andata
/
rancher-charts
mirror of https://git.rancher.io/charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2408 from MbolotSuse/wh-0.3.2-rc16 

Bump rancher webhook to v0.3.2-rc16
pull/2409/head
Michael Bolot 2023-02-10 11:01:17 -06:00 committed by GitHub
parent 3d96e061a5 557cef5449
commit b00a6cfc6a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
22 changed files with 19 additions and 172 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/rancher-webhook/rancher-webhook-2.0.2+up0.3.2-rc15.tgz
View File

Binary file not shown.

BIN
assets/rancher-webhook/rancher-webhook-2.0.2+up0.3.2-rc16.tgz Normal file
View File

Binary file not shown.

19
charts/rancher-webhook/2.0.2+up0.3.2-rc15/templates/pre-delete-hook-cluster-role-binding.yaml
View File

@ -1,19 +0,0 @@
{{- if .Values.preDelete.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: rancher-webhook-pre-delete
labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-weight": "2"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: rancher-webhook-pre-delete
subjects:
- kind: ServiceAccount
name: rancher-webhook-pre-delete
namespace: {{ .Release.Namespace }}
{{- end }}

25
charts/rancher-webhook/2.0.2+up0.3.2-rc15/templates/pre-delete-hook-cluster-role.yaml
View File

@ -1,25 +0,0 @@
{{- if .Values.preDelete.enabled }}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rancher-webhook-pre-delete
labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-weight": "1"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
rules:
- apiGroups: [ "admissionregistration.k8s.io" ]
resources: [ "mutatingwebhookconfigurations" ]
verbs: [ "delete" ]
resourceNames: [ "rancher.cattle.io" ]
- apiGroups: [ "" ]
resources: [ "serviceaccounts" ]
verbs: [ "get" ]
{{- if .Values.global.cattle.psp.enabled }}
- apiGroups: [ "policy" ]
resources: [ "podsecuritypolicies" ]
verbs: [ "use" ]
resourceNames: [ "rancher-webhook-pre-delete" ]
{{- end }}
{{- end }}

39
charts/rancher-webhook/2.0.2+up0.3.2-rc15/templates/pre-delete-hook-job.yaml
View File

@ -1,39 +0,0 @@
{{- if .Values.preDelete.enabled }}
apiVersion: batch/v1
kind: Job
metadata:
name: rancher-webhook-pre-delete
namespace: {{ .Release.Namespace }}
labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-weight": "3"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
spec:
backoffLimit: 3
template:
metadata:
name: rancher-webhook-pre-delete
labels: {{ include "rancher-webhook.labels" . | nindent 8 }}
spec:
serviceAccountName: rancher-webhook-pre-delete
{{- if .Values.priorityClassName }}
priorityClassName: "{{.Values.priorityClassName}}"
{{- end }}
restartPolicy: OnFailure
nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
{{- if .Values.nodeSelector }}
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
tolerations: {{ include "linux-node-tolerations" . | nindent 6 }}
{{- if .Values.tolerations }}
{{ toYaml .Values.tolerations | indent 6 }}
{{- end }}
containers:
- name: rancher-webhook-pre-delete
image: "{{ include "system_default_registry" . }}{{ .Values.preDelete.image.repository }}:{{ .Values.preDelete.image.tag }}"
imagePullPolicy: IfNotPresent
securityContext:
runAsUser: 0
command: [ "kubectl", "delete", "--ignore-not-found=true", "mutatingwebhookconfigurations", "rancher.cattle.io" ]
{{- end }}

33
charts/rancher-webhook/2.0.2+up0.3.2-rc15/templates/pre-delete-hook-psp.yaml
View File

@ -1,33 +0,0 @@
{{- if .Values.global.cattle.psp.enabled -}}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: rancher-webhook-pre-delete
labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-weight": "1"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
spec:
privileged: false
hostNetwork: false
hostIPC: false
hostPID: false
runAsUser:
rule: 'RunAsAny'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
readOnlyRootFilesystem: false
volumes:
- 'secret'
{{- end }}

12
charts/rancher-webhook/2.0.2+up0.3.2-rc15/templates/pre-delete-hook-service-account.yaml
View File

@ -1,12 +0,0 @@
{{- if .Values.preDelete.enabled }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: rancher-webhook-pre-delete
namespace: {{ .Release.Namespace }}
labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-weight": "1"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
{{- end }}

7
charts/rancher-webhook/2.0.2+up0.3.2-rc15/templates/validate-psp-install.yaml
View File

@ -1,7 +0,0 @@
#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
#{{- if .Values.global.cattle.psp.enabled }}
#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}}
#{{- end }}
#{{- end }}
#{{- end -}}

19
charts/rancher-webhook/2.0.2+up0.3.2-rc15/templates/webhook.yaml
View File

@ -1,19 +0,0 @@
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: rancher.cattle.io
webhooks:
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: rancher-webhook
namespace: cattle-system
path: /v1/webhook/validation
port: 443
failurePolicy: Ignore
matchPolicy: Equivalent
name: rancher.cattle.io
sideEffects: None
timeoutSeconds: 10

4
charts/rancher-webhook/2.0.2+up0.3.2-rc15/Chart.yaml → charts/rancher-webhook/2.0.2+up0.3.2-rc16/Chart.yaml
View File

@ -8,11 +8,11 @@ annotations:
catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
catalog.cattle.io/release-name: rancher-webhook
apiVersion: v2
appVersion: 0.3.2-rc15
appVersion: 0.3.2-rc16
dependencies:
- condition: capi.enabled
name: capi
repository: ""
description: ValidatingAdmissionWebhook for Rancher types
name: rancher-webhook
version: 2.0.2+up0.3.2-rc15
version: 2.0.2+up0.3.2-rc16

0
charts/rancher-webhook/2.0.2+up0.3.2-rc15/charts/capi/Chart.yaml → charts/rancher-webhook/2.0.2+up0.3.2-rc16/charts/capi/Chart.yaml
View File

0
charts/rancher-webhook/2.0.2+up0.3.2-rc15/charts/capi/templates/service.yaml → charts/rancher-webhook/2.0.2+up0.3.2-rc16/charts/capi/templates/service.yaml
View File

0
charts/rancher-webhook/2.0.2+up0.3.2-rc15/templates/_helpers.tpl → charts/rancher-webhook/2.0.2+up0.3.2-rc16/templates/_helpers.tpl
View File

0
charts/rancher-webhook/2.0.2+up0.3.2-rc15/templates/deployment.yaml → charts/rancher-webhook/2.0.2+up0.3.2-rc16/templates/deployment.yaml
View File

0
charts/rancher-webhook/2.0.2+up0.3.2-rc15/templates/rbac.yaml → charts/rancher-webhook/2.0.2+up0.3.2-rc16/templates/rbac.yaml
View File

0
charts/rancher-webhook/2.0.2+up0.3.2-rc15/templates/service.yaml → charts/rancher-webhook/2.0.2+up0.3.2-rc16/templates/service.yaml
View File

0
charts/rancher-webhook/2.0.2+up0.3.2-rc15/templates/serviceaccount.yaml → charts/rancher-webhook/2.0.2+up0.3.2-rc16/templates/serviceaccount.yaml
View File

9
charts/rancher-webhook/2.0.2+up0.3.2-rc16/templates/webhook.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: rancher.cattle.io
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: rancher.cattle.io

10
charts/rancher-webhook/2.0.2+up0.3.2-rc15/values.yaml → charts/rancher-webhook/2.0.2+up0.3.2-rc16/values.yaml
View File

@ -1,13 +1,11 @@
image:
repository: rancher/rancher-webhook
tag: v0.3.2-rc15
tag: v0.3.2-rc16
imagePullPolicy: IfNotPresent
global:
cattle:
systemDefaultRegistry: ""
psp:
enabled: false #PSPs enablement should default to false for the webhook
hostNetwork: false
capi:
@ -16,12 +14,6 @@ capi:
mcm:
enabled: true
preDelete:
enabled: true
image:
repository: rancher/kubectl
tag: v1.23.3
# tolerations for the webhook deployment. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ for more info
tolerations: []
nodeSelector: {}

10
index.yaml
View File

@ -11704,18 +11704,18 @@ entries:
catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
catalog.cattle.io/release-name: rancher-webhook
apiVersion: v2
appVersion: 0.3.2-rc15
created: "2023-02-07T14:28:54.698656-07:00"
appVersion: 0.3.2-rc16
created: "2023-02-10T09:45:06.331351608-06:00"
dependencies:
- condition: capi.enabled
name: capi
repository: ""
description: ValidatingAdmissionWebhook for Rancher types
digest: 4b39907f9d846d92098481b8503ae7e18759c653f84cc7db9f610ec75e688598
digest: 0731959bf4b60937e377c0ea315bd8208797ca1f526dfdd76290223e57820e83
name: rancher-webhook
urls:
- assets/rancher-webhook/rancher-webhook-2.0.2+up0.3.2-rc15.tgz
version: 2.0.2+up0.3.2-rc15
- assets/rancher-webhook/rancher-webhook-2.0.2+up0.3.2-rc16.tgz
version: 2.0.2+up0.3.2-rc16
- annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/hidden: "true"

2
packages/rancher-webhook/package.yaml
View File

@ -1,2 +1,2 @@
url: https://github.com/rancher/webhook/releases/download/v0.3.2-rc15/rancher-webhook-0.3.2-rc15.tgz
url: https://github.com/rancher/webhook/releases/download/v0.3.2-rc16/rancher-webhook-0.3.2-rc16.tgz
version: 2.0.2

2
release.yaml
View File

@ -71,7 +71,7 @@ rancher-vsphere-cpi:
rancher-vsphere-csi:
- 101.1.0+up2.6.2-rancher1
rancher-webhook:
- 2.0.2+up0.3.2-rc15
- 2.0.2+up0.3.2-rc16
sriov:
- 101.0.2+up0.1.0
- 101.0.3+up0.1.0