diff --git a/packages/rancher-gatekeeper/overlay/CHANGELOG.md b/packages/rancher-gatekeeper/overlay/CHANGELOG.md index d51d3fc3d..863e5fc81 100644 --- a/packages/rancher-gatekeeper/overlay/CHANGELOG.md +++ b/packages/rancher-gatekeeper/overlay/CHANGELOG.md @@ -6,10 +6,6 @@ All notable changes from the upstream OPA Gatekeeper chart will be added to this - Enabled the CRD chart generator in `package.yaml` ### Modified -- Updated chart version in `Chart.yaml` to follow the upstream's format `v3.1.0-beta.X` -- Disabled webhook validation in chart values (`disableValidatingWebhook: true`) since -the webhook service was removed. Ideally, we would like to remove the validation too, -but setting this flag achieves the same results without cluttering the patch. - Updated namespace to `cattle-gatekeeper-system` - Updated `rancher/istio-kubectl` image to `1.5.8` - Updated for Helm 3 compatibility @@ -17,7 +13,5 @@ but setting this flag achieves the same results without cluttering the patch. - Removed `crd-install` hooks and templates from crds ### Removed -- Removed `gatekeeper-webhook-service-service.yaml` as the `gatekeeper-webhook-service` -was removed in our previous version of the chart - Removed `gatekeeper-system-namespace.yaml` as Rancher handles namespaces for chart installation - Removed unnecessary `index.yaml` as we package and host our charts diff --git a/packages/rancher-gatekeeper/rancher-gatekeeper.patch b/packages/rancher-gatekeeper/rancher-gatekeeper.patch index 9642bf447..05a1c0f99 100644 --- a/packages/rancher-gatekeeper/rancher-gatekeeper.patch +++ b/packages/rancher-gatekeeper/rancher-gatekeeper.patch @@ -1033,43 +1033,26 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/tem diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/gatekeeper-webhook-service-service.yaml packages/rancher-gatekeeper/charts/templates/gatekeeper-webhook-service-service.yaml --- packages/rancher-gatekeeper/charts-original/templates/gatekeeper-webhook-service-service.yaml +++ packages/rancher-gatekeeper/charts/templates/gatekeeper-webhook-service-service.yaml -@@ -1,23 +0,0 @@ --apiVersion: v1 --kind: Service --metadata: -- labels: -- app: '{{ template "gatekeeper.name" . }}' -- chart: '{{ template "gatekeeper.name" . }}' -- gatekeeper.sh/system: "yes" -- heritage: '{{ .Release.Service }}' -- release: '{{ .Release.Name }}' -- name: gatekeeper-webhook-service +@@ -8,7 +8,7 @@ + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-webhook-service - namespace: gatekeeper-system --spec: -- ports: -- - port: 443 -- targetPort: 8443 -- selector: -- app: '{{ template "gatekeeper.name" . }}' -- chart: '{{ template "gatekeeper.name" . }}' -- control-plane: controller-manager -- gatekeeper.sh/operation: webhook -- gatekeeper.sh/system: "yes" -- heritage: '{{ .Release.Service }}' -- release: '{{ .Release.Name }}' ++ namespace: '{{ .Release.Namespace }}' + spec: + ports: + - port: 443 diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/values.yaml packages/rancher-gatekeeper/charts/values.yaml --- packages/rancher-gatekeeper/charts-original/values.yaml +++ packages/rancher-gatekeeper/charts/values.yaml -@@ -1,15 +1,15 @@ +@@ -1,5 +1,5 @@ replicas: 3 -auditInterval: 60 +auditInterval: 300 constraintViolationsLimit: 20 auditFromCache: false --disableValidatingWebhook: false -+disableValidatingWebhook: true - auditChunkSize: 0 - logLevel: INFO + disableValidatingWebhook: false +@@ -8,8 +8,8 @@ emitAdmissionEvents: false emitAuditEvents: false image: