diff --git a/packages/rancher-monitoring/rancher-grafana/generated-changes/patch/templates/podsecuritypolicy.yaml.patch b/packages/rancher-monitoring/rancher-grafana/generated-changes/patch/templates/podsecuritypolicy.yaml.patch index 5d0740da1..19b81c791 100644 --- a/packages/rancher-monitoring/rancher-grafana/generated-changes/patch/templates/podsecuritypolicy.yaml.patch +++ b/packages/rancher-monitoring/rancher-grafana/generated-changes/patch/templates/podsecuritypolicy.yaml.patch @@ -1,6 +1,12 @@ --- charts-original/templates/podsecuritypolicy.yaml +++ charts/templates/podsecuritypolicy.yaml -@@ -6,13 +6,9 @@ +@@ -1,18 +1,13 @@ +-{{- if .Values.rbac.pspEnabled }} +-{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} ++{{- if .Values.global.cattle.psp.enabled }} + apiVersion: policy/v1beta1 + kind: PodSecurityPolicy + metadata: name: {{ template "grafana.fullname" . }} labels: {{- include "grafana.labels" . | nindent 4 }} @@ -17,3 +23,9 @@ spec: privileged: false allowPrivilegeEscalation: false +@@ -47,5 +42,4 @@ + - min: 1 + max: 65535 + readOnlyRootFilesystem: false +-{{- end }} + {{- end }} diff --git a/packages/rancher-monitoring/rancher-grafana/generated-changes/patch/templates/role.yaml.patch b/packages/rancher-monitoring/rancher-grafana/generated-changes/patch/templates/role.yaml.patch new file mode 100644 index 000000000..2d17ec90f --- /dev/null +++ b/packages/rancher-monitoring/rancher-grafana/generated-changes/patch/templates/role.yaml.patch @@ -0,0 +1,14 @@ +--- charts-original/templates/role.yaml ++++ charts/templates/role.yaml +@@ -10,9 +10,9 @@ + annotations: + {{ toYaml . | indent 4 }} + {{- end }} +-{{- if or .Values.rbac.pspEnabled (and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled (or .Values.sidecar.plugins.enabled .Values.rbac.extraRoleRules)))) }} ++{{- if or .Values.global.cattle.psp.enabled (and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled (or .Values.sidecar.plugins.enabled .Values.rbac.extraRoleRules)))) }} + rules: +-{{- if .Values.rbac.pspEnabled }} ++{{- if .Values.global.cattle.psp.enabled }} + - apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] diff --git a/packages/rancher-monitoring/rancher-grafana/generated-changes/patch/templates/tests/test-podsecuritypolicy.yaml.patch b/packages/rancher-monitoring/rancher-grafana/generated-changes/patch/templates/tests/test-podsecuritypolicy.yaml.patch index 084103f1d..48e5afa45 100644 --- a/packages/rancher-monitoring/rancher-grafana/generated-changes/patch/templates/tests/test-podsecuritypolicy.yaml.patch +++ b/packages/rancher-monitoring/rancher-grafana/generated-changes/patch/templates/tests/test-podsecuritypolicy.yaml.patch @@ -1,8 +1,9 @@ --- charts-original/templates/tests/test-podsecuritypolicy.yaml +++ charts/templates/tests/test-podsecuritypolicy.yaml @@ -1,5 +1,4 @@ - {{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled }} +-{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} ++{{- if and .Values.testFramework.enabled .Values.global.cattle.psp.enabled }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: diff --git a/packages/rancher-monitoring/rancher-grafana/generated-changes/patch/templates/tests/test-role.yaml.patch b/packages/rancher-monitoring/rancher-grafana/generated-changes/patch/templates/tests/test-role.yaml.patch new file mode 100644 index 000000000..318416198 --- /dev/null +++ b/packages/rancher-monitoring/rancher-grafana/generated-changes/patch/templates/tests/test-role.yaml.patch @@ -0,0 +1,8 @@ +--- charts-original/templates/tests/test-role.yaml ++++ charts/templates/tests/test-role.yaml +@@ -1,4 +1,4 @@ +-{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled -}} ++{{- if and .Values.testFramework.enabled .Values.global.cattle.psp.enabled -}} + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: diff --git a/packages/rancher-monitoring/rancher-grafana/generated-changes/patch/templates/tests/test-rolebinding.yaml.patch b/packages/rancher-monitoring/rancher-grafana/generated-changes/patch/templates/tests/test-rolebinding.yaml.patch new file mode 100644 index 000000000..1fb91f880 --- /dev/null +++ b/packages/rancher-monitoring/rancher-grafana/generated-changes/patch/templates/tests/test-rolebinding.yaml.patch @@ -0,0 +1,8 @@ +--- charts-original/templates/tests/test-rolebinding.yaml ++++ charts/templates/tests/test-rolebinding.yaml +@@ -1,4 +1,4 @@ +-{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled -}} ++{{- if and .Values.testFramework.enabled .Values.global.cattle.psp.enabled -}} + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: diff --git a/packages/rancher-monitoring/rancher-grafana/generated-changes/patch/values.yaml.patch b/packages/rancher-monitoring/rancher-grafana/generated-changes/patch/values.yaml.patch index 13640ee70..f0f98e09d 100644 --- a/packages/rancher-monitoring/rancher-grafana/generated-changes/patch/values.yaml.patch +++ b/packages/rancher-monitoring/rancher-grafana/generated-changes/patch/values.yaml.patch @@ -1,15 +1,17 @@ --- charts-original/values.yaml +++ charts/values.yaml -@@ -1,9 +1,23 @@ +@@ -1,9 +1,24 @@ +global: + cattle: ++ psp: ++ enabled: false + systemDefaultRegistry: "" + rbac: create: true ## Use an existing ClusterRole/Role (depending on rbac.namespaced false/true) # useExistingRole: name-of-some-(cluster)role - pspEnabled: true +- pspEnabled: true - pspUseAppArmor: true + pspAnnotations: {} + ## Specify pod annotations @@ -25,7 +27,7 @@ namespaced: false extraRoleRules: [] # - apiGroups: [] -@@ -73,9 +87,9 @@ +@@ -73,9 +88,9 @@ # schedulerName: "default-scheduler" image: @@ -37,7 +39,7 @@ sha: "" pullPolicy: IfNotPresent -@@ -88,13 +102,16 @@ +@@ -88,13 +103,16 @@ # - myRegistrKeySecretName testFramework: @@ -57,7 +59,7 @@ runAsUser: 472 runAsGroup: 472 fsGroup: 472 -@@ -127,7 +144,7 @@ +@@ -127,7 +145,7 @@ # priorityClassName: downloadDashboardsImage: @@ -66,7 +68,7 @@ tag: 7.85.0 sha: "" pullPolicy: IfNotPresent -@@ -204,7 +221,7 @@ +@@ -204,7 +222,7 @@ labels: {} path: / @@ -75,7 +77,7 @@ pathType: Prefix hosts: -@@ -328,7 +345,7 @@ +@@ -328,7 +346,7 @@ ## initChownData container image ## image: @@ -84,7 +86,7 @@ tag: "1.31.1" sha: "" pullPolicy: IfNotPresent -@@ -739,7 +756,7 @@ +@@ -739,7 +757,7 @@ ## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards sidecar: image: @@ -93,7 +95,7 @@ tag: 1.19.2 sha: "" imagePullPolicy: IfNotPresent -@@ -852,10 +869,10 @@ +@@ -852,10 +870,10 @@ reloadURL: "http://localhost:3000/api/admin/provisioning/datasources/reload" # Absolute path to shell script to execute after a datasource got reloaded script: null @@ -106,7 +108,7 @@ # Sets the size limit of the datasource sidecar emptyDir volume sizeLimit: {} plugins: -@@ -934,9 +951,9 @@ +@@ -934,9 +952,9 @@ replicas: 1 image: # image-renderer Image repository diff --git a/packages/rancher-monitoring/rancher-grafana/package.yaml b/packages/rancher-monitoring/rancher-grafana/package.yaml index ce4242896..dbb35014f 100644 --- a/packages/rancher-monitoring/rancher-grafana/package.yaml +++ b/packages/rancher-monitoring/rancher-grafana/package.yaml @@ -1,5 +1,5 @@ url: https://github.com/grafana/helm-charts.git subdirectory: charts/grafana commit: 74c1f4c96e174ca140cfc24e1327393c82478214 -version: 101.0.0 +version: 102.0.0 doNotRelease: true