Add webhook service and update changelog

2020-08-07 17:22:20 -07:00 · 2020-08-07 17:22:20 -07:00 · c6370509d8
parent 865476ee75
commit c6370509d8
2 changed files with 11 additions and 34 deletions
--- a/packages/rancher-gatekeeper/overlay/CHANGELOG.md
+++ b/packages/rancher-gatekeeper/overlay/CHANGELOG.md
@ -6,10 +6,6 @@ All notable changes from the upstream OPA Gatekeeper chart will be added to this
 - Enabled the CRD chart generator in `package.yaml`

 ### Modified
- Updated chart version in `Chart.yaml` to follow the upstream's format `v3.1.0-beta.X`
- Disabled webhook validation in chart values (`disableValidatingWebhook: true`) since
-the webhook service was removed. Ideally, we would like to remove the validation too, 
-but setting this flag achieves the same results without cluttering the patch.
 - Updated namespace to `cattle-gatekeeper-system`
 - Updated `rancher/istio-kubectl` image to `1.5.8`
 - Updated for Helm 3 compatibility
@ -17,7 +13,5 @@ but setting this flag achieves the same results without cluttering the patch.
    - Removed `crd-install` hooks and templates from crds

 ### Removed
- Removed `gatekeeper-webhook-service-service.yaml` as the `gatekeeper-webhook-service` 
-was removed in our previous version of the chart
 - Removed `gatekeeper-system-namespace.yaml` as Rancher handles namespaces for chart installation
 - Removed unnecessary `index.yaml` as we package and host our charts
--- a/packages/rancher-gatekeeper/rancher-gatekeeper.patch
+++ b/packages/rancher-gatekeeper/rancher-gatekeeper.patch
@ -1033,43 +1033,26 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/tem
 diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/gatekeeper-webhook-service-service.yaml packages/rancher-gatekeeper/charts/templates/gatekeeper-webhook-service-service.yaml
 --- packages/rancher-gatekeeper/charts-original/templates/gatekeeper-webhook-service-service.yaml
 +++ packages/rancher-gatekeeper/charts/templates/gatekeeper-webhook-service-service.yaml
-@@ -1,23 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: '{{ template "gatekeeper.name" . }}'
-    chart: '{{ template "gatekeeper.name" . }}'
-    gatekeeper.sh/system: "yes"
-    heritage: '{{ .Release.Service }}'
-    release: '{{ .Release.Name }}'
-  name: gatekeeper-webhook-service
+@@ -8,7 +8,7 @@
+     heritage: '{{ .Release.Service }}'
+     release: '{{ .Release.Name }}'
+   name: gatekeeper-webhook-service
 -  namespace: gatekeeper-system
-spec:
-  ports:
-  - port: 443
-    targetPort: 8443
-  selector:
-    app: '{{ template "gatekeeper.name" . }}'
-    chart: '{{ template "gatekeeper.name" . }}'
-    control-plane: controller-manager
-    gatekeeper.sh/operation: webhook
-    gatekeeper.sh/system: "yes"
-    heritage: '{{ .Release.Service }}'
-    release: '{{ .Release.Name }}'
+  namespace: '{{ .Release.Namespace }}'
+ spec:
+   ports:
+   - port: 443
 diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/values.yaml packages/rancher-gatekeeper/charts/values.yaml
 --- packages/rancher-gatekeeper/charts-original/values.yaml
 +++ packages/rancher-gatekeeper/charts/values.yaml
-@@ -1,15 +1,15 @@
+@@ -1,5 +1,5 @@
 replicas: 3
 -auditInterval: 60
 +auditInterval: 300
 constraintViolationsLimit: 20
 auditFromCache: false
-disableValidatingWebhook: false
-+disableValidatingWebhook: true
- auditChunkSize: 0
- logLevel: INFO
+ disableValidatingWebhook: false
+@@ -8,8 +8,8 @@
 emitAdmissionEvents: false
 emitAuditEvents: false
 image: