Generated changes

assets/index.yaml

@@ -746,6 +746,34 @@ entries:
     - assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.100.tgz
     version: 1.0.100
   rancher-externalip-webhook:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: External IP Webhook
+      catalog.cattle.io/namespace: cattle-externalip-system
+      catalog.cattle.io/release-name: rancher-externalip-webhook
+      catalog.cattle.io/ui-component: rancher-externalip-webhook
+    apiVersion: v1
+    appVersion: v0.1.3
+    created: "2020-12-08T14:39:13.286645836Z"
+    description: |
+      Deploy the externalip-webhook to mitigate k8s CVE-2020-8554
+    digest: d722d79154bb56c1366dafcecc969cb5ef3da714444eff37631b28886d13e027
+    home: https://github.com/rancher/externalip-webhook
+    keywords:
+    - cve
+    - embargo
+    - externalip
+    - webhook
+    - security
+    maintainers:
+    - email: raul@rancher.com
+      name: rawmind0
+    name: rancher-externalip-webhook
+    sources:
+    - https://github.com/rancher/externalip-webhook
+    urls:
+    - assets/rancher-externalip-webhook/rancher-externalip-webhook-0.1.300.tgz
+    version: 0.1.300
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/display-name: Externalip webhook
@@ -2169,4 +2197,4 @@ entries:
     urls:
     - assets/rio/rio-0.8.000.tgz
     version: 0.8.000
-generated: "2020-12-08T02:12:59.750109803Z"
+generated: "2020-12-08T14:39:13.284438725Z"

charts/rancher-externalip-webhook/Chart.yaml

@@ -1,22 +1,24 @@
 annotations:
   catalog.cattle.io/certified: rancher
-  catalog.cattle.io/display-name: Externalip webhook
-  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/display-name: External IP Webhook
   catalog.cattle.io/namespace: cattle-externalip-system
   catalog.cattle.io/release-name: rancher-externalip-webhook
+  catalog.cattle.io/ui-component: rancher-externalip-webhook
 apiVersion: v1
-appVersion: v0.1.1
+appVersion: v0.1.3
 description: |
-  Deploy rancher-externalip-webhook to mitigate k8s CVE-2020-8554
+  Deploy the externalip-webhook to mitigate k8s CVE-2020-8554
 home: https://github.com/rancher/externalip-webhook
 keywords:
+- cve
+- embargo
 - externalip
 - webhook
 - security
 maintainers:
 - email: raul@rancher.com
-  name: Raul Sanchez
+  name: rawmind0
 name: rancher-externalip-webhook
 sources:
 - https://github.com/rancher/externalip-webhook
-version: 0.1.100
+version: 0.1.300

charts/rancher-externalip-webhook/README.md

@@ -19,7 +19,7 @@ The following table lists the configurable parameters of the externalip-webhook
 
 | Parameter                            | Description                                                                                                                | Default                                            |
 | ----------------------------------   | -------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- |
-| `allowedExternalIPCidrs`             | Allowed external IP cidrs sepparated by `,`                                                                                | `""`                                               |
+| `allowedExternalIPCidrs`             | Set allowed external IP CIDRs separated by a comma                                                                         | `""`                                               |
 | `certificates.caBundle`              | If cert-manager integration is disabled, add here self signed ca.crt in base64 format                                      | `""`                                               |
 | `certificates.certManager.enabled`   | Enable cert manager integration. Cert manager should be already installed at the k8s cluster                               | `true`                                               |
 | `certificates.certManager.version`   | Cert manager version to use                                                                                                | `""`                                               |

charts/rancher-externalip-webhook/app-README.md

@@ -0,0 +1,10 @@
+# externalip-webhook
+
+This chart was created to mitigate [CVE-2020-8554](https://www.cvedetails.com/cve/CVE-2020-8554/)
+
+External IP Webhook is a validating k8s webhook which prevents services from using random external IPs. Cluster administrators
+can specify list of CIDRs allowed to be used as external IP by specifying `allowed-external-ip-cidrs` parameter.
+Webhook will only allow creation of services which doesn't require external IP or whose external IPs are within the range
+specified by the administrator.
+
+For more information, review the Helm README of this chart.

charts/rancher-externalip-webhook/questions.yaml

@@ -2,6 +2,6 @@ questions:
 # allowedExternalIPCidrs
 - variable: allowedExternalIPCidrs
   label: Allowed external IP cidrs
-  description: Set Allowed external IP cidrs sepparated by `,`
+  description: Set allowed external IP CIDRs separated by a comma
   type: string
   group: config

charts/rancher-externalip-webhook/values.yaml

@@ -15,7 +15,7 @@ image:
   pullPolicy: IfNotPresent
   pullSecrets: []
   repository: rancher/externalip-webhook
-  tag: v0.1.1
+  tag: v0.1.3
 ## Enabling metrics endpoint
 # Webhook emits `webhook_failed_request_count` metrics whenever it rejects service creation or update operation
 metrics:
@@ -43,8 +43,8 @@ metrics:
 ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
 ##
 nodeSelector: {}
-## RBAC 
-rbac: 
+## RBAC
+rbac:
   apiVersion: v1
 ## CPU and Memory limit and request for externalip-webhook
 resources:

index.yaml

@@ -746,6 +746,34 @@ entries:
     - assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.100.tgz
     version: 1.0.100
   rancher-externalip-webhook:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: External IP Webhook
+      catalog.cattle.io/namespace: cattle-externalip-system
+      catalog.cattle.io/release-name: rancher-externalip-webhook
+      catalog.cattle.io/ui-component: rancher-externalip-webhook
+    apiVersion: v1
+    appVersion: v0.1.3
+    created: "2020-12-08T14:39:13.286645836Z"
+    description: |
+      Deploy the externalip-webhook to mitigate k8s CVE-2020-8554
+    digest: d722d79154bb56c1366dafcecc969cb5ef3da714444eff37631b28886d13e027
+    home: https://github.com/rancher/externalip-webhook
+    keywords:
+    - cve
+    - embargo
+    - externalip
+    - webhook
+    - security
+    maintainers:
+    - email: raul@rancher.com
+      name: rawmind0
+    name: rancher-externalip-webhook
+    sources:
+    - https://github.com/rancher/externalip-webhook
+    urls:
+    - assets/rancher-externalip-webhook/rancher-externalip-webhook-0.1.300.tgz
+    version: 0.1.300
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/display-name: Externalip webhook
@@ -2169,4 +2197,4 @@ entries:
     urls:
     - assets/rio/rio-0.8.000.tgz
     version: 0.8.000
-generated: "2020-12-08T02:12:59.750109803Z"
+generated: "2020-12-08T14:39:13.284438725Z"

sha256sum/rancher-externalip-webhook/rancher-externalip-webhook.sum

@@ -1 +1 @@
-26b08dad49e2dc30cf7919edef36c17d0f6814b458d6b7799f439895189bf1a0  packages/rancher-externalip-webhook/package.yaml
+f6bf0708fa426f2b4343691ca3c3fff2a7b6bd502af5ed3b0aeae51e011b5c8f  packages/rancher-externalip-webhook/package.yaml