Merge pull request #1825 from rosskirkpat/revert-gatekeeper-anno

Revert rancher-gatekeeper permits-os annotations
2022-03-24 18:25:43 -04:00 · 2022-03-24 18:25:43 -04:00 · 60a4cb98f8
parent 0df638896e 5c00bfcc8b
commit 60a4cb98f8
24 changed files with 31 additions and 213 deletions
--- a/assets/rancher-gatekeeper-crd/rancher-gatekeeper-crd-100.0.1+up3.6.0.tgz
+++ b/assets/rancher-gatekeeper-crd/rancher-gatekeeper-crd-100.0.1+up3.6.0.tgz
--- a/assets/rancher-gatekeeper/rancher-gatekeeper-100.0.1+up3.6.0.tgz
+++ b/assets/rancher-gatekeeper/rancher-gatekeeper-100.0.1+up3.6.0.tgz
--- a/charts/rancher-gatekeeper-crd/100.0.1+up3.6.0/templates/_helpers.tpl
+++ b/charts/rancher-gatekeeper-crd/100.0.1+up3.6.0/templates/_helpers.tpl
@ -5,18 +5,3 @@
 {{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
 {{- end -}}
 {{- end -}}
-
-{{/*
-Windows cluster will add default taint for linux nodes,
-add below linux tolerations to workloads could be scheduled to those linux nodes
-*/}}
-{{- define "linux-node-tolerations" -}}
- key: "cattle.io/os"
-  value: "linux"
-  effect: "NoSchedule"
-  operator: "Equal"
-{{- end -}}
-
-{{- define "linux-node-selector" -}}
-kubernetes.io/os: linux
-{{- end -}}
--- a/charts/rancher-gatekeeper-crd/100.0.1+up3.6.0/templates/jobs.yaml
+++ b/charts/rancher-gatekeeper-crd/100.0.1+up3.6.0/templates/jobs.yaml
@ -16,14 +16,6 @@ spec:
        app: {{ .Chart.Name }}
    spec:
      serviceAccountName: {{ .Chart.Name }}-manager
-      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
-{{- if .Values.nodeSelector }}
-{{ toYaml .Values.nodeSelector | indent 8 }}
-{{- end }}
-      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
-{{- if .Values.tolerations }}
-{{ toYaml .Values.tolerations | indent 8 }}
-{{- end }}
      securityContext:
        runAsNonRoot: true
        runAsUser: 1000
@ -64,14 +56,6 @@ spec:
        app: {{ .Chart.Name }}
    spec:
      serviceAccountName: {{ .Chart.Name }}-manager
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
      securityContext:
        runAsNonRoot: true
        runAsUser: 1000
--- a/charts/rancher-gatekeeper-crd/100.0.1+up3.6.0/values.yaml
+++ b/charts/rancher-gatekeeper-crd/100.0.1+up3.6.0/values.yaml
@ -9,11 +9,3 @@ global:
 image:
  repository: rancher/kubectl
  tag: v1.20.2
-
-## Node labels for pod assignment
-## Ref: https://kubernetes.io/docs/user-guide/node-selection/
-##
-nodeSelector: {}
-
-## List of node taints to tolerate (requires Kubernetes >= 1.6)
-tolerations: []
--- a/charts/rancher-gatekeeper/100.0.1+up3.6.0/Chart.yaml
+++ b/charts/rancher-gatekeeper/100.0.1+up3.6.0/Chart.yaml
@ -4,7 +4,6 @@ annotations:
  catalog.cattle.io/display-name: OPA Gatekeeper
  catalog.cattle.io/namespace: cattle-gatekeeper-system
  catalog.cattle.io/os: linux
-  catalog.cattle.io/permits-os: linux,windows
  catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1
  catalog.cattle.io/release-name: rancher-gatekeeper
  catalog.cattle.io/type: cluster-tool
--- a/charts/rancher-gatekeeper/100.0.1+up3.6.0/templates/_helpers.tpl
+++ b/charts/rancher-gatekeeper/100.0.1+up3.6.0/templates/_helpers.tpl
@ -47,18 +47,3 @@ Adds additional pod labels to the common ones
 {{- "" -}}
 {{- end -}}
 {{- end -}}
-
-{{/*
-Windows cluster will add default taint for linux nodes,
-add below linux tolerations to workloads could be scheduled to those linux nodes
-*/}}
-{{- define "linux-node-tolerations" -}}
- key: "cattle.io/os"
-  value: "linux"
-  effect: "NoSchedule"
-  operator: "Equal"
-{{- end -}}
-
-{{- define "linux-node-selector" -}}
-kubernetes.io/os: linux
-{{- end -}}
--- a/charts/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-audit-deployment.yaml
+++ b/charts/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-audit-deployment.yaml
@ -97,16 +97,12 @@ spec:
      hostNetwork: {{ .Values.audit.hostNetwork }}
      imagePullSecrets:
        {{- toYaml .Values.images.pullSecrets | nindent 8 }}
-      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
-{{- if .Values.audit.nodeSelector }}
-{{ toYaml .Values.audit.nodeSelector | indent 8 }}
-{{- end }}
+      nodeSelector:
+        {{- toYaml .Values.audit.nodeSelector | nindent 8 }}
      {{- if .Values.audit.priorityClassName }} 
      priorityClassName:  {{ .Values.audit.priorityClassName }}
      {{- end }}
      serviceAccountName: gatekeeper-admin
      terminationGracePeriodSeconds: 60
-      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
-{{- if .Values.audit.tolerations }}
-{{ toYaml .Values.audit.tolerations | indent 8 }}
-{{- end }}
+      tolerations:
+        {{- toYaml .Values.audit.tolerations | nindent 8 }}
--- a/charts/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-controller-manager-deployment.yaml
+++ b/charts/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-controller-manager-deployment.yaml
@ -110,19 +110,15 @@ spec:
      hostNetwork: {{ .Values.controllerManager.hostNetwork }}
      imagePullSecrets:
        {{- toYaml .Values.images.pullSecrets | nindent 8 }}
-      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
-{{- if .Values.controllerManager.nodeSelector }}
-{{ toYaml .Values.controllerManager.nodeSelector | indent 8 }}
-{{- end }}
+      nodeSelector:
+        {{- toYaml .Values.controllerManager.nodeSelector | nindent 8 }}
      {{- if .Values.controllerManager.priorityClassName }} 
      priorityClassName:  {{ .Values.controllerManager.priorityClassName }}
      {{- end }}
      serviceAccountName: gatekeeper-admin
      terminationGracePeriodSeconds: 60
-      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
-{{- if .Values.controllerManager.tolerations }}
-{{ toYaml .Values.controllerManager.tolerations | indent 8 }}
-{{- end }}
+      tolerations:
+        {{- toYaml .Values.controllerManager.tolerations | nindent 8 }}
      volumes:
      - name: cert
        secret:
--- a/charts/rancher-gatekeeper/100.0.1+up3.6.0/templates/namespace-post-install.yaml
+++ b/charts/rancher-gatekeeper/100.0.1+up3.6.0/templates/namespace-post-install.yaml
@ -26,8 +26,8 @@ spec:
      {{- .Values.postInstall.labelNamespace.image.pullSecrets | toYaml | nindent 12 }}
      {{- end }}
      serviceAccount: gatekeeper-update-namespace-label
-      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
-      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+      nodeSelector:
+        kubernetes.io/os: linux
      containers:
        - name: kubectl-label
          image: '{{ template "system_default_registry" . }}{{ .Values.postInstall.labelNamespace.image.repository }}:{{ .Values.postInstall.labelNamespace.image.tag }}'
--- a/charts/rancher-gatekeeper/100.0.1+up3.6.0/templates/upgrade-crds-hook.yaml
+++ b/charts/rancher-gatekeeper/100.0.1+up3.6.0/templates/upgrade-crds-hook.yaml
@ -78,5 +78,5 @@ spec:
        - apply
        - -f
        - crds/
-      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
-      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+      nodeSelector:
+        kubernetes.io/os: linux
--- a/charts/rancher-gatekeeper/100.0.1+up3.6.0/values.yaml
+++ b/charts/rancher-gatekeeper/100.0.1+up3.6.0/values.yaml
@ -57,7 +57,7 @@ controllerManager:
            topologyKey: kubernetes.io/hostname
          weight: 100
  tolerations: []
-  nodeSelector: {}
+  nodeSelector: { kubernetes.io/os: linux }
  resources:
    limits:
      cpu: 1000m
@ -72,7 +72,7 @@ audit:
  priorityClassName: system-cluster-critical
  affinity: {}
  tolerations: []
-  nodeSelector: {}
+  nodeSelector: { kubernetes.io/os: linux }
  resources:
    limits:
      cpu: 1000m
--- a/index.yaml
+++ b/index.yaml
@ -2902,17 +2902,16 @@ entries:
      catalog.cattle.io/display-name: OPA Gatekeeper
      catalog.cattle.io/namespace: cattle-gatekeeper-system
      catalog.cattle.io/os: linux
-      catalog.cattle.io/permits-os: linux,windows
      catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1
      catalog.cattle.io/release-name: rancher-gatekeeper
      catalog.cattle.io/type: cluster-tool
      catalog.cattle.io/ui-component: gatekeeper
    apiVersion: v2
    appVersion: v3.6.0
-    created: "2022-03-18T14:10:32.36049-07:00"
+    created: "2022-03-24T18:20:24.619798-04:00"
    description: Modifies Open Policy Agent's upstream gatekeeper chart that provides
      policy-based control for cloud native environments
-    digest: 1b9b37f1f2784dbc8e77a58ede272827267e712a3e5696be3493c3bf9c55f354
+    digest: 85baa674866e4d6c02ba6ca3db53b7cb20f98a6d4f7133b962fb2ccf48b66a20
    home: https://github.com/open-policy-agent/gatekeeper
    icon: https://charts.rancher.io/assets/logos/gatekeeper.svg
    keywords:
@ -3094,9 +3093,9 @@ entries:
      catalog.cattle.io/namespace: cattle-gatekeeper-system
      catalog.cattle.io/release-name: rancher-gatekeeper-crd
    apiVersion: v1
-    created: "2022-03-18T14:10:32.365522-07:00"
+    created: "2022-03-24T18:20:24.625186-04:00"
    description: Installs the CRDs for rancher-gatekeeper.
-    digest: 8b0940b019dc731617b46a4095d4405beaec96ae85ecef1911c73ec8b894d65f
+    digest: 6f16970dcb1a8963c34d4564955ec9bcbc9c8644504328de80e629726885d532
    name: rancher-gatekeeper-crd
    type: application
    urls:
--- a/packages/rancher-gatekeeper/generated-changes/patch/Chart.yaml.patch
+++ b/packages/rancher-gatekeeper/generated-changes/patch/Chart.yaml.patch
@ -1,13 +1,12 @@
 --- charts-original/Chart.yaml
 +++ charts/Chart.yaml
-@@ -1,10 +1,24 @@
+@@ -1,10 +1,23 @@
 +annotations:
 +  catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match
 +  catalog.cattle.io/certified: rancher
 +  catalog.cattle.io/display-name: OPA Gatekeeper
 +  catalog.cattle.io/namespace: cattle-gatekeeper-system
 +  catalog.cattle.io/os: linux
-+  catalog.cattle.io/permits-os: linux,windows
 +  catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1
 +  catalog.cattle.io/release-name: rancher-gatekeeper
 +  catalog.cattle.io/type: cluster-tool
--- a/packages/rancher-gatekeeper/generated-changes/patch/templates/_helpers.tpl.patch
+++ b/packages/rancher-gatekeeper/generated-changes/patch/templates/_helpers.tpl.patch
@ -1,9 +1,11 @@
 --- charts-original/templates/_helpers.tpl
 +++ charts/templates/_helpers.tpl
-@@ -38,4 +38,27 @@
+@@ -38,4 +38,12 @@
 {{- if .Values.podLabels }}
 {{- toYaml .Values.podLabels | nindent 8 }}
 {{- end }}
+-{{- end -}}
+\ No newline at end of file
 +{{- end -}}
 +
 +{{- define "system_default_registry" -}}
@ -13,19 +15,3 @@
 +{{- "" -}}
 +{{- end -}}
 +{{- end -}}
-+
-+{{/*
-+Windows cluster will add default taint for linux nodes,
-+add below linux tolerations to workloads could be scheduled to those linux nodes
-+*/}}
-+{{- define "linux-node-tolerations" -}}
-+- key: "cattle.io/os"
-+  value: "linux"
-+  effect: "NoSchedule"
-+  operator: "Equal"
-+{{- end -}}
-+
-+{{- define "linux-node-selector" -}}
-+kubernetes.io/os: linux
- {{- end -}}
-\ No newline at end of file
--- a/packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-audit-deployment.yaml.patch
+++ b/packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-audit-deployment.yaml.patch
@ -11,26 +11,12 @@
         livenessProbe:
           httpGet:
             path: /healthz
-@@ -96,13 +96,17 @@
+@@ -96,7 +96,7 @@
           runAsUser: 1000
       hostNetwork: {{ .Values.audit.hostNetwork }}
       imagePullSecrets:
 -        {{- toYaml .Values.image.pullSecrets | nindent 8 }}
-      nodeSelector:
-        {{- toYaml .Values.audit.nodeSelector | nindent 8 }}
 +        {{- toYaml .Values.images.pullSecrets | nindent 8 }}
-+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
-+{{- if .Values.audit.nodeSelector }}
-+{{ toYaml .Values.audit.nodeSelector | indent 8 }}
-+{{- end }}
+       nodeSelector:
+         {{- toYaml .Values.audit.nodeSelector | nindent 8 }}
       {{- if .Values.audit.priorityClassName }} 
-       priorityClassName:  {{ .Values.audit.priorityClassName }}
-       {{- end }}
-       serviceAccountName: gatekeeper-admin
-       terminationGracePeriodSeconds: 60
-      tolerations:
-        {{- toYaml .Values.audit.tolerations | nindent 8 }}
-+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
-+{{- if .Values.audit.tolerations }}
-+{{ toYaml .Values.audit.tolerations | indent 8 }}
-+{{- end }}
--- a/packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-controller-manager-deployment.yaml.patch
+++ b/packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-controller-manager-deployment.yaml.patch
@ -11,29 +11,12 @@
         livenessProbe:
           httpGet:
             path: /healthz
-@@ -109,16 +109,20 @@
+@@ -109,7 +109,7 @@
           readOnly: true
       hostNetwork: {{ .Values.controllerManager.hostNetwork }}
       imagePullSecrets:
 -        {{- toYaml .Values.image.pullSecrets | nindent 8 }}
-      nodeSelector:
-        {{- toYaml .Values.controllerManager.nodeSelector | nindent 8 }}
 +        {{- toYaml .Values.images.pullSecrets | nindent 8 }}
-+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
-+{{- if .Values.controllerManager.nodeSelector }}
-+{{ toYaml .Values.controllerManager.nodeSelector | indent 8 }}
-+{{- end }}
+       nodeSelector:
+         {{- toYaml .Values.controllerManager.nodeSelector | nindent 8 }}
       {{- if .Values.controllerManager.priorityClassName }} 
-       priorityClassName:  {{ .Values.controllerManager.priorityClassName }}
-       {{- end }}
-       serviceAccountName: gatekeeper-admin
-       terminationGracePeriodSeconds: 60
-      tolerations:
-        {{- toYaml .Values.controllerManager.tolerations | nindent 8 }}
-+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
-+{{- if .Values.controllerManager.tolerations }}
-+{{ toYaml .Values.controllerManager.tolerations | indent 8 }}
-+{{- end }}
-       volumes:
-       - name: cert
-         secret:
--- a/packages/rancher-gatekeeper/generated-changes/patch/templates/namespace-post-install.yaml.patch
+++ b/packages/rancher-gatekeeper/generated-changes/patch/templates/namespace-post-install.yaml.patch
@ -1,13 +1,7 @@
 --- charts-original/templates/namespace-post-install.yaml
 +++ charts/templates/namespace-post-install.yaml
-@@ -26,11 +26,11 @@
-       {{- .Values.postInstall.labelNamespace.image.pullSecrets | toYaml | nindent 12 }}
-       {{- end }}
-       serviceAccount: gatekeeper-update-namespace-label
-      nodeSelector:
-        kubernetes.io/os: linux
-+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
-+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+@@ -30,7 +30,7 @@
+         kubernetes.io/os: linux
       containers:
         - name: kubectl-label
 -          image: "{{ .Values.postInstall.labelNamespace.image.repository }}:{{ .Values.postInstall.labelNamespace.image.tag }}"
--- a/packages/rancher-gatekeeper/generated-changes/patch/templates/upgrade-crds-hook.yaml.patch
+++ b/packages/rancher-gatekeeper/generated-changes/patch/templates/upgrade-crds-hook.yaml.patch
@ -1,6 +1,6 @@
 --- charts-original/templates/upgrade-crds-hook.yaml
 +++ charts/templates/upgrade-crds-hook.yaml
-@@ -72,11 +72,11 @@
+@@ -72,8 +72,8 @@
       restartPolicy: Never
       containers:
       - name: crds-upgrade
@ -11,8 +11,3 @@
         args:
         - apply
         - -f
-         - crds/
-      nodeSelector:
-        kubernetes.io/os: linux
-+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
-+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
--- a/packages/rancher-gatekeeper/generated-changes/patch/values.yaml.patch
+++ b/packages/rancher-gatekeeper/generated-changes/patch/values.yaml.patch
@ -31,24 +31,6 @@
   pullPolicy: IfNotPresent
   pullSecrets: []
 podAnnotations:
-@@ -54,7 +57,7 @@
-             topologyKey: kubernetes.io/hostname
-           weight: 100
-   tolerations: []
-  nodeSelector: { kubernetes.io/os: linux }
-+  nodeSelector: {}
-   resources:
-     limits:
-       cpu: 1000m
-@@ -69,7 +72,7 @@
-   priorityClassName: system-cluster-critical
-   affinity: {}
-   tolerations: []
-  nodeSelector: { kubernetes.io/os: linux }
-+  nodeSelector: {}
-   resources:
-     limits:
-       cpu: 1000m
@@ -80,5 +83,11 @@
 pdb:
   controllerManager:
--- a/packages/rancher-gatekeeper/templates/crd-template/templates/_helpers.tpl
+++ b/packages/rancher-gatekeeper/templates/crd-template/templates/_helpers.tpl
@ -5,18 +5,3 @@
 {{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
 {{- end -}}
 {{- end -}}
-
-{{/*
-Windows cluster will add default taint for linux nodes,
-add below linux tolerations to workloads could be scheduled to those linux nodes
-*/}}
-{{- define "linux-node-tolerations" -}}
- key: "cattle.io/os"
-  value: "linux"
-  effect: "NoSchedule"
-  operator: "Equal"
-{{- end -}}
-
-{{- define "linux-node-selector" -}}
-kubernetes.io/os: linux
-{{- end -}}
--- a/packages/rancher-gatekeeper/templates/crd-template/templates/jobs.yaml
+++ b/packages/rancher-gatekeeper/templates/crd-template/templates/jobs.yaml
@ -16,14 +16,6 @@ spec:
        app: {{ .Chart.Name }}
    spec:
      serviceAccountName: {{ .Chart.Name }}-manager
-      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
-{{- if .Values.nodeSelector }}
-{{ toYaml .Values.nodeSelector | indent 8 }}
-{{- end }}
-      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
-{{- if .Values.tolerations }}
-{{ toYaml .Values.tolerations | indent 8 }}
-{{- end }}
      securityContext:
        runAsNonRoot: true
        runAsUser: 1000
@ -64,14 +56,6 @@ spec:
        app: {{ .Chart.Name }}
    spec:
      serviceAccountName: {{ .Chart.Name }}-manager
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
      securityContext:
        runAsNonRoot: true
        runAsUser: 1000
--- a/packages/rancher-gatekeeper/templates/crd-template/values.yaml
+++ b/packages/rancher-gatekeeper/templates/crd-template/values.yaml
@ -9,11 +9,3 @@ global:
 image:
  repository: rancher/kubectl
  tag: v1.20.2
-
-## Node labels for pod assignment
-## Ref: https://kubernetes.io/docs/user-guide/node-selection/
-##
-nodeSelector: {}
-
-## List of node taints to tolerate (requires Kubernetes >= 1.6)
-tolerations: []
--- a/release.yaml
+++ b/release.yaml
@ -81,10 +81,6 @@ rancher-cis-benchmark-crd:
 - 2.0.3-rc2
 system-upgrade-controller:
 - 100.0.2+up0.3.2
-rancher-gatekeeper:
- 100.0.1+up3.6.0
-rancher-gatekeeper-crd:
- 100.0.1+up3.6.0
 sriov:
 - 100.0.2+up0.1.0
 sriov-crd: