Update namespace annotation

- Update namespace annotation to `cattle-gatekeeper-system` - Remove `gatekeeper-system` from templates as Rancher handles namespaces for chart installation.
2020-07-28 15:04:01 -07:00 · 2020-07-28 15:04:01 -07:00 · 6e147640be
parent 3d8b451d4a
commit 6e147640be
2 changed files with 115 additions and 1 deletions
--- a/packages/rancher-gatekeeper/overlay/CHANGELOG.md
+++ b/packages/rancher-gatekeeper/overlay/CHANGELOG.md
@ -9,7 +9,9 @@ All notable changes from the upstream OPA Gatekeeper chart will be added to this
 - Disabled webhook validation in chart values (`disableValidatingWebhook: true`) since
 the webhook service was removed. Ideally, we would like to remove the validation too, 
 but setting this flag achieves the same results without cluttering the patch.
 - Updated namespace to `cattle-gatekeeper-system`
 ### Removed
 - Removed `gatekeeper-webhook-service-service.yaml` as the `gatekeeper-webhook-service` 
 was removed in our previous version of the chart
 - Removed `gatekeeper-system-namespace.yaml` as Rancher handles namespaces for chart installation
--- a/packages/rancher-gatekeeper/rancher-gatekeeper.patch
+++ b/packages/rancher-gatekeeper/rancher-gatekeeper.patch
@ -17,7 +17,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/Cha
 +annotations:
 +  catalog.cattle.io/certified: rancher
 +  catalog.cattle.io/experimental: true
-+  catalog.cattle.io/namespace: gatekeeper-system
+  catalog.cattle.io/namespace: cattle-gatekeeper-system
 +  catalog.cattle.io/release-name: rancher-gatekeeper
 diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/_helpers.tpl packages/rancher-gatekeeper/charts/templates/_helpers.tpl
 --- packages/rancher-gatekeeper/charts-original/templates/_helpers.tpl
@ -73,9 +73,27 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/tem
 +          not any(satisfied)
 +          msg := sprintf("container <%v> has an invalid image repo <%v>, allowed repos are %v", [container.name, container.image, input.parameters.repos])
 +        }
 diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/gatekeeper-admin-serviceaccount.yaml packages/rancher-gatekeeper/charts/templates/gatekeeper-admin-serviceaccount.yaml
 --- packages/rancher-gatekeeper/charts-original/templates/gatekeeper-admin-serviceaccount.yaml
 +++ packages/rancher-gatekeeper/charts/templates/gatekeeper-admin-serviceaccount.yaml
@@ -8,4 +8,4 @@
     heritage: '{{ .Release.Service }}'
     release: '{{ .Release.Name }}'
   name: gatekeeper-admin
 -  namespace: gatekeeper-system
 +  namespace: '{{ .Release.Namespace }}'
 diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/gatekeeper-audit-deployment.yaml packages/rancher-gatekeeper/charts/templates/gatekeeper-audit-deployment.yaml
 --- packages/rancher-gatekeeper/charts-original/templates/gatekeeper-audit-deployment.yaml
 +++ packages/rancher-gatekeeper/charts/templates/gatekeeper-audit-deployment.yaml
@@ -10,7 +10,7 @@
     heritage: '{{ .Release.Service }}'
     release: '{{ .Release.Name }}'
   name: gatekeeper-audit
 -  namespace: gatekeeper-system
 +  namespace: '{{ .Release.Namespace }}'
 spec:
   replicas: 1
   selector:
@@ -58,7 +58,7 @@
           valueFrom:
             fieldRef:
@ -88,6 +106,15 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/tem
 diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/gatekeeper-controller-manager-deployment.yaml packages/rancher-gatekeeper/charts/templates/gatekeeper-controller-manager-deployment.yaml
 --- packages/rancher-gatekeeper/charts-original/templates/gatekeeper-controller-manager-deployment.yaml
 +++ packages/rancher-gatekeeper/charts/templates/gatekeeper-controller-manager-deployment.yaml
@@ -10,7 +10,7 @@
     heritage: '{{ .Release.Service }}'
     release: '{{ .Release.Name }}'
   name: gatekeeper-controller-manager
 -  namespace: gatekeeper-system
 +  namespace: '{{ .Release.Namespace }}'
 spec:
   replicas: {{ .Values.replicas }}
   selector:
@@ -67,7 +67,7 @@
           valueFrom:
             fieldRef:
@ -97,6 +124,91 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/tem
         imagePullPolicy: '{{ .Values.image.pullPolicy }}'
         livenessProbe:
           httpGet:
 diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/gatekeeper-manager-role-role.yaml packages/rancher-gatekeeper/charts/templates/gatekeeper-manager-role-role.yaml
 --- packages/rancher-gatekeeper/charts-original/templates/gatekeeper-manager-role-role.yaml
 +++ packages/rancher-gatekeeper/charts/templates/gatekeeper-manager-role-role.yaml
@@ -9,7 +9,7 @@
     heritage: '{{ .Release.Service }}'
     release: '{{ .Release.Name }}'
   name: gatekeeper-manager-role
 -  namespace: gatekeeper-system
 +  namespace: '{{ .Release.Namespace }}'
 rules:
 - apiGroups:
   - ""
 diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml packages/rancher-gatekeeper/charts/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml
 --- packages/rancher-gatekeeper/charts-original/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml
 +++ packages/rancher-gatekeeper/charts/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml
@@ -15,4 +15,4 @@
 subjects:
 - kind: ServiceAccount
   name: gatekeeper-admin
 -  namespace: gatekeeper-system
 +  namespace: '{{ .Release.Namespace }}'
 diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/gatekeeper-manager-rolebinding-rolebinding.yaml packages/rancher-gatekeeper/charts/templates/gatekeeper-manager-rolebinding-rolebinding.yaml
 --- packages/rancher-gatekeeper/charts-original/templates/gatekeeper-manager-rolebinding-rolebinding.yaml
 +++ packages/rancher-gatekeeper/charts/templates/gatekeeper-manager-rolebinding-rolebinding.yaml
@@ -8,7 +8,7 @@
     heritage: '{{ .Release.Service }}'
     release: '{{ .Release.Name }}'
   name: gatekeeper-manager-rolebinding
 -  namespace: gatekeeper-system
 +  namespace: '{{ .Release.Namespace }}'
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
@@ -16,4 +16,4 @@
 subjects:
 - kind: ServiceAccount
   name: gatekeeper-admin
 -  namespace: gatekeeper-system
 +  namespace: '{{ .Release.Namespace }}'
 diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/gatekeeper-system-namespace.yaml packages/rancher-gatekeeper/charts/templates/gatekeeper-system-namespace.yaml
 --- packages/rancher-gatekeeper/charts-original/templates/gatekeeper-system-namespace.yaml
 +++ packages/rancher-gatekeeper/charts/templates/gatekeeper-system-namespace.yaml
@@ -1,12 +0,0 @@
 -apiVersion: v1
 -kind: Namespace
 -metadata:
 -  labels:
 -    admission.gatekeeper.sh/ignore: no-self-managing
 -    app: '{{ template "gatekeeper.name" . }}'
 -    chart: '{{ template "gatekeeper.name" . }}'
 -    control-plane: controller-manager
 -    gatekeeper.sh/system: "yes"
 -    heritage: '{{ .Release.Service }}'
 -    release: '{{ .Release.Name }}'
 -  name: gatekeeper-system
 diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml packages/rancher-gatekeeper/charts/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml
 --- packages/rancher-gatekeeper/charts-original/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml
 +++ packages/rancher-gatekeeper/charts/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml
@@ -15,7 +15,7 @@
     caBundle: Cg==
     service:
       name: gatekeeper-webhook-service
 -      namespace: gatekeeper-system
 +      namespace: '{{ .Release.Namespace }}'
       path: /v1/admit
   failurePolicy: Ignore
   name: validation.gatekeeper.sh
@@ -41,7 +41,7 @@
     caBundle: Cg==
     service:
       name: gatekeeper-webhook-service
 -      namespace: gatekeeper-system
 +      namespace: '{{ .Release.Namespace }}'
       path: /v1/admitlabel
   failurePolicy: Fail
   name: check-ignore-label.gatekeeper.sh
 diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/gatekeeper-webhook-server-cert-secret.yaml packages/rancher-gatekeeper/charts/templates/gatekeeper-webhook-server-cert-secret.yaml
 --- packages/rancher-gatekeeper/charts-original/templates/gatekeeper-webhook-server-cert-secret.yaml
 +++ packages/rancher-gatekeeper/charts/templates/gatekeeper-webhook-server-cert-secret.yaml
@@ -8,4 +8,4 @@
     heritage: '{{ .Release.Service }}'
     release: '{{ .Release.Name }}'
   name: gatekeeper-webhook-server-cert
 -  namespace: gatekeeper-system
 +  namespace: '{{ .Release.Namespace }}'
 diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/gatekeeper-webhook-service-service.yaml packages/rancher-gatekeeper/charts/templates/gatekeeper-webhook-service-service.yaml
 --- packages/rancher-gatekeeper/charts-original/templates/gatekeeper-webhook-service-service.yaml
 +++ packages/rancher-gatekeeper/charts/templates/gatekeeper-webhook-service-service.yaml