(dev-v2.6-archive) bump rancher-webhook to 0.2.1-rc1

(partially cherry picked from commit cc5908e4cc)

packages/rancher-aks-operator-crd/package.yaml

@@ -1,2 +1,2 @@
-url: https://github.com/rancher/aks-operator/releases/download/v1.0.1/rancher-aks-operator-crd-1.0.1.tgz
-version: 100.0.0
+url: https://github.com/rancher/aks-operator/releases/download/v1.0.2-rc1/rancher-aks-operator-crd-1.0.2-rc1.tgz
+version: 100.0.1

packages/rancher-aks-operator/package.yaml

@@ -1,2 +1,2 @@
-url: https://github.com/rancher/aks-operator/releases/download/v1.0.1/rancher-aks-operator-1.0.1.tgz
-version: 100.0.0
+url: https://github.com/rancher/aks-operator/releases/download/v1.0.2-rc1/rancher-aks-operator-1.0.2-rc1.tgz
+version: 100.0.1

packages/rancher-cis-benchmark/charts/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: v1.0.5
+appVersion: v1.0.6
 description: The cis-operator enables running CIS benchmark security scans on a kubernetes cluster
 name: rancher-cis-benchmark
 version: 1.0.6
@@ -16,3 +16,4 @@ annotations:
   catalog.cattle.io/display-name: "CIS Benchmark"
   catalog.cattle.io/os: linux
   catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
+  catalog.cattle.io/rancher-version: ">= 2.6.0"

packages/rancher-cis-benchmark/charts/values.yaml

@@ -5,13 +5,13 @@
 image:
   cisoperator:
     repository: rancher/cis-operator
-    tag: v1.0.5
+    tag: v1.0.6-rc1
   securityScan:
     repository: rancher/security-scan
-    tag: v0.2.3
+    tag: v0.2.4-rc1
   sonobuoy:
     repository: rancher/mirrored-sonobuoy-sonobuoy
-    tag: v0.16.3
+    tag: v0.53.2
 
 resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious

packages/rancher-cis-benchmark/package.yaml

@@ -1,5 +1,5 @@
 url: local
-version: 2.0.0
+version: 2.0.1
 additionalCharts:
   - workingDir: charts-crd
     crdOptions:

packages/rancher-gatekeeper/generated-changes/patch/Chart.yaml.patch

@@ -2,18 +2,20 @@
 +++ charts/Chart.yaml
 @@ -1,10 +1,22 @@
  apiVersion: v2
- appVersion: v3.5.1
+ appVersion: v3.6.0
 -description: A Helm chart for Gatekeeper
 +description: Modifies Open Policy Agent's upstream gatekeeper chart that provides policy-based control for cloud native environments
  home: https://github.com/open-policy-agent/gatekeeper
  keywords:
- - open policy agent
+-- open policy agent
 -name: gatekeeper
-+- security
++  - open policy agent
++  - security
 +name: rancher-gatekeeper
  sources:
- - https://github.com/open-policy-agent/gatekeeper.git
- version: 3.5.1
+-- https://github.com/open-policy-agent/gatekeeper.git
++  - https://github.com/open-policy-agent/gatekeeper.git
+ version: 3.6.0
 +icon: https://charts.rancher.io/assets/logos/gatekeeper.svg
 +annotations:
 +  catalog.cattle.io/certified: rancher

packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-audit-deployment.yaml.patch

@@ -1,6 +1,6 @@
 --- charts-original/templates/gatekeeper-audit-deployment.yaml
 +++ charts/templates/gatekeeper-audit-deployment.yaml
-@@ -63,7 +63,7 @@
+@@ -65,7 +65,7 @@
            valueFrom:
              fieldRef:
                fieldPath: metadata.name

packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-controller-manager-deployment.yaml.patch

@@ -1,6 +1,6 @@
 --- charts-original/templates/gatekeeper-controller-manager-deployment.yaml
 +++ charts/templates/gatekeeper-controller-manager-deployment.yaml
-@@ -65,7 +65,7 @@
+@@ -71,7 +71,7 @@
            valueFrom:
              fieldRef:
                fieldPath: metadata.name

packages/rancher-gatekeeper/generated-changes/patch/templates/upgrade-crds-hook.yaml.patch

@@ -0,0 +1,11 @@
+--- charts-original/templates/upgrade-crds-hook.yaml
++++ charts/templates/upgrade-crds-hook.yaml
+@@ -72,7 +72,7 @@
+       restartPolicy: Never
+       containers:
+       - name: crds-upgrade
+-        image: '{{ .Values.image.crdRepository }}:{{ .Values.image.release }}'
++        image: '{{ template "system_default_registry" . }}{{ .Values.image.crdRepository }}:{{ .Values.image.tag }}'
+         imagePullPolicy: '{{ .Values.image.pullPolicy }}'
+         args:
+         - apply

packages/rancher-gatekeeper/generated-changes/patch/values.yaml.patch

@@ -7,7 +7,7 @@
  auditMatchKindOnly: false
  constraintViolationsLimit: 20
  auditFromCache: false
-@@ -16,13 +16,13 @@
+@@ -19,14 +19,14 @@
    labelNamespace:
      enabled: true
      image:
@@ -19,13 +19,15 @@
        pullSecrets: []
  image:
 -  repository: openpolicyagent/gatekeeper
--  release: v3.5.1
+-  crdRepository: openpolicyagent/gatekeeper-crds
+-  release: v3.6.0
 +  repository: rancher/mirrored-openpolicyagent-gatekeeper
-+  tag: v3.5.1
++  crdRepository: rancher/mirrored-openpolicyagent-gatekeeper-crds
++  tag: v3.6.0
    pullPolicy: IfNotPresent
    pullSecrets: []
  podAnnotations:
-@@ -70,5 +70,11 @@
+@@ -80,5 +80,11 @@
  pdb:
    controllerManager:
      minAvailable: 1

packages/rancher-gatekeeper/package.yaml

@@ -1,5 +1,5 @@
-url: https://open-policy-agent.github.io/gatekeeper/charts/gatekeeper-3.5.1.tgz
-version: 100.0.0
+url: https://open-policy-agent.github.io/gatekeeper/charts/gatekeeper-3.6.0.tgz
+version: 100.0.1
 additionalCharts:
   - workingDir: charts-crd
     crdOptions:

packages/rancher-gatekeeper/templates/crd-template/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v1
-version: 3.5.1
+version: 3.6.0
 description: Installs the CRDs for rancher-gatekeeper.
 name: rancher-gatekeeper-crd
 type: application

packages/rancher-vsphere-csi/charts/templates/vsphere-csi-controller-deployment.yaml

@@ -39,17 +39,25 @@ spec:
                 - "true"
       {{- end }}
       serviceAccountName: vsphere-csi-controller
-      {{- if .Values.csiController.tolerations }}
       tolerations:
-      {{- with .Values.csiController.tolerations }}
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- else }}
-      tolerations:
-        - key: node-role.kubernetes.io/master
-          operator: Exists
+        # Rancher specific change: These tolerations are intentionally different from upstream to avoid lessening the scope to only NoSchedule with a specific key
+        # - key: node-role.kubernetes.io/master
+        #   operator: Exists
+        #   effect: NoSchedule
+        - operator: "Exists"
           effect: NoSchedule
-      {{- end }}
+        - operator: "Exists"
+          effect: NoExecute
+        # uncomment below toleration if you need an aggressive pod eviction in case when
+        # node becomes not-ready or unreachable. Default is 300 seconds if not specified.
+        #- key: node.kubernetes.io/not-ready
+        #  operator: Exists
+        #  effect: NoExecute
+        #  tolerationSeconds: 30
+        #- key: node.kubernetes.io/unreachable
+        #  operator: Exists
+        #  effect: NoExecute
+        #  tolerationSeconds: 30
       dnsPolicy: "Default"
       containers:
         - name: csi-attacher

packages/rancher-vsphere-csi/charts/values.yaml

@@ -42,17 +42,6 @@ csiController:
       repository: rancher/mirrored-k8scsi-csi-provisioner
       tag: v2.1.0
   nodeSelector: {}
-  # Uncomment below toleration if you need an aggressive pod eviction in case when
-  # node becomes not-ready or unreachable. Default is 300 seconds if not specified.
-  # tolerations:
-  # - key: node.kubernetes.io/not-ready
-  #   operator: Exists
-  #   effect: NoExecute
-  #   tolerationSeconds: 30
-  # - key: node.kubernetes.io/unreachable
-  #   operator: Exists
-  #   effect: NoExecute
-  #   tolerationSeconds: 30
 
 # Internal features
 csiMigration:

packages/rancher-vsphere-csi/package.yaml

@@ -1,2 +1,2 @@
 url: local
-version: 100.0.1
+version: 100.0.0

packages/rancher-webhook/package.yaml

@@ -1,2 +1,2 @@
-url: https://github.com/rancher/webhook/releases/download/v0.2.0/rancher-webhook-0.2.0.tgz
-version: 1.0.0
+url: https://github.com/rancher/webhook/releases/download/v0.2.1-rc1/rancher-webhook-0.2.1-rc1.tgz
+version: 1.0.1