Merge pull request #1825 from rosskirkpat/revert-gatekeeper-anno

Revert rancher-gatekeeper permits-os annotations

charts/rancher-gatekeeper-crd/100.0.1+up3.6.0/templates/_helpers.tpl

@@ -5,18 +5,3 @@
 {{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
 {{- end -}}
 {{- end -}}
-
-{{/*
-Windows cluster will add default taint for linux nodes,
-add below linux tolerations to workloads could be scheduled to those linux nodes
-*/}}
-{{- define "linux-node-tolerations" -}}
-- key: "cattle.io/os"
-  value: "linux"
-  effect: "NoSchedule"
-  operator: "Equal"
-{{- end -}}
-
-{{- define "linux-node-selector" -}}
-kubernetes.io/os: linux
-{{- end -}}

charts/rancher-gatekeeper-crd/100.0.1+up3.6.0/templates/jobs.yaml

@@ -16,14 +16,6 @@ spec:
         app: {{ .Chart.Name }}
     spec:
       serviceAccountName: {{ .Chart.Name }}-manager
-      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
-{{- if .Values.nodeSelector }}
-{{ toYaml .Values.nodeSelector | indent 8 }}
-{{- end }}
-      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
-{{- if .Values.tolerations }}
-{{ toYaml .Values.tolerations | indent 8 }}
-{{- end }}
       securityContext:
         runAsNonRoot: true
         runAsUser: 1000
@@ -64,14 +56,6 @@ spec:
         app: {{ .Chart.Name }}
     spec:
       serviceAccountName: {{ .Chart.Name }}-manager
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
       securityContext:
         runAsNonRoot: true
         runAsUser: 1000

charts/rancher-gatekeeper-crd/100.0.1+up3.6.0/values.yaml

@@ -9,11 +9,3 @@ global:
 image:
   repository: rancher/kubectl
   tag: v1.20.2
-
-## Node labels for pod assignment
-## Ref: https://kubernetes.io/docs/user-guide/node-selection/
-##
-nodeSelector: {}
-
-## List of node taints to tolerate (requires Kubernetes >= 1.6)
-tolerations: []

charts/rancher-gatekeeper/100.0.1+up3.6.0/Chart.yaml

@@ -4,7 +4,6 @@ annotations:
   catalog.cattle.io/display-name: OPA Gatekeeper
   catalog.cattle.io/namespace: cattle-gatekeeper-system
   catalog.cattle.io/os: linux
-  catalog.cattle.io/permits-os: linux,windows
   catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1
   catalog.cattle.io/release-name: rancher-gatekeeper
   catalog.cattle.io/type: cluster-tool

charts/rancher-gatekeeper/100.0.1+up3.6.0/templates/_helpers.tpl

@@ -47,18 +47,3 @@ Adds additional pod labels to the common ones
 {{- "" -}}
 {{- end -}}
 {{- end -}}
-
-{{/*
-Windows cluster will add default taint for linux nodes,
-add below linux tolerations to workloads could be scheduled to those linux nodes
-*/}}
-{{- define "linux-node-tolerations" -}}
-- key: "cattle.io/os"
-  value: "linux"
-  effect: "NoSchedule"
-  operator: "Equal"
-{{- end -}}
-
-{{- define "linux-node-selector" -}}
-kubernetes.io/os: linux
-{{- end -}}

charts/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-audit-deployment.yaml

@@ -97,16 +97,12 @@ spec:
       hostNetwork: {{ .Values.audit.hostNetwork }}
       imagePullSecrets:
         {{- toYaml .Values.images.pullSecrets | nindent 8 }}
-      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+      nodeSelector:
-{{- if .Values.audit.nodeSelector }}
+        {{- toYaml .Values.audit.nodeSelector | nindent 8 }}
-{{ toYaml .Values.audit.nodeSelector | indent 8 }}
-{{- end }}
       {{- if .Values.audit.priorityClassName }} 
       priorityClassName:  {{ .Values.audit.priorityClassName }}
       {{- end }}
       serviceAccountName: gatekeeper-admin
       terminationGracePeriodSeconds: 60
-      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+      tolerations:
-{{- if .Values.audit.tolerations }}
+        {{- toYaml .Values.audit.tolerations | nindent 8 }}
-{{ toYaml .Values.audit.tolerations | indent 8 }}
-{{- end }}

charts/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-controller-manager-deployment.yaml

@@ -110,19 +110,15 @@ spec:
       hostNetwork: {{ .Values.controllerManager.hostNetwork }}
       imagePullSecrets:
         {{- toYaml .Values.images.pullSecrets | nindent 8 }}
-      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+      nodeSelector:
-{{- if .Values.controllerManager.nodeSelector }}
+        {{- toYaml .Values.controllerManager.nodeSelector | nindent 8 }}
-{{ toYaml .Values.controllerManager.nodeSelector | indent 8 }}
-{{- end }}
       {{- if .Values.controllerManager.priorityClassName }} 
       priorityClassName:  {{ .Values.controllerManager.priorityClassName }}
       {{- end }}
       serviceAccountName: gatekeeper-admin
       terminationGracePeriodSeconds: 60
-      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+      tolerations:
-{{- if .Values.controllerManager.tolerations }}
+        {{- toYaml .Values.controllerManager.tolerations | nindent 8 }}
-{{ toYaml .Values.controllerManager.tolerations | indent 8 }}
-{{- end }}
       volumes:
       - name: cert
         secret:

charts/rancher-gatekeeper/100.0.1+up3.6.0/templates/namespace-post-install.yaml

@@ -26,8 +26,8 @@ spec:
       {{- .Values.postInstall.labelNamespace.image.pullSecrets | toYaml | nindent 12 }}
       {{- end }}
       serviceAccount: gatekeeper-update-namespace-label
-      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+      nodeSelector:
-      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+        kubernetes.io/os: linux
       containers:
         - name: kubectl-label
           image: '{{ template "system_default_registry" . }}{{ .Values.postInstall.labelNamespace.image.repository }}:{{ .Values.postInstall.labelNamespace.image.tag }}'

charts/rancher-gatekeeper/100.0.1+up3.6.0/templates/upgrade-crds-hook.yaml

@@ -78,5 +78,5 @@ spec:
         - apply
         - -f
         - crds/
-      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+      nodeSelector:
-      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+        kubernetes.io/os: linux

charts/rancher-gatekeeper/100.0.1+up3.6.0/values.yaml

@@ -57,7 +57,7 @@ controllerManager:
             topologyKey: kubernetes.io/hostname
           weight: 100
   tolerations: []
-  nodeSelector: {}
+  nodeSelector: { kubernetes.io/os: linux }
   resources:
     limits:
       cpu: 1000m
@@ -72,7 +72,7 @@ audit:
   priorityClassName: system-cluster-critical
   affinity: {}
   tolerations: []
-  nodeSelector: {}
+  nodeSelector: { kubernetes.io/os: linux }
   resources:
     limits:
       cpu: 1000m

index.yaml

@@ -2902,17 +2902,16 @@ entries:
       catalog.cattle.io/display-name: OPA Gatekeeper
       catalog.cattle.io/namespace: cattle-gatekeeper-system
       catalog.cattle.io/os: linux
-      catalog.cattle.io/permits-os: linux,windows
       catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1
       catalog.cattle.io/release-name: rancher-gatekeeper
       catalog.cattle.io/type: cluster-tool
       catalog.cattle.io/ui-component: gatekeeper
     apiVersion: v2
     appVersion: v3.6.0
-    created: "2022-03-18T14:10:32.36049-07:00"
+    created: "2022-03-24T18:20:24.619798-04:00"
     description: Modifies Open Policy Agent's upstream gatekeeper chart that provides
       policy-based control for cloud native environments
-    digest: 1b9b37f1f2784dbc8e77a58ede272827267e712a3e5696be3493c3bf9c55f354
+    digest: 85baa674866e4d6c02ba6ca3db53b7cb20f98a6d4f7133b962fb2ccf48b66a20
     home: https://github.com/open-policy-agent/gatekeeper
     icon: https://charts.rancher.io/assets/logos/gatekeeper.svg
     keywords:
@@ -3094,9 +3093,9 @@ entries:
       catalog.cattle.io/namespace: cattle-gatekeeper-system
       catalog.cattle.io/release-name: rancher-gatekeeper-crd
     apiVersion: v1
-    created: "2022-03-18T14:10:32.365522-07:00"
+    created: "2022-03-24T18:20:24.625186-04:00"
     description: Installs the CRDs for rancher-gatekeeper.
-    digest: 8b0940b019dc731617b46a4095d4405beaec96ae85ecef1911c73ec8b894d65f
+    digest: 6f16970dcb1a8963c34d4564955ec9bcbc9c8644504328de80e629726885d532
     name: rancher-gatekeeper-crd
     type: application
     urls:

packages/rancher-gatekeeper/generated-changes/patch/Chart.yaml.patch

@@ -1,13 +1,12 @@
 --- charts-original/Chart.yaml
 +++ charts/Chart.yaml
-@@ -1,10 +1,24 @@
+@@ -1,10 +1,23 @@
 +annotations:
 +  catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match
 +  catalog.cattle.io/certified: rancher
 +  catalog.cattle.io/display-name: OPA Gatekeeper
 +  catalog.cattle.io/namespace: cattle-gatekeeper-system
 +  catalog.cattle.io/os: linux
-+  catalog.cattle.io/permits-os: linux,windows
 +  catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1
 +  catalog.cattle.io/release-name: rancher-gatekeeper
 +  catalog.cattle.io/type: cluster-tool

packages/rancher-gatekeeper/generated-changes/patch/templates/_helpers.tpl.patch

@@ -1,9 +1,11 @@
 --- charts-original/templates/_helpers.tpl
 +++ charts/templates/_helpers.tpl
-@@ -38,4 +38,27 @@
+@@ -38,4 +38,12 @@
  {{- if .Values.podLabels }}
  {{- toYaml .Values.podLabels | nindent 8 }}
  {{- end }}
+-{{- end -}}
+\ No newline at end of file
 +{{- end -}}
 +
 +{{- define "system_default_registry" -}}
@@ -13,19 +15,3 @@
 +{{- "" -}}
 +{{- end -}}
 +{{- end -}}
-+
-+{{/*
-+Windows cluster will add default taint for linux nodes,
-+add below linux tolerations to workloads could be scheduled to those linux nodes
-+*/}}
-+{{- define "linux-node-tolerations" -}}
-+- key: "cattle.io/os"
-+  value: "linux"
-+  effect: "NoSchedule"
-+  operator: "Equal"
-+{{- end -}}
-+
-+{{- define "linux-node-selector" -}}
-+kubernetes.io/os: linux
- {{- end -}}
-\ No newline at end of file

packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-audit-deployment.yaml.patch

@@ -11,26 +11,12 @@
          livenessProbe:
            httpGet:
              path: /healthz
-@@ -96,13 +96,17 @@
+@@ -96,7 +96,7 @@
            runAsUser: 1000
        hostNetwork: {{ .Values.audit.hostNetwork }}
        imagePullSecrets:
 -        {{- toYaml .Values.image.pullSecrets | nindent 8 }}
--      nodeSelector:
--        {{- toYaml .Values.audit.nodeSelector | nindent 8 }}
 +        {{- toYaml .Values.images.pullSecrets | nindent 8 }}
-+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+       nodeSelector:
-+{{- if .Values.audit.nodeSelector }}
+         {{- toYaml .Values.audit.nodeSelector | nindent 8 }}
-+{{ toYaml .Values.audit.nodeSelector | indent 8 }}
-+{{- end }}
        {{- if .Values.audit.priorityClassName }} 
-       priorityClassName:  {{ .Values.audit.priorityClassName }}
-       {{- end }}
-       serviceAccountName: gatekeeper-admin
-       terminationGracePeriodSeconds: 60
--      tolerations:
--        {{- toYaml .Values.audit.tolerations | nindent 8 }}
-+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
-+{{- if .Values.audit.tolerations }}
-+{{ toYaml .Values.audit.tolerations | indent 8 }}
-+{{- end }}

packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-controller-manager-deployment.yaml.patch

@@ -11,29 +11,12 @@
          livenessProbe:
            httpGet:
              path: /healthz
-@@ -109,16 +109,20 @@
+@@ -109,7 +109,7 @@
            readOnly: true
        hostNetwork: {{ .Values.controllerManager.hostNetwork }}
        imagePullSecrets:
 -        {{- toYaml .Values.image.pullSecrets | nindent 8 }}
--      nodeSelector:
--        {{- toYaml .Values.controllerManager.nodeSelector | nindent 8 }}
 +        {{- toYaml .Values.images.pullSecrets | nindent 8 }}
-+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+       nodeSelector:
-+{{- if .Values.controllerManager.nodeSelector }}
+         {{- toYaml .Values.controllerManager.nodeSelector | nindent 8 }}
-+{{ toYaml .Values.controllerManager.nodeSelector | indent 8 }}
-+{{- end }}
        {{- if .Values.controllerManager.priorityClassName }} 
-       priorityClassName:  {{ .Values.controllerManager.priorityClassName }}
-       {{- end }}
-       serviceAccountName: gatekeeper-admin
-       terminationGracePeriodSeconds: 60
--      tolerations:
--        {{- toYaml .Values.controllerManager.tolerations | nindent 8 }}
-+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
-+{{- if .Values.controllerManager.tolerations }}
-+{{ toYaml .Values.controllerManager.tolerations | indent 8 }}
-+{{- end }}
-       volumes:
-       - name: cert
-         secret:

packages/rancher-gatekeeper/generated-changes/patch/templates/namespace-post-install.yaml.patch

@@ -1,13 +1,7 @@
 --- charts-original/templates/namespace-post-install.yaml
 +++ charts/templates/namespace-post-install.yaml
-@@ -26,11 +26,11 @@
+@@ -30,7 +30,7 @@
-       {{- .Values.postInstall.labelNamespace.image.pullSecrets | toYaml | nindent 12 }}
+         kubernetes.io/os: linux
-       {{- end }}
-       serviceAccount: gatekeeper-update-namespace-label
--      nodeSelector:
--        kubernetes.io/os: linux
-+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
-+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
        containers:
          - name: kubectl-label
 -          image: "{{ .Values.postInstall.labelNamespace.image.repository }}:{{ .Values.postInstall.labelNamespace.image.tag }}"

packages/rancher-gatekeeper/generated-changes/patch/templates/upgrade-crds-hook.yaml.patch

@@ -1,6 +1,6 @@
 --- charts-original/templates/upgrade-crds-hook.yaml
 +++ charts/templates/upgrade-crds-hook.yaml
-@@ -72,11 +72,11 @@
+@@ -72,8 +72,8 @@
        restartPolicy: Never
        containers:
        - name: crds-upgrade
@@ -11,8 +11,3 @@
          args:
          - apply
          - -f
-         - crds/
--      nodeSelector:
--        kubernetes.io/os: linux
-+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
-+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}

packages/rancher-gatekeeper/generated-changes/patch/values.yaml.patch

@@ -31,24 +31,6 @@
    pullPolicy: IfNotPresent
    pullSecrets: []
  podAnnotations:
-@@ -54,7 +57,7 @@
-             topologyKey: kubernetes.io/hostname
-           weight: 100
-   tolerations: []
--  nodeSelector: { kubernetes.io/os: linux }
-+  nodeSelector: {}
-   resources:
-     limits:
-       cpu: 1000m
-@@ -69,7 +72,7 @@
-   priorityClassName: system-cluster-critical
-   affinity: {}
-   tolerations: []
--  nodeSelector: { kubernetes.io/os: linux }
-+  nodeSelector: {}
-   resources:
-     limits:
-       cpu: 1000m
 @@ -80,5 +83,11 @@
  pdb:
    controllerManager:

packages/rancher-gatekeeper/templates/crd-template/templates/_helpers.tpl

@@ -5,18 +5,3 @@
 {{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
 {{- end -}}
 {{- end -}}
-
-{{/*
-Windows cluster will add default taint for linux nodes,
-add below linux tolerations to workloads could be scheduled to those linux nodes
-*/}}
-{{- define "linux-node-tolerations" -}}
-- key: "cattle.io/os"
-  value: "linux"
-  effect: "NoSchedule"
-  operator: "Equal"
-{{- end -}}
-
-{{- define "linux-node-selector" -}}
-kubernetes.io/os: linux
-{{- end -}}

packages/rancher-gatekeeper/templates/crd-template/templates/jobs.yaml

@@ -16,14 +16,6 @@ spec:
         app: {{ .Chart.Name }}
     spec:
       serviceAccountName: {{ .Chart.Name }}-manager
-      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
-{{- if .Values.nodeSelector }}
-{{ toYaml .Values.nodeSelector | indent 8 }}
-{{- end }}
-      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
-{{- if .Values.tolerations }}
-{{ toYaml .Values.tolerations | indent 8 }}
-{{- end }}
       securityContext:
         runAsNonRoot: true
         runAsUser: 1000
@@ -64,14 +56,6 @@ spec:
         app: {{ .Chart.Name }}
     spec:
       serviceAccountName: {{ .Chart.Name }}-manager
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
       securityContext:
         runAsNonRoot: true
         runAsUser: 1000

packages/rancher-gatekeeper/templates/crd-template/values.yaml

@@ -9,11 +9,3 @@ global:
 image:
   repository: rancher/kubectl
   tag: v1.20.2
-
-## Node labels for pod assignment
-## Ref: https://kubernetes.io/docs/user-guide/node-selection/
-##
-nodeSelector: {}
-
-## List of node taints to tolerate (requires Kubernetes >= 1.6)
-tolerations: []

release.yaml

@@ -81,10 +81,6 @@ rancher-cis-benchmark-crd:
 - 2.0.3-rc2
 system-upgrade-controller:
 - 100.0.2+up0.3.2
-rancher-gatekeeper:
-- 100.0.1+up3.6.0
-rancher-gatekeeper-crd:
-- 100.0.1+up3.6.0
 sriov:
 - 100.0.2+up0.1.0
 sriov-crd: