andata
/
rancher-charts
mirror of https://git.rancher.io/charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Generated changes

pull/866/head
actions 2020-11-25 00:54:28 +00:00
parent 5fea181809
commit ad9912c686
16 changed files with 621 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
assets/index.yaml
View File

@ -626,6 +626,32 @@ entries:
- assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.100.tgz
version: 1.0.100
rancher-gatekeeper:
- annotations:
catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: OPA Gatekeeper
catalog.cattle.io/experimental: "true"
catalog.cattle.io/namespace: cattle-gatekeeper-system
catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1
catalog.cattle.io/release-name: rancher-gatekeeper
catalog.cattle.io/ui-component: gatekeeper
apiVersion: v1
appVersion: v3.2.1
created: "2020-11-25T00:54:28.123665246Z"
description: Modifies Open Policy Agent's upstream gatekeeper chart that provides
policy-based control for cloud native environments
digest: 371575899f997e37c004d4c89fdfeea86552b724b1c087949292d7a23a8b948c
home: https://github.com/open-policy-agent/gatekeeper
icon: https://charts.rancher.io/assets/logos/gatekeeper.svg
keywords:
- open policy agent
- security
name: rancher-gatekeeper
sources:
- https://github.com/open-policy-agent/gatekeeper.git
urls:
- assets/rancher-gatekeeper/rancher-gatekeeper-3.2.101.tgz
version: 3.2.101
- annotations:
catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match
catalog.cattle.io/certified: rancher
@ -702,6 +728,21 @@ entries:
- assets/rancher-gatekeeper/rancher-gatekeeper-3.1.100.tgz
version: 3.1.100
rancher-gatekeeper-crd:
- annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/experimental: "true"
catalog.cattle.io/hidden: "true"
catalog.cattle.io/namespace: cattle-gatekeeper-system
catalog.cattle.io/release-name: rancher-gatekeeper-crd
apiVersion: v1
created: "2020-11-25T00:54:28.124082745Z"
description: Installs the CRDs for rancher-gatekeeper.
digest: f7b90e5003f282c7437eb7f7cee57bad72a6eaa8b05fb4bee5f3b0555dbbeece
name: rancher-gatekeeper-crd
type: application
urls:
- assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.2.101.tgz
version: 3.2.101
- annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/experimental: "true"
@ -1880,4 +1921,4 @@ entries:
urls:
- assets/rio/rio-0.8.000.tgz
version: 0.8.000
generated: "2020-11-23T17:17:46.132232262Z"
generated: "2020-11-25T00:54:28.12236995Z"

BIN
assets/rancher-gatekeeper/rancher-gatekeeper-3.2.101.tgz Normal file
View File

Binary file not shown.

BIN
assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.2.101.tgz Normal file
View File

Binary file not shown.

2
charts/rancher-gatekeeper/Chart.yaml
View File

@ -9,7 +9,7 @@ keywords:
name: rancher-gatekeeper
sources:
- https://github.com/open-policy-agent/gatekeeper.git
version: 3.2.100
version: 3.2.101
icon: https://charts.rancher.io/assets/logos/gatekeeper.svg
annotations:
catalog.cattle.io/certified: rancher

2
charts/rancher-gatekeeper/charts-crd/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v1
version: 3.2.100
version: 3.2.101
description: Installs the CRDs for rancher-gatekeeper.
name: rancher-gatekeeper-crd
type: application

106
charts/rancher-gatekeeper/charts-crd/crd-manifest/config-customresourcedefinition.yaml Normal file
View File

@ -0,0 +1,106 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
labels:
gatekeeper.sh/system: "yes"
name: configs.config.gatekeeper.sh
spec:
group: config.gatekeeper.sh
names:
kind: Config
listKind: ConfigList
plural: configs
shortNames:
- config
singular: config
scope: Namespaced
validation:
openAPIV3Schema:
description: Config is the Schema for the configs API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ConfigSpec defines the desired state of Config
properties:
match:
description: Configuration for namespace exclusion
items:
properties:
excludedNamespaces:
items:
type: string
type: array
processes:
items:
type: string
type: array
type: object
type: array
readiness:
description: Configuration for readiness tracker
properties:
statsEnabled:
type: boolean
type: object
sync:
description: Configuration for syncing k8s objects
properties:
syncOnly:
description: If non-empty, only entries on this list will be replicated into OPA
items:
properties:
group:
type: string
kind:
type: string
version:
type: string
type: object
type: array
type: object
validation:
description: Configuration for validation
properties:
traces:
description: List of requests to trace. Both "user" and "kinds" must be specified
items:
properties:
dump:
description: Also dump the state of OPA with the trace. Set to `All` to dump everything.
type: string
kind:
description: Only trace requests of the following GroupVersionKind
properties:
group:
type: string
kind:
type: string
version:
type: string
type: object
user:
description: Only trace requests from the specified user
type: string
type: object
type: array
type: object
type: object
status:
description: ConfigStatus defines the observed state of Config
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true

68
charts/rancher-gatekeeper/charts-crd/crd-manifest/constraintpodstatus-customresourcedefinition.yaml Normal file
View File

@ -0,0 +1,68 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
labels:
gatekeeper.sh/system: "yes"
name: constraintpodstatuses.status.gatekeeper.sh
spec:
group: status.gatekeeper.sh
names:
kind: ConstraintPodStatus
listKind: ConstraintPodStatusList
plural: constraintpodstatuses
singular: constraintpodstatus
scope: Namespaced
validation:
openAPIV3Schema:
description: ConstraintPodStatus is the Schema for the constraintpodstatuses API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
status:
description: ConstraintPodStatusStatus defines the observed state of ConstraintPodStatus
properties:
constraintUID:
description: Storing the constraint UID allows us to detect drift, such as when a constraint has been recreated after its CRD was deleted out from under it, interrupting the watch
type: string
enforced:
type: boolean
errors:
items:
description: Error represents a single error caught while adding a constraint to OPA
properties:
code:
type: string
location:
type: string
message:
type: string
required:
- code
- message
type: object
type: array
id:
type: string
observedGeneration:
format: int64
type: integer
operations:
items:
type: string
type: array
type: object
type: object
version: v1beta1
versions:
- name: v1beta1
served: true
storage: true

97
charts/rancher-gatekeeper/charts-crd/crd-manifest/constrainttemplate-customresourcedefinition.yaml Normal file
View File

@ -0,0 +1,97 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
labels:
gatekeeper.sh/system: "yes"
name: constrainttemplates.templates.gatekeeper.sh
spec:
group: templates.gatekeeper.sh
names:
kind: ConstraintTemplate
plural: constrainttemplates
scope: Cluster
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
crd:
properties:
spec:
properties:
names:
properties:
kind:
type: string
shortNames:
items:
type: string
type: array
type: object
validation:
type: object
type: object
type: object
targets:
items:
properties:
libs:
items:
type: string
type: array
rego:
type: string
target:
type: string
type: object
type: array
type: object
status:
properties:
byPod:
items:
properties:
errors:
items:
properties:
code:
type: string
location:
type: string
message:
type: string
required:
- code
- message
type: object
type: array
id:
description: a unique identifier for the pod that wrote the status
type: string
observedGeneration:
format: int64
type: integer
type: object
type: array
created:
type: boolean
type: object
version: v1beta1
versions:
- name: v1beta1
served: true
storage: true
- name: v1alpha1
served: true
storage: false

67
charts/rancher-gatekeeper/charts-crd/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml Normal file
View File

@ -0,0 +1,67 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
labels:
gatekeeper.sh/system: "yes"
name: constrainttemplatepodstatuses.status.gatekeeper.sh
spec:
group: status.gatekeeper.sh
names:
kind: ConstraintTemplatePodStatus
listKind: ConstraintTemplatePodStatusList
plural: constrainttemplatepodstatuses
singular: constrainttemplatepodstatus
scope: Namespaced
validation:
openAPIV3Schema:
description: ConstraintTemplatePodStatus is the Schema for the constrainttemplatepodstatuses API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
status:
description: ConstraintTemplatePodStatusStatus defines the observed state of ConstraintTemplatePodStatus
properties:
errors:
items:
description: CreateCRDError represents a single error caught during parsing, compiling, etc.
properties:
code:
type: string
location:
type: string
message:
type: string
required:
- code
- message
type: object
type: array
id:
description: 'Important: Run "make" to regenerate code after modifying this file'
type: string
observedGeneration:
format: int64
type: integer
operations:
items:
type: string
type: array
templateUID:
description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated.
type: string
type: object
type: object
version: v1beta1
versions:
- name: v1beta1
served: true
storage: true

7
charts/rancher-gatekeeper/charts-crd/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,7 @@
# Rancher
{{- define "system_default_registry" -}}
{{- if .Values.global.cattle.systemDefaultRegistry -}}
{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
{{- end -}}
{{- end -}}

92
charts/rancher-gatekeeper/charts-crd/templates/jobs.yaml Normal file
View File

@ -0,0 +1,92 @@
apiVersion: batch/v1
kind: Job
metadata:
name: {{ .Chart.Name }}-create
namespace: {{ .Release.Namespace }}
labels:
app: {{ .Chart.Name }}
annotations:
"helm.sh/hook": post-install, post-upgrade, post-rollback
"helm.sh/hook-delete-policy": hook-succeeded
spec:
template:
metadata:
name: {{ .Chart.Name }}-create
labels:
app: {{ .Chart.Name }}
spec:
serviceAccountName: {{ .Chart.Name }}-manager
securityContext:
runAsNonRoot: true
runAsUser: 1000
containers:
- name: create-crds
image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: IfNotPresent
command:
- /bin/kubectl
- apply
- -f
- /etc/config/crd-manifest.yaml
volumeMounts:
- name: crd-manifest
readOnly: true
mountPath: /etc/config
restartPolicy: OnFailure
volumes:
- name: crd-manifest
configMap:
name: {{ .Chart.Name }}-manifest
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ .Chart.Name }}-delete
namespace: {{ .Release.Namespace }}
labels:
app: {{ .Chart.Name }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": hook-succeeded
spec:
template:
metadata:
name: {{ .Chart.Name }}-delete
labels:
app: {{ .Chart.Name }}
spec:
serviceAccountName: {{ .Chart.Name }}-manager
securityContext:
runAsNonRoot: true
runAsUser: 1000
initContainers:
- name: remove-finalizers
image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: IfNotPresent
command:
- /bin/kubectl
- apply
- -f
- /etc/config/crd-manifest.yaml
volumeMounts:
- name: crd-manifest
readOnly: true
mountPath: /etc/config
containers:
- name: delete-crds
image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: IfNotPresent
command:
- /bin/kubectl
- delete
- -f
- /etc/config/crd-manifest.yaml
volumeMounts:
- name: crd-manifest
readOnly: true
mountPath: /etc/config
restartPolicy: OnFailure
volumes:
- name: crd-manifest
configMap:
name: {{ .Chart.Name }}-manifest

14
charts/rancher-gatekeeper/charts-crd/templates/manifest.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Chart.Name }}-manifest
namespace: {{ .Release.Namespace }}
data:
crd-manifest.yaml: |
{{- $currentScope := . -}}
{{- $crds := (.Files.Glob "crd-manifest/**.yaml") -}}
{{- range $path, $_ := $crds -}}
{{- with $currentScope -}}
{{ .Files.Get $path | nindent 4 }}
---
{{- end -}}{{- end -}}

72
charts/rancher-gatekeeper/charts-crd/templates/rbac.yaml Normal file
View File

@ -0,0 +1,72 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ .Chart.Name }}-manager
labels:
app: {{ .Chart.Name }}-manager
rules:
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs: ['create', 'get', 'patch', 'delete']
- apiGroups: ['policy']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames:
- {{ .Chart.Name }}-manager
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ .Chart.Name }}-manager
labels:
app: {{ .Chart.Name }}-manager
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ .Chart.Name }}-manager
subjects:
- kind: ServiceAccount
name: {{ .Chart.Name }}-manager
namespace: {{ .Release.Namespace }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Chart.Name }}-manager
namespace: {{ .Release.Namespace }}
labels:
app: {{ .Chart.Name }}-manager
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ .Chart.Name }}-manager
namespace: {{ .Release.Namespace }}
labels:
app: {{ .Chart.Name }}-manager
spec:
privileged: false
allowPrivilegeEscalation: false
hostNetwork: false
hostIPC: false
hostPID: false
runAsUser:
rule: 'MustRunAsNonRoot'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
readOnlyRootFilesystem: false
volumes:
- 'configMap'
- 'secret'

11
charts/rancher-gatekeeper/charts-crd/values.yaml Normal file
View File

@ -0,0 +1,11 @@
# Default values for rancher-gatekeeper-crd.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global:
cattle:
systemDefaultRegistry: ""
image:
repository: rancher/kubectl
tag: v1.18.6

43
index.yaml
View File

@ -626,6 +626,32 @@ entries:
- assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.100.tgz
version: 1.0.100
rancher-gatekeeper:
- annotations:
catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: OPA Gatekeeper
catalog.cattle.io/experimental: "true"
catalog.cattle.io/namespace: cattle-gatekeeper-system
catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1
catalog.cattle.io/release-name: rancher-gatekeeper
catalog.cattle.io/ui-component: gatekeeper
apiVersion: v1
appVersion: v3.2.1
created: "2020-11-25T00:54:28.123665246Z"
description: Modifies Open Policy Agent's upstream gatekeeper chart that provides
policy-based control for cloud native environments
digest: 371575899f997e37c004d4c89fdfeea86552b724b1c087949292d7a23a8b948c
home: https://github.com/open-policy-agent/gatekeeper
icon: https://charts.rancher.io/assets/logos/gatekeeper.svg
keywords:
- open policy agent
- security
name: rancher-gatekeeper
sources:
- https://github.com/open-policy-agent/gatekeeper.git
urls:
- assets/rancher-gatekeeper/rancher-gatekeeper-3.2.101.tgz
version: 3.2.101
- annotations:
catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match
catalog.cattle.io/certified: rancher
@ -702,6 +728,21 @@ entries:
- assets/rancher-gatekeeper/rancher-gatekeeper-3.1.100.tgz
version: 3.1.100
rancher-gatekeeper-crd:
- annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/experimental: "true"
catalog.cattle.io/hidden: "true"
catalog.cattle.io/namespace: cattle-gatekeeper-system
catalog.cattle.io/release-name: rancher-gatekeeper-crd
apiVersion: v1
created: "2020-11-25T00:54:28.124082745Z"
description: Installs the CRDs for rancher-gatekeeper.
digest: f7b90e5003f282c7437eb7f7cee57bad72a6eaa8b05fb4bee5f3b0555dbbeece
name: rancher-gatekeeper-crd
type: application
urls:
- assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.2.101.tgz
version: 3.2.101
- annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/experimental: "true"
@ -1880,4 +1921,4 @@ entries:
urls:
- assets/rio/rio-0.8.000.tgz
version: 0.8.000
generated: "2020-11-23T17:17:46.132232262Z"
generated: "2020-11-25T00:54:28.12236995Z"

2
sha256sum/rancher-gatekeeper/rancher-gatekeeper.sum
View File

@ -2,5 +2,5 @@ a43cd4bcb970fc3c24dd781a895b089a93d4c89411c2ad9def81cc2dee1b9237 packages/ranch
4b9c0779664bca5fd9bafa3be4d26b039fa7e383deaa4331650c72ada3811af9 packages/rancher-gatekeeper/overlay/app-readme.md
963e0bfafa96a6d37a3f906e9ceccb55e9eca405b461d29dd339ab6826476832 packages/rancher-gatekeeper/overlay/templates/allowedrepos.yaml
99da0ab300106fba3a5db832dc39c3cca2ac11aa200c1530ae5466d9ddc42755 packages/rancher-gatekeeper/overlay/templates/requiredlabels.yaml
4b573586d193d9cbfaf031eb4daa836766d63fcd9fa686252c64917be7c56377 packages/rancher-gatekeeper/package.yaml
ec156481866807d762ee02a7bb79a519190132ba80426e88a74bf4a24840a2db packages/rancher-gatekeeper/package.yaml
7ed3c53ff249ea9e50f5923797ab57c2378ab792a9783beaffdb9870149383ce packages/rancher-gatekeeper/rancher-gatekeeper.patch