andata
/
rancher-charts
mirror of https://git.rancher.io/charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

(dev-v2.6-archive) Merge pull request #1232 from cmurphy/gatekeeper-3.4.0 

Update gatekeeper to 3.5.1

(partially cherry picked from commit 9b44cc986f)
pull/1680/head
Caleb Bron 2021-07-28 08:39:44 -07:00 committed by Arvind Iyengar
parent b68387a57c
commit a1ebafd587
No known key found for this signature in database
GPG Key ID: A8DD9BFD6C811498
21 changed files with 42 additions and 201 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
packages/rancher-gatekeeper/generated-changes/exclude/templates/crds.yaml
View File

@ -1,6 +0,0 @@
{{- if .Values.customResourceDefinitions.create }}
{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }}
{{ $.Files.Get $path }}
---
{{- end }}
{{- end }}

14
packages/rancher-gatekeeper/generated-changes/exclude/templates/gatekeeper-system-namespace.yaml
View File

@ -1,14 +0,0 @@
{{- if .Values.createNamespace }}
apiVersion: v1
kind: Namespace
metadata:
labels:
admission.gatekeeper.sh/ignore: no-self-managing
app: '{{ template "gatekeeper.name" . }}'
chart: '{{ template "gatekeeper.name" . }}'
control-plane: controller-manager
gatekeeper.sh/system: "yes"
heritage: '{{ .Release.Service }}'
release: '{{ .Release.Name }}'
name: gatekeeper-system
{{- end }}

6
packages/rancher-gatekeeper/generated-changes/patch/Chart.yaml.patch
View File

@ -1,8 +1,8 @@
--- charts-original/Chart.yaml --- charts-original/Chart.yaml
+++ charts/Chart.yaml +++ charts/Chart.yaml
@@ -1,10 +1,21 @@ @@ -1,10 +1,21 @@
apiVersion: v1 apiVersion: v2
appVersion: v3.3.0 appVersion: v3.5.1
-description: A Helm chart for Gatekeeper -description: A Helm chart for Gatekeeper
+description: Modifies Open Policy Agent's upstream gatekeeper chart that provides policy-based control for cloud native environments +description: Modifies Open Policy Agent's upstream gatekeeper chart that provides policy-based control for cloud native environments
home: https://github.com/open-policy-agent/gatekeeper home: https://github.com/open-policy-agent/gatekeeper
@ -13,7 +13,7 @@
+name: rancher-gatekeeper +name: rancher-gatekeeper
sources: sources:
- https://github.com/open-policy-agent/gatekeeper.git - https://github.com/open-policy-agent/gatekeeper.git
version: 3.3.0 version: 3.5.1
+icon: https://charts.rancher.io/assets/logos/gatekeeper.svg +icon: https://charts.rancher.io/assets/logos/gatekeeper.svg
+annotations: +annotations:
+ catalog.cattle.io/certified: rancher + catalog.cattle.io/certified: rancher

8
packages/rancher-gatekeeper/generated-changes/patch/README.md.patch
View File

@ -1,9 +1,9 @@
--- charts-original/README.md --- charts-original/README.md
+++ charts/README.md +++ charts/README.md
@@ -4,7 +4,7 @@ @@ -69,7 +69,7 @@
| postInstall.labelNamespace.image.tag | Image tag | `1.20.4-4.0.5` |
| Parameter | Description | Default | | postInstall.labelNamespace.image.pullPolicy | Image pullPolicy | `IfNotPresent` |
| :---------------------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------ | | postInstall.labelNamespace.image.pullSecrets | Image pullSecrets | `[]` |
-| auditInterval | The frequency with which audit is run | `60` | -| auditInterval | The frequency with which audit is run | `60` |
+| auditInterval | The frequency with which audit is run | `300` | +| auditInterval | The frequency with which audit is run | `300` |
| constraintViolationsLimit | The maximum # of audit violations reported on a constraint | `20` | | constraintViolationsLimit | The maximum # of audit violations reported on a constraint | `20` |

11
packages/rancher-gatekeeper/generated-changes/patch/crds/config-customresourcedefinition.yaml.patch
View File

@ -1,11 +0,0 @@
--- charts-original/crds/config-customresourcedefinition.yaml
+++ charts/crds/config-customresourcedefinition.yaml
@@ -3,8 +3,6 @@
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
- helm.sh/hook: crd-install
- helm.sh/hook-delete-policy: before-hook-creation
creationTimestamp: null
labels:
gatekeeper.sh/system: "yes"

11
packages/rancher-gatekeeper/generated-changes/patch/crds/constraintpodstatus-customresourcedefinition.yaml.patch
View File

@ -1,11 +0,0 @@
--- charts-original/crds/constraintpodstatus-customresourcedefinition.yaml
+++ charts/crds/constraintpodstatus-customresourcedefinition.yaml
@@ -3,8 +3,6 @@
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
- helm.sh/hook: crd-install
- helm.sh/hook-delete-policy: before-hook-creation
creationTimestamp: null
labels:
gatekeeper.sh/system: "yes"

12
packages/rancher-gatekeeper/generated-changes/patch/crds/constrainttemplate-customresourcedefinition.yaml.patch
View File

@ -1,12 +0,0 @@
--- charts-original/crds/constrainttemplate-customresourcedefinition.yaml
+++ charts/crds/constrainttemplate-customresourcedefinition.yaml
@@ -1,9 +1,6 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
- annotations:
- helm.sh/hook: crd-install
- helm.sh/hook-delete-policy: before-hook-creation
creationTimestamp: null
labels:
gatekeeper.sh/system: "yes"

11
packages/rancher-gatekeeper/generated-changes/patch/crds/constrainttemplatepodstatus-customresourcedefinition.yaml.patch
View File

@ -1,11 +0,0 @@
--- charts-original/crds/constrainttemplatepodstatus-customresourcedefinition.yaml
+++ charts/crds/constrainttemplatepodstatus-customresourcedefinition.yaml
@@ -3,8 +3,6 @@
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
- helm.sh/hook: crd-install
- helm.sh/hook-delete-policy: before-hook-creation
creationTimestamp: null
labels:
gatekeeper.sh/system: "yes"

9
packages/rancher-gatekeeper/generated-changes/patch/templates/_helpers.tpl.patch
View File

@ -1,9 +1,12 @@
--- charts-original/templates/_helpers.tpl --- charts-original/templates/_helpers.tpl
+++ charts/templates/_helpers.tpl +++ charts/templates/_helpers.tpl
@@ -42,3 +42,11 @@ @@ -38,4 +38,12 @@
{{- if .Values.podLabels }}
{{- toYaml .Values.podLabels | nindent 8 }}
{{- end }} {{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}}
{{- end -}} \ No newline at end of file
+{{- end -}}
+ +
+{{- define "system_default_registry" -}} +{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}}

8
packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-admin-serviceaccount.yaml.patch
View File

@ -1,8 +0,0 @@
--- charts-original/templates/gatekeeper-admin-serviceaccount.yaml
+++ charts/templates/gatekeeper-admin-serviceaccount.yaml
@@ -8,4 +8,4 @@
heritage: '{{ .Release.Service }}'
release: '{{ .Release.Name }}'
name: gatekeeper-admin
- namespace: gatekeeper-system
+ namespace: '{{ .Release.Namespace }}'

11
packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-audit-deployment.yaml.patch
View File

@ -1,15 +1,6 @@
--- charts-original/templates/gatekeeper-audit-deployment.yaml --- charts-original/templates/gatekeeper-audit-deployment.yaml
+++ charts/templates/gatekeeper-audit-deployment.yaml +++ charts/templates/gatekeeper-audit-deployment.yaml
@@ -10,7 +10,7 @@ @@ -63,7 +63,7 @@
heritage: '{{ .Release.Service }}'
release: '{{ .Release.Name }}'
name: gatekeeper-audit
- namespace: gatekeeper-system
+ namespace: '{{ .Release.Namespace }}'
spec:
replicas: 1
selector:
@@ -59,7 +59,7 @@
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.name fieldPath: metadata.name

11
packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-controller-manager-deployment.yaml.patch
View File

@ -1,15 +1,6 @@
--- charts-original/templates/gatekeeper-controller-manager-deployment.yaml --- charts-original/templates/gatekeeper-controller-manager-deployment.yaml
+++ charts/templates/gatekeeper-controller-manager-deployment.yaml +++ charts/templates/gatekeeper-controller-manager-deployment.yaml
@@ -10,7 +10,7 @@ @@ -65,7 +65,7 @@
heritage: '{{ .Release.Service }}'
release: '{{ .Release.Name }}'
name: gatekeeper-controller-manager
- namespace: gatekeeper-system
+ namespace: '{{ .Release.Namespace }}'
spec:
replicas: {{ .Values.replicas }}
selector:
@@ -68,7 +68,7 @@
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.name fieldPath: metadata.name

11
packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-manager-role-role.yaml.patch
View File

@ -1,11 +0,0 @@
--- charts-original/templates/gatekeeper-manager-role-role.yaml
+++ charts/templates/gatekeeper-manager-role-role.yaml
@@ -9,7 +9,7 @@
heritage: '{{ .Release.Service }}'
release: '{{ .Release.Name }}'
name: gatekeeper-manager-role
- namespace: gatekeeper-system
+ namespace: '{{ .Release.Namespace }}'
rules:
- apiGroups:
- ""

8
packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml.patch
View File

@ -1,8 +0,0 @@
--- charts-original/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml
+++ charts/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml
@@ -15,4 +15,4 @@
subjects:
- kind: ServiceAccount
name: gatekeeper-admin
- namespace: gatekeeper-system
+ namespace: '{{ .Release.Namespace }}'

17
packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-manager-rolebinding-rolebinding.yaml.patch
View File

@ -1,17 +0,0 @@
--- charts-original/templates/gatekeeper-manager-rolebinding-rolebinding.yaml
+++ charts/templates/gatekeeper-manager-rolebinding-rolebinding.yaml
@@ -8,7 +8,7 @@
heritage: '{{ .Release.Service }}'
release: '{{ .Release.Name }}'
name: gatekeeper-manager-rolebinding
- namespace: gatekeeper-system
+ namespace: '{{ .Release.Namespace }}'
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
@@ -16,4 +16,4 @@
subjects:
- kind: ServiceAccount
name: gatekeeper-admin
- namespace: gatekeeper-system
+ namespace: '{{ .Release.Namespace }}'

20
packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml.patch
View File

@ -1,20 +0,0 @@
--- charts-original/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml
+++ charts/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml
@@ -15,7 +15,7 @@
caBundle: Cg==
service:
name: gatekeeper-webhook-service
- namespace: gatekeeper-system
+ namespace: '{{ .Release.Namespace }}'
path: /v1/admit
failurePolicy: Ignore
name: validation.gatekeeper.sh
@@ -42,7 +42,7 @@
caBundle: Cg==
service:
name: gatekeeper-webhook-service
- namespace: gatekeeper-system
+ namespace: '{{ .Release.Namespace }}'
path: /v1/admitlabel
failurePolicy: Fail
name: check-ignore-label.gatekeeper.sh

8
packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-webhook-server-cert-secret.yaml.patch
View File

@ -1,8 +0,0 @@
--- charts-original/templates/gatekeeper-webhook-server-cert-secret.yaml
+++ charts/templates/gatekeeper-webhook-server-cert-secret.yaml
@@ -10,4 +10,4 @@
heritage: '{{ .Release.Service }}'
release: '{{ .Release.Name }}'
name: gatekeeper-webhook-server-cert
- namespace: gatekeeper-system
+ namespace: '{{ .Release.Namespace }}'

11
packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-webhook-service-service.yaml.patch
View File

@ -1,11 +0,0 @@
--- charts-original/templates/gatekeeper-webhook-service-service.yaml
+++ charts/templates/gatekeeper-webhook-service-service.yaml
@@ -8,7 +8,7 @@
heritage: '{{ .Release.Service }}'
release: '{{ .Release.Name }}'
name: gatekeeper-webhook-service
- namespace: gatekeeper-system
+ namespace: '{{ .Release.Namespace }}'
spec:
ports:
- port: 443

36
packages/rancher-gatekeeper/generated-changes/patch/values.yaml.patch
View File

@ -1,35 +1,39 @@
--- charts-original/values.yaml --- charts-original/values.yaml
+++ charts/values.yaml +++ charts/values.yaml
@@ -1,8 +1,7 @@ @@ -1,5 +1,5 @@
replicas: 3 replicas: 3
-auditInterval: 60 -auditInterval: 60
+auditInterval: 300 +auditInterval: 300
auditMatchKindOnly: false
constraintViolationsLimit: 20 constraintViolationsLimit: 20
auditFromCache: false auditFromCache: false
-createNamespace: true @@ -16,13 +16,13 @@
disableValidatingWebhook: false labelNamespace:
validatingWebhookTimeoutSeconds: 3 enabled: true
enableDeleteOperations: false image:
@@ -11,8 +10,8 @@ - repository: line/kubectl-kustomize
emitAdmissionEvents: false - tag: 1.20.4-4.0.5
emitAuditEvents: false + repository: rancher/kubectl
+ tag: v1.20.2
pullPolicy: IfNotPresent
pullSecrets: []
image: image:
- repository: openpolicyagent/gatekeeper - repository: openpolicyagent/gatekeeper
- release: v3.3.0 - release: v3.5.1
+ repository: rancher/mirrored-openpolicyagent-gatekeeper + repository: rancher/mirrored-openpolicyagent-gatekeeper
+ tag: v3.3.0 + tag: v3.5.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
pullSecrets: [] pullSecrets: []
podAnnotations: podAnnotations:
@@ -53,5 +52,9 @@ @@ -70,5 +70,11 @@
requests: pdb:
cpu: 100m controllerManager:
memory: 256Mi minAvailable: 1
-customResourceDefinitions:
- create: true
+global: +global:
+ cattle: + cattle:
+ systemDefaultRegistry: "" + systemDefaultRegistry: ""
+ kubectl: + kubectl:
+ repository: rancher/kubectl + repository: rancher/kubectl
+ tag: v1.20.2 + tag: v1.20.2
service: {}
disabledBuiltins:

2
packages/rancher-gatekeeper/package.yaml
View File

@ -1,4 +1,4 @@
url: https://open-policy-agent.github.io/gatekeeper/charts/gatekeeper-3.3.0.tgz url: https://open-policy-agent.github.io/gatekeeper/charts/gatekeeper-3.5.1.tgz
version: 100.0.0 version: 100.0.0
additionalCharts: additionalCharts:
- workingDir: charts-crd - workingDir: charts-crd

2
packages/rancher-gatekeeper/templates/crd-template/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v1 apiVersion: v1
version: 3.3.0 version: 3.5.1
description: Installs the CRDs for rancher-gatekeeper. description: Installs the CRDs for rancher-gatekeeper.
name: rancher-gatekeeper-crd name: rancher-gatekeeper-crd
type: application type: application