Merge pull request #2283 from cmurphy/update-webhook-csp

Bump webhook and csp-adapter
2022-12-20 15:46:04 -08:00 · 2022-12-20 15:46:04 -08:00 · aca7cef5ec
parent 52977fdbeb 17735f0b9c
commit aca7cef5ec
28 changed files with 310 additions and 14 deletions
--- a/assets/rancher-csp-adapter/rancher-csp-adapter-2.0.1+up2.0.1-rc1.tgz
+++ b/assets/rancher-csp-adapter/rancher-csp-adapter-2.0.1+up2.0.1-rc1.tgz
--- a/assets/rancher-webhook/rancher-webhook-2.0.2+up0.3.2-rc1.tgz
+++ b/assets/rancher-webhook/rancher-webhook-2.0.2+up0.3.2-rc1.tgz
--- a/assets/rancher-webhook/rancher-webhook-2.0.2+up0.3.2-rc2.tgz
+++ b/assets/rancher-webhook/rancher-webhook-2.0.2+up0.3.2-rc2.tgz
--- a/charts/rancher-csp-adapter/2.0.1+up2.0.1-rc1/Chart.yaml
+++ b/charts/rancher-csp-adapter/2.0.1+up2.0.1-rc1/Chart.yaml
@ -0,0 +1,17 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: Rancher CSP Adapter
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/kube-version: '>= 1.22.0-0 < 1.26.0-0'
+  catalog.cattle.io/namespace: cattle-csp-adapter-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux
+  catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+  catalog.cattle.io/release-name: rancher-csp-adapter
+  catalog.cattle.io/scope: management
+apiVersion: v2
+appVersion: 2.0.1-rc1
+description: Cloud Service Provider Marketplace Adapter for Rancher. Monitors Rancher
+  entitlements against usage.
+name: rancher-csp-adapter
+version: 2.0.1+up2.0.1-rc1
--- a/charts/rancher-csp-adapter/2.0.1+up2.0.1-rc1/templates/_helpers.tpl
+++ b/charts/rancher-csp-adapter/2.0.1+up2.0.1-rc1/templates/_helpers.tpl
@ -0,0 +1,57 @@
+{{- define "csp-adapter.labels" -}}
+app: rancher-csp-adapter
+{{- end }}
+
+{{- define "csp-adapter.outputConfigMap" -}}
+csp-config
+{{- end }}
+
+{{- define "csp-adapter.outputNotification" -}}
+csp-compliance
+{{- end }}
+
+{{- define "csp-adapter.cacheSecret" -}}
+csp-adapter-cache
+{{- end }}
+
+{{- define "csp-adapter.hostnameSetting" -}}
+server-url
+{{- end }}
+
+{{- define "csp-adapter.versionSetting" -}}
+server-version
+{{- end }}
+
+{{- define "csp-adapter.csp" -}}
+{{- if .Values.aws -}}
+    {{- if .Values.aws.enabled -}}
+aws
+    {{- end -}}
+{{- else -}}
+""
+{{- end -}}
+{{- end }}
+
+{{- define "csp-adapter.awsValuesSet" -}}
+{{- if .Values.aws -}}
+    {{- if and .Values.aws.accountNumber .Values.aws.roleName -}}
+    true
+    {{- else -}}
+    false
+    {{- end -}}
+{{- else -}}
+false
+{{- end -}}
+{{- end }}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+    {{- if eq (include "csp-adapter.csp" .) "aws" -}}
+    {{- "709825985650.dkr.ecr.us-east-1.amazonaws.com/suse/" -}}
+    {{- else -}}
+    {{- "" -}}
+    {{- end -}}
+{{- end -}}
+{{- end -}}
--- a/charts/rancher-csp-adapter/2.0.1+up2.0.1-rc1/templates/deployment.yaml
+++ b/charts/rancher-csp-adapter/2.0.1+up2.0.1-rc1/templates/deployment.yaml
@ -0,0 +1,46 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: cattle-csp-adapter-system
+spec:
+  selector:
+    matchLabels:
+      app: {{ .Chart.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Chart.Name }}
+    spec:
+      containers:
+      - env:
+        - name: CATTLE_DEBUG
+          value: {{ .Values.debug | quote }}
+        - name: K8S_OUTPUT_CONFIGMAP
+          value: '{{ template "csp-adapter.outputConfigMap"  }}'
+        - name: K8S_OUTPUT_NOTIFICATION
+          value: '{{ template "csp-adapter.outputNotification" }}'
+        - name: K8S_CACHE_SECRET
+          value: '{{ template "csp-adapter.cacheSecret"  }}'
+        - name: K8S_HOSTNAME_SETTING
+          value: '{{ template "csp-adapter.hostnameSetting"  }}'
+        - name: K8S_RANCHER_VERSION_SETTING
+          value: '{{ template "csp-adapter.versionSetting"  }}'
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
+        name: {{ .Chart.Name }}
+        imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
+{{- if .Values.additionalTrustedCAs }}
+        volumeMounts:
+          - mountPath: /etc/ssl/certs/rancher-cert.pem
+            name: tls-ca-volume
+            subPath: ca-additional.pem
+            readOnly: true
+{{- end }}
+      serviceAccountName: {{ .Chart.Name }}
+{{- if .Values.additionalTrustedCAs }}
+      volumes:
+        - name: tls-ca-volume
+          secret:
+            defaultMode: 0444
+            secretName: tls-ca-additional
+{{- end }}
--- a/charts/rancher-csp-adapter/2.0.1+up2.0.1-rc1/templates/rbac.yaml
+++ b/charts/rancher-csp-adapter/2.0.1+up2.0.1-rc1/templates/rbac.yaml
@ -0,0 +1,114 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Chart.Name }}-cluster-role
+rules:
+- apiGroups:
+  - management.cattle.io
+  resources:
+  - ranchermetrics
+  verbs:
+  - get
+- apiGroups:
+  - management.cattle.io
+  resources:
+  - rancherusernotifications
+  resourceNames:
+  - {{ template "csp-adapter.outputNotification" }}
+  verbs:
+  - "*"
+- apiGroups:
+  - management.cattle.io
+  resources:
+  - rancherusernotifications
+  verbs:
+  - create
+- apiGroups:
+  - management.cattle.io
+  resources:
+  - settings
+  resourceNames:
+  - {{ template "csp-adapter.hostnameSetting"  }}
+  - {{ template "csp-adapter.versionSetting"  }}
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - apiregistration.k8s.io
+  resources:
+  - apiservices
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - get
+  - list
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1   
+kind: ClusterRoleBinding                                                                                                                       
+metadata:                                                                                                                                      
+  name: {{ .Chart.Name }}-crb
+roleRef:                                         
+  apiGroup: rbac.authorization.k8s.io          
+  kind: ClusterRole                           
+  name: {{ .Chart.Name }}-cluster-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Chart.Name }}
+    namespace: cattle-csp-adapter-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Chart.Name }}-role
+  namespace: cattle-csp-adapter-system
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  resourceNames:
+  - {{ template "csp-adapter.cacheSecret"  }}
+  verbs:
+  - "*"
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  resourceNames:
+  - {{ template "csp-adapter.outputConfigMap"  }}
+  verbs:
+  - "*"
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ .Chart.Name }}-binding
+  namespace: cattle-csp-adapter-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ .Chart.Name }}-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Chart.Name }}
+    namespace: cattle-csp-adapter-system
--- a/charts/rancher-csp-adapter/2.0.1+up2.0.1-rc1/templates/serviceAccount.yaml
+++ b/charts/rancher-csp-adapter/2.0.1+up2.0.1-rc1/templates/serviceAccount.yaml
@ -0,0 +1,17 @@
+{{- if eq (include "csp-adapter.csp" . ) "aws" -}}
+  {{- if eq (include "csp-adapter.awsValuesSet" .) "true" -}}
+  {{- else -}}
+  {{- fail "If the aws provider is enabled, account number and role name must be provided" -}}
+  {{- end -}}
+{{- else -}}
+{{- fail "One cloud provider must be enabled" -}}
+{{- end -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: cattle-csp-adapter-system
+  {{- if eq (include "csp-adapter.csp" . ) "aws" }}
+  annotations:
+    eks.amazonaws.com/role-arn: arn:aws:iam::{{ .Values.aws.accountNumber }}:role/{{ .Values.aws.roleName }}
+  {{- end }}
--- a/charts/rancher-csp-adapter/2.0.1+up2.0.1-rc1/values.yaml
+++ b/charts/rancher-csp-adapter/2.0.1+up2.0.1-rc1/values.yaml
@ -0,0 +1,22 @@
+debug: false
+
+image:
+  repository: rancher/rancher-csp-adapter
+  tag: v2.0.1-rc1
+  imagePullPolicy: IfNotPresent
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+
+tolerations: []
+
+# if rancher is using a privateCA, this certificate must be provided as a secret in the adapter's namespace - see the
+# readme/docs for more details
+#additionalTrustedCAs: true
+
+# at least one csp must be enabled like below
+aws:
+  enabled: false
+  accountNumber: ""
+  roleName: ""
--- a/charts/rancher-webhook/2.0.2+up0.3.2-rc2/Chart.yaml
+++ b/charts/rancher-webhook/2.0.2+up0.3.2-rc2/Chart.yaml
@ -1,18 +1,18 @@
 annotations:
  catalog.cattle.io/certified: rancher
  catalog.cattle.io/hidden: "true"
-  catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.25.0-0'
+  catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.26.0-0'
  catalog.cattle.io/namespace: cattle-system
  catalog.cattle.io/os: linux
  catalog.cattle.io/permits-os: linux,windows
  catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
  catalog.cattle.io/release-name: rancher-webhook
 apiVersion: v2
-appVersion: 0.3.2-rc1
+appVersion: 0.3.2-rc2
 dependencies:
 - condition: capi.enabled
  name: capi
  repository: ""
 description: ValidatingAdmissionWebhook for Rancher types
 name: rancher-webhook
-version: 2.0.2+up0.3.2-rc1
+version: 2.0.2+up0.3.2-rc2
--- a/charts/rancher-webhook/2.0.2+up0.3.2-rc2/charts/capi/Chart.yaml
+++ b/charts/rancher-webhook/2.0.2+up0.3.2-rc2/charts/capi/Chart.yaml
--- a/charts/rancher-webhook/2.0.2+up0.3.2-rc2/charts/capi/templates/service.yaml
+++ b/charts/rancher-webhook/2.0.2+up0.3.2-rc2/charts/capi/templates/service.yaml
--- a/charts/rancher-webhook/2.0.2+up0.3.2-rc2/templates/_helpers.tpl
+++ b/charts/rancher-webhook/2.0.2+up0.3.2-rc2/templates/_helpers.tpl
--- a/charts/rancher-webhook/2.0.2+up0.3.2-rc2/templates/deployment.yaml
+++ b/charts/rancher-webhook/2.0.2+up0.3.2-rc2/templates/deployment.yaml
--- a/charts/rancher-webhook/2.0.2+up0.3.2-rc2/templates/pre-delete-hook-cluster-role-binding.yaml
+++ b/charts/rancher-webhook/2.0.2+up0.3.2-rc2/templates/pre-delete-hook-cluster-role-binding.yaml
--- a/charts/rancher-webhook/2.0.2+up0.3.2-rc2/templates/pre-delete-hook-cluster-role.yaml
+++ b/charts/rancher-webhook/2.0.2+up0.3.2-rc2/templates/pre-delete-hook-cluster-role.yaml
--- a/charts/rancher-webhook/2.0.2+up0.3.2-rc2/templates/pre-delete-hook-job.yaml
+++ b/charts/rancher-webhook/2.0.2+up0.3.2-rc2/templates/pre-delete-hook-job.yaml
--- a/charts/rancher-webhook/2.0.2+up0.3.2-rc2/templates/pre-delete-hook-psp.yaml
+++ b/charts/rancher-webhook/2.0.2+up0.3.2-rc2/templates/pre-delete-hook-psp.yaml
--- a/charts/rancher-webhook/2.0.2+up0.3.2-rc2/templates/pre-delete-hook-service-account.yaml
+++ b/charts/rancher-webhook/2.0.2+up0.3.2-rc2/templates/pre-delete-hook-service-account.yaml
--- a/charts/rancher-webhook/2.0.2+up0.3.2-rc2/templates/rbac.yaml
+++ b/charts/rancher-webhook/2.0.2+up0.3.2-rc2/templates/rbac.yaml
--- a/charts/rancher-webhook/2.0.2+up0.3.2-rc2/templates/service.yaml
+++ b/charts/rancher-webhook/2.0.2+up0.3.2-rc2/templates/service.yaml
--- a/charts/rancher-webhook/2.0.2+up0.3.2-rc2/templates/serviceaccount.yaml
+++ b/charts/rancher-webhook/2.0.2+up0.3.2-rc2/templates/serviceaccount.yaml
--- a/charts/rancher-webhook/2.0.2+up0.3.2-rc2/templates/webhook.yaml
+++ b/charts/rancher-webhook/2.0.2+up0.3.2-rc2/templates/webhook.yaml
--- a/charts/rancher-webhook/2.0.2+up0.3.2-rc2/values.yaml
+++ b/charts/rancher-webhook/2.0.2+up0.3.2-rc2/values.yaml
@ -1,6 +1,6 @@
 image:
  repository: rancher/rancher-webhook
-  tag: v0.3.2-rc1
+  tag: v0.3.2-rc2
  imagePullPolicy: IfNotPresent

 global:
--- a/index.yaml
+++ b/index.yaml
@ -4979,6 +4979,27 @@ entries:
    - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-1.0.100.tgz
    version: 1.0.100
  rancher-csp-adapter:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: Rancher CSP Adapter
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/kube-version: '>= 1.22.0-0 < 1.26.0-0'
+      catalog.cattle.io/namespace: cattle-csp-adapter-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux
+      catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+      catalog.cattle.io/release-name: rancher-csp-adapter
+      catalog.cattle.io/scope: management
+    apiVersion: v2
+    appVersion: 2.0.1-rc1
+    created: "2022-12-20T15:23:57.317133484-08:00"
+    description: Cloud Service Provider Marketplace Adapter for Rancher. Monitors
+      Rancher entitlements against usage.
+    digest: f1dcc3fc8bb0801220d0308ef6b322b1255a50123c133034efc99e388d467aaf
+    name: rancher-csp-adapter
+    urls:
+    - assets/rancher-csp-adapter/rancher-csp-adapter-2.0.1+up2.0.1-rc1.tgz
+    version: 2.0.1+up2.0.1-rc1
  - annotations:
      catalog.cattle.io/certified: rancher
      catalog.cattle.io/display-name: Rancher CSP Adapter
@ -11482,25 +11503,25 @@ entries:
  - annotations:
      catalog.cattle.io/certified: rancher
      catalog.cattle.io/hidden: "true"
-      catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.25.0-0'
+      catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.26.0-0'
      catalog.cattle.io/namespace: cattle-system
      catalog.cattle.io/os: linux
      catalog.cattle.io/permits-os: linux,windows
      catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
      catalog.cattle.io/release-name: rancher-webhook
    apiVersion: v2
-    appVersion: 0.3.2-rc1
-    created: "2022-12-20T15:24:42.088267694-05:00"
+    appVersion: 0.3.2-rc2
+    created: "2022-12-20T14:05:54.464840107-08:00"
    dependencies:
    - condition: capi.enabled
      name: capi
      repository: ""
    description: ValidatingAdmissionWebhook for Rancher types
-    digest: afccddd3e68c70584d840a621c1d5afa6ad008b75d9cc9eaa56d65fa11761d70
+    digest: a6c02e7cf0bee1f5e3584ba852227506645b0985ec3776d71f26a5121337d902
    name: rancher-webhook
    urls:
-    - assets/rancher-webhook/rancher-webhook-2.0.2+up0.3.2-rc1.tgz
-    version: 2.0.2+up0.3.2-rc1
+    - assets/rancher-webhook/rancher-webhook-2.0.2+up0.3.2-rc2.tgz
+    version: 2.0.2+up0.3.2-rc2
  - annotations:
      catalog.cattle.io/certified: rancher
      catalog.cattle.io/hidden: "true"
--- a/packages/rancher-csp-adapter/package.yaml
+++ b/packages/rancher-csp-adapter/package.yaml
@ -1,2 +1,2 @@
-url: https://github.com/rancher/csp-adapter/releases/download/v2.0.0/rancher-csp-adapter-2.0.0.tgz
-version: 2.0.0
+url: https://github.com/rancher/csp-adapter/releases/download/v2.0.1-rc1/rancher-csp-adapter-2.0.1-rc1.tgz
+version: 2.0.1
--- a/packages/rancher-webhook/package.yaml
+++ b/packages/rancher-webhook/package.yaml
@ -1,2 +1,2 @@
-url: https://github.com/rancher/webhook/releases/download/v0.3.2-rc1/rancher-webhook-0.3.2-rc1.tgz
+url: https://github.com/rancher/webhook/releases/download/v0.3.2-rc2/rancher-webhook-0.3.2-rc2.tgz
 version: 2.0.2
--- a/release.yaml
+++ b/release.yaml
@ -16,6 +16,8 @@ rancher-aks-operator:
 rancher-aks-operator-crd:
 - 101.1.0+up1.0.8-rc1
 - 101.1.1+up1.1.0-rc1
+rancher-csp-adapter:
+- 2.0.1+up2.0.1-rc1
 rancher-eks-operator:
 - 101.1.0+up1.1.6-rc1
 - 101.2.0+up1.2.0-rc2
@ -53,7 +55,7 @@ rancher-gatekeeper-crd:
 rancher-logging:
 - 101.1.0+up3.17.10
 rancher-webhook:
- 2.0.2+up0.3.2-rc1
+- 2.0.2+up0.3.2-rc2
 sriov:
 - 101.0.2+up0.1.0
 sriov-crd: