List of requests to trace. Both "user" and "kinds" must be specified
- items:
- properties:
- dump:
- description: Also dump the state of OPA with the trace. Set to `All` to dump everything.
- type: string
- kind:
- description: Only trace requests of the following GroupVersionKind
- properties:
- group:
- type: string
- kind:
- type: string
- version:
- type: string
- type: object
- user:
- description: Only trace requests from the specified user
- type: string
- type: object
- type: array
- type: object
- type: object
- status:
- description: ConfigStatus defines the observed state of Config
- type: object
- type: object
- version: v1alpha1
- versions:
- - name: v1alpha1
- served: true
- storage: true
diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/constraintpodstatus-customresourcedefinition.yaml packages/rancher-gatekeeper/charts/templates/constraintpodstatus-customresourcedefinition.yaml
--- packages/rancher-gatekeeper/charts-original/templates/constraintpodstatus-customresourcedefinition.yaml
+++ packages/rancher-gatekeeper/charts/templates/constraintpodstatus-customresourcedefinition.yaml
@@ -1,78 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.3.0
- creationTimestamp: null
- labels:
- app: '{{ template "gatekeeper.name" . }}'
- chart: '{{ template "gatekeeper.name" . }}'
- gatekeeper.sh/system: "yes"
- heritage: '{{ .Release.Service }}'
- release: '{{ .Release.Name }}'
- name: constraintpodstatuses.status.gatekeeper.sh
-spec:
- group: status.gatekeeper.sh
- names:
- kind: ConstraintPodStatus
- listKind: ConstraintPodStatusList
- plural: constraintpodstatuses
- singular: constraintpodstatus
- scope: Namespaced
- validation:
- openAPIV3Schema:
- description: ConstraintPodStatus is the Schema for the constraintpodstatuses API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- status:
- description: ConstraintPodStatusStatus defines the observed state of ConstraintPodStatus
- properties:
- constraintUID:
- description: Storing the constraint UID allows us to detect drift, such as when a constraint has been recreated after its CRD was deleted out from under it, interrupting the watch
- type: string
- enforced:
- type: boolean
- errors:
- items:
- description: Error represents a single error caught while adding a constraint to OPA
- properties:
- code:
- type: string
- location:
- type: string
- message:
- type: string
- required:
- - code
- - message
- type: object
- type: array
- id:
- type: string
- observedGeneration:
- format: int64
- type: integer
- operations:
- items:
- type: string
- type: array
- type: object
- type: object
- version: v1beta1
- versions:
- - name: v1beta1
- served: true
- storage: true
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/constrainttemplate-customresourcedefinition.yaml packages/rancher-gatekeeper/charts/templates/constrainttemplate-customresourcedefinition.yaml
--- packages/rancher-gatekeeper/charts-original/templates/constrainttemplate-customresourcedefinition.yaml
+++ packages/rancher-gatekeeper/charts/templates/constrainttemplate-customresourcedefinition.yaml
@@ -1,107 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- helm.sh/hook: crd-install
- helm.sh/hook-delete-policy: before-hook-creation
- creationTimestamp: null
- labels:
- app: '{{ template "gatekeeper.name" . }}'
- chart: '{{ template "gatekeeper.name" . }}'
- controller-tools.k8s.io: "1.0"
- gatekeeper.sh/system: "yes"
- heritage: '{{ .Release.Service }}'
- release: '{{ .Release.Name }}'
- name: constrainttemplates.templates.gatekeeper.sh
-spec:
- group: templates.gatekeeper.sh
- names:
- kind: ConstraintTemplate
- plural: constrainttemplates
- shortNames:
- - constraints
- scope: Cluster
- subresources:
- status: {}
- validation:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- properties:
- crd:
- properties:
- spec:
- properties:
- names:
- properties:
- kind:
- type: string
- shortNames:
- items:
- type: string
- type: array
- type: object
- validation:
- type: object
- type: object
- type: object
- targets:
- items:
- properties:
- libs:
- items:
- type: string
- type: array
- rego:
- type: string
- target:
- type: string
- type: object
- type: array
- type: object
- status:
- properties:
- byPod:
- items:
- properties:
- errors:
- items:
- properties:
- code:
- type: string
- location:
- type: string
- message:
- type: string
- required:
- - code
- - message
- type: object
- type: array
- id:
- description: a unique identifier for the pod that wrote the status
- type: string
- observedGeneration:
- format: int64
- type: integer
- type: object
- type: array
- created:
- type: boolean
- type: object
- version: v1beta1
- versions:
- - name: v1beta1
- served: true
- storage: true
- - name: v1alpha1
- served: true
- storage: false
diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/constrainttemplatepodstatus-customresourcedefinition.yaml packages/rancher-gatekeeper/charts/templates/constrainttemplatepodstatus-customresourcedefinition.yaml
--- packages/rancher-gatekeeper/charts-original/templates/constrainttemplatepodstatus-customresourcedefinition.yaml
+++ packages/rancher-gatekeeper/charts/templates/constrainttemplatepodstatus-customresourcedefinition.yaml
@@ -1,77 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.3.0
- creationTimestamp: null
- labels:
- app: '{{ template "gatekeeper.name" . }}'
- chart: '{{ template "gatekeeper.name" . }}'
- gatekeeper.sh/system: "yes"
- heritage: '{{ .Release.Service }}'
- release: '{{ .Release.Name }}'
- name: constrainttemplatepodstatuses.status.gatekeeper.sh
-spec:
- group: status.gatekeeper.sh
- names:
- kind: ConstraintTemplatePodStatus
- listKind: ConstraintTemplatePodStatusList
- plural: constrainttemplatepodstatuses
- singular: constrainttemplatepodstatus
- scope: Namespaced
- validation:
- openAPIV3Schema:
- description: ConstraintTemplatePodStatus is the Schema for the constrainttemplatepodstatuses API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- status:
- description: ConstraintTemplatePodStatusStatus defines the observed state of ConstraintTemplatePodStatus
- properties:
- errors:
- items:
- description: CreateCRDError represents a single error caught during parsing, compiling, etc.
- properties:
- code:
- type: string
- location:
- type: string
- message:
- type: string
- required:
- - code
- - message
- type: object
- type: array
- id:
- description: 'Important: Run "make" to regenerate code after modifying this file'
- type: string
- observedGeneration:
- format: int64
- type: integer
- operations:
- items:
- type: string
- type: array
- templateUID:
- description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated.
- type: string
- type: object
- type: object
- version: v1beta1
- versions:
- - name: v1beta1
- served: true
- storage: true
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/crds.yaml packages/rancher-gatekeeper/charts/templates/crds.yaml
--- packages/rancher-gatekeeper/charts-original/templates/crds.yaml
+++ packages/rancher-gatekeeper/charts/templates/crds.yaml
@@ -1,6 +0,0 @@
-{{- if .Values.customResourceDefinitions.create }}
-{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }}
-{{ $.Files.Get $path }}
----
-{{- end }}
-{{- end }}
diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/gatekeeper-admin-serviceaccount.yaml packages/rancher-gatekeeper/charts/templates/gatekeeper-admin-serviceaccount.yaml
--- packages/rancher-gatekeeper/charts-original/templates/gatekeeper-admin-serviceaccount.yaml
+++ packages/rancher-gatekeeper/charts/templates/gatekeeper-admin-serviceaccount.yaml
@ -992,16 +272,18 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/val
emitAuditEvents: false
image:
- repository: openpolicyagent/gatekeeper
- release: v3.1.0
- release: v3.1.1
+ repository: rancher/openpolicyagent-gatekeeper
+ tag: v3.1.0
+ tag: v3.1.1
pullPolicy: IfNotPresent
nodeSelector: { kubernetes.io/os: linux }
affinity: {}
@@ -23,3 +23,9 @@
@@ -23,5 +23,9 @@
requests:
cpu: 100m
memory: 256Mi
-customResourceDefinitions:
- create: true
+global:
+ cattle:
+ systemDefaultRegistry: ""