andata
/
rancher-charts
mirror of https://git.rancher.io/charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

make prepare/patch gatekeeper 3.13.0

pull/2879/head
Diogo Souza 2023-08-16 21:33:28 -03:00
parent b4b4ec834f
commit e49da0e885
13 changed files with 57 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
packages/rancher-gatekeeper/generated-changes/patch/Chart.yaml.patch
View File

@ -5,7 +5,7 @@
+ catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match + catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match
+ catalog.cattle.io/certified: rancher + catalog.cattle.io/certified: rancher
+ catalog.cattle.io/display-name: OPA Gatekeeper + catalog.cattle.io/display-name: OPA Gatekeeper
+ catalog.cattle.io/kube-version: '>= 1.20.0-0 < 1.28.0-0' + catalog.cattle.io/kube-version: '>= 1.20.0-0'
+ catalog.cattle.io/namespace: cattle-gatekeeper-system + catalog.cattle.io/namespace: cattle-gatekeeper-system
+ catalog.cattle.io/os: linux + catalog.cattle.io/os: linux
+ catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/permits-os: linux,windows
@ -15,7 +15,7 @@
+ catalog.cattle.io/type: cluster-tool + catalog.cattle.io/type: cluster-tool
+ catalog.cattle.io/ui-component: gatekeeper + catalog.cattle.io/ui-component: gatekeeper
apiVersion: v2 apiVersion: v2
appVersion: v3.12.0 appVersion: v3.13.0
-description: A Helm chart for Gatekeeper -description: A Helm chart for Gatekeeper
+description: Modifies Open Policy Agent's upstream gatekeeper chart that provides +description: Modifies Open Policy Agent's upstream gatekeeper chart that provides
+ policy-based control for cloud native environments + policy-based control for cloud native environments
@ -29,4 +29,4 @@
+name: rancher-gatekeeper +name: rancher-gatekeeper
sources: sources:
- https://github.com/open-policy-agent/gatekeeper.git - https://github.com/open-policy-agent/gatekeeper.git
version: 3.12.0 version: 3.13.0

18
packages/rancher-gatekeeper/generated-changes/patch/README.md.patch
View File

@ -1,11 +1,11 @@
--- charts-original/README.md --- charts-original/README.md
+++ charts/README.md +++ charts/README.md
@@ -118,7 +118,7 @@ @@ -129,7 +129,7 @@
| crds.nodeSelector | The node selector to use for pod scheduling in crds hook jobs | `kubernetes.io/os: linux` | | crds.nodeSelector | The node selector to use for pod scheduling in crds hook jobs | `kubernetes.io/os: linux` |
| crds.resources | The resource request/limits for the container image in crds hook jobs | `{}` | | crds.resources | The resource request/limits for the container image in crds hook jobs | `{}` |
| crds.securityContext | Security context applied to the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 65532, "runAsNonRoot": true, "runAsUser": 65532 }` | | crds.securityContext | Security context applied to the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 65532, "runAsNonRoot": true, "runAsUser": 65532 }` |
-| auditInterval | The frequency with which audit is run | `60` | -| auditInterval | The frequency with which audit is run | `60` |
+| auditInterval | The frequency with which audit is run | `300` | +| auditInterval | The frequency with which audit is run | `300` |
| constraintViolationsLimit | The maximum # of audit violations reported on a constraint | `20` | | constraintViolationsLimit | The maximum # of audit violations reported on a constraint | `20` |
| auditFromCache | Take the roster of resources to audit from the audit cache | `false` | | auditFromCache | Take the roster of resources to audit from the audit cache | `false` |
| auditChunkSize | Chunk size for listing cluster resources for audit (alpha feature) | `500` | | auditChunkSize | Chunk size for listing cluster resources for audit (alpha feature) | `500` |

2
packages/rancher-gatekeeper/generated-changes/patch/templates/_helpers.tpl.patch
View File

@ -37,7 +37,7 @@
imagePullPolicy: {{ .Values.postInstall.probeWebhook.image.pullPolicy }} imagePullPolicy: {{ .Values.postInstall.probeWebhook.image.pullPolicy }}
command: command:
- "curl" - "curl"
@@ -69,10 +92,10 @@ @@ -70,10 +93,10 @@
resources: resources:
{{- toYaml .Values.postInstall.resources | nindent 4 }} {{- toYaml .Values.postInstall.resources | nindent 4 }}
securityContext: securityContext:

8
packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-audit-deployment.yaml.patch
View File

@ -1,6 +1,6 @@
--- charts-original/templates/gatekeeper-audit-deployment.yaml --- charts-original/templates/gatekeeper-audit-deployment.yaml
+++ charts/templates/gatekeeper-audit-deployment.yaml +++ charts/templates/gatekeeper-audit-deployment.yaml
@@ -42,11 +42,7 @@ @@ -45,11 +45,7 @@
{{- toYaml .Values.audit.affinity | nindent 8 }} {{- toYaml .Values.audit.affinity | nindent 8 }}
automountServiceAccountToken: true automountServiceAccountToken: true
containers: containers:
@ -13,7 +13,7 @@
args: args:
- --audit-interval={{ .Values.auditInterval }} - --audit-interval={{ .Values.auditInterval }}
- --log-level={{ (.Values.audit.logLevel | empty | not) | ternary .Values.audit.logLevel .Values.logLevel }} - --log-level={{ (.Values.audit.logLevel | empty | not) | ternary .Values.audit.logLevel .Values.logLevel }}
@@ -94,7 +90,7 @@ @@ -102,7 +98,7 @@
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: CONTAINER_NAME - name: CONTAINER_NAME
value: manager value: manager
@ -22,7 +22,7 @@
livenessProbe: livenessProbe:
httpGet: httpGet:
path: /healthz path: /healthz
@@ -130,9 +126,11 @@ @@ -138,9 +134,11 @@
dnsPolicy: {{ .Values.audit.dnsPolicy }} dnsPolicy: {{ .Values.audit.dnsPolicy }}
hostNetwork: {{ .Values.audit.hostNetwork }} hostNetwork: {{ .Values.audit.hostNetwork }}
imagePullSecrets: imagePullSecrets:
@ -37,7 +37,7 @@
{{- if .Values.audit.priorityClassName }} {{- if .Values.audit.priorityClassName }}
priorityClassName: {{ .Values.audit.priorityClassName }} priorityClassName: {{ .Values.audit.priorityClassName }}
{{- end }} {{- end }}
@@ -140,8 +138,10 @@ @@ -148,8 +146,10 @@
{{- toYaml .Values.audit.podSecurityContext | nindent 8 }} {{- toYaml .Values.audit.podSecurityContext | nindent 8 }}
serviceAccountName: gatekeeper-admin serviceAccountName: gatekeeper-admin
terminationGracePeriodSeconds: 60 terminationGracePeriodSeconds: 60

8
packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-controller-manager-deployment.yaml.patch
View File

@ -1,6 +1,6 @@
--- charts-original/templates/gatekeeper-controller-manager-deployment.yaml --- charts-original/templates/gatekeeper-controller-manager-deployment.yaml
+++ charts/templates/gatekeeper-controller-manager-deployment.yaml +++ charts/templates/gatekeeper-controller-manager-deployment.yaml
@@ -42,11 +42,8 @@ @@ -44,11 +44,8 @@
{{- toYaml .Values.controllerManager.affinity | nindent 8 }} {{- toYaml .Values.controllerManager.affinity | nindent 8 }}
automountServiceAccountToken: true automountServiceAccountToken: true
containers: containers:
@ -14,7 +14,7 @@
args: args:
- --port={{ .Values.controllerManager.port }} - --port={{ .Values.controllerManager.port }}
- --health-addr=:{{ .Values.controllerManager.healthPort }} - --health-addr=:{{ .Values.controllerManager.healthPort }}
@@ -111,7 +108,6 @@ @@ -113,7 +110,6 @@
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: CONTAINER_NAME - name: CONTAINER_NAME
value: manager value: manager
@ -22,7 +22,7 @@
livenessProbe: livenessProbe:
httpGet: httpGet:
path: /healthz path: /healthz
@@ -148,9 +144,11 @@ @@ -150,9 +146,11 @@
dnsPolicy: {{ .Values.controllerManager.dnsPolicy }} dnsPolicy: {{ .Values.controllerManager.dnsPolicy }}
hostNetwork: {{ .Values.controllerManager.hostNetwork }} hostNetwork: {{ .Values.controllerManager.hostNetwork }}
imagePullSecrets: imagePullSecrets:
@ -37,7 +37,7 @@
{{- if .Values.controllerManager.priorityClassName }} {{- if .Values.controllerManager.priorityClassName }}
priorityClassName: {{ .Values.controllerManager.priorityClassName }} priorityClassName: {{ .Values.controllerManager.priorityClassName }}
{{- end }} {{- end }}
@@ -158,8 +156,10 @@ @@ -160,8 +158,10 @@
{{- toYaml .Values.controllerManager.podSecurityContext | nindent 8 }} {{- toYaml .Values.controllerManager.podSecurityContext | nindent 8 }}
serviceAccountName: gatekeeper-admin serviceAccountName: gatekeeper-admin
terminationGracePeriodSeconds: 60 terminationGracePeriodSeconds: 60

2
packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-manager-role-clusterrole.yaml.patch
View File

@ -1,6 +1,6 @@
--- charts-original/templates/gatekeeper-manager-role-clusterrole.yaml --- charts-original/templates/gatekeeper-manager-role-clusterrole.yaml
+++ charts/templates/gatekeeper-manager-role-clusterrole.yaml +++ charts/templates/gatekeeper-manager-role-clusterrole.yaml
@@ -106,7 +106,7 @@ @@ -118,7 +118,7 @@
- patch - patch
- update - update
- watch - watch

6
packages/rancher-gatekeeper/generated-changes/patch/templates/namespace-post-install.yaml.patch
View File

@ -1,6 +1,6 @@
--- charts-original/templates/namespace-post-install.yaml --- charts-original/templates/namespace-post-install.yaml
+++ charts/templates/namespace-post-install.yaml +++ charts/templates/namespace-post-install.yaml
@@ -44,7 +44,7 @@ @@ -47,7 +47,7 @@
{{- end }} {{- end }}
containers: containers:
- name: kubectl-label - name: kubectl-label
@ -9,7 +9,7 @@
imagePullPolicy: {{ .Values.postInstall.labelNamespace.image.pullPolicy }} imagePullPolicy: {{ .Values.postInstall.labelNamespace.image.pullPolicy }}
args: args:
- label - label
@@ -85,12 +85,10 @@ @@ -88,12 +88,10 @@
{{- toYaml .Values.postInstall.securityContext | nindent 12 }} {{- toYaml .Values.postInstall.securityContext | nindent 12 }}
{{- end }} {{- end }}
{{- with .Values.postInstall }} {{- with .Values.postInstall }}
@ -24,7 +24,7 @@
{{- end }} {{- end }}
--- ---
apiVersion: v1 apiVersion: v1
@@ -132,6 +130,12 @@ @@ -135,6 +133,12 @@
{{- range .Values.postInstall.labelNamespace.extraNamespaces }} {{- range .Values.postInstall.labelNamespace.extraNamespaces }}
- {{ . }} - {{ . }}
{{- end }} {{- end }}

8
packages/rancher-gatekeeper/generated-changes/patch/templates/namespace-post-upgrade.yaml.patch
View File

@ -1,7 +1,7 @@
--- charts-original/templates/namespace-post-upgrade.yaml --- charts-original/templates/namespace-post-upgrade.yaml
+++ charts/templates/namespace-post-upgrade.yaml +++ charts/templates/namespace-post-upgrade.yaml
@@ -36,7 +36,7 @@ @@ -39,7 +39,7 @@
serviceAccount: gatekeeper-update-namespace-label-post-upgrade {{- end }}
containers: containers:
- name: kubectl-label - name: kubectl-label
- image: "{{ .Values.postUpgrade.labelNamespace.image.repository }}:{{ .Values.postUpgrade.labelNamespace.image.tag }}" - image: "{{ .Values.postUpgrade.labelNamespace.image.repository }}:{{ .Values.postUpgrade.labelNamespace.image.tag }}"
@ -9,7 +9,7 @@
imagePullPolicy: {{ .Values.postUpgrade.labelNamespace.image.pullPolicy }} imagePullPolicy: {{ .Values.postUpgrade.labelNamespace.image.pullPolicy }}
args: args:
- label - label
@@ -77,12 +77,10 @@ @@ -80,12 +80,10 @@
{{- toYaml .Values.postUpgrade.securityContext | nindent 12 }} {{- toYaml .Values.postUpgrade.securityContext | nindent 12 }}
{{- end }} {{- end }}
{{- with .Values.postUpgrade }} {{- with .Values.postUpgrade }}
@ -24,7 +24,7 @@
{{- end }} {{- end }}
--- ---
apiVersion: v1 apiVersion: v1
@@ -123,6 +121,12 @@ @@ -126,6 +124,12 @@
{{- range .Values.postUpgrade.labelNamespace.extraNamespaces }} {{- range .Values.postUpgrade.labelNamespace.extraNamespaces }}
- {{ . }} - {{ . }}
{{- end }} {{- end }}

4
packages/rancher-gatekeeper/generated-changes/patch/templates/probe-webhook-post-install.yaml.patch
View File

@ -1,6 +1,6 @@
--- charts-original/templates/probe-webhook-post-install.yaml --- charts-original/templates/probe-webhook-post-install.yaml
+++ charts/templates/probe-webhook-post-install.yaml +++ charts/templates/probe-webhook-post-install.yaml
@@ -37,12 +37,10 @@ @@ -40,12 +40,10 @@
containers: containers:
{{- include "gatekeeper.postInstallWebhookProbeContainer" . | nindent 8 }} {{- include "gatekeeper.postInstallWebhookProbeContainer" . | nindent 8 }}
{{- with .Values.postInstall }} {{- with .Values.postInstall }}
@ -13,5 +13,5 @@
- nodeSelector: - nodeSelector:
- {{- toYaml .nodeSelector | nindent 8 }} - {{- toYaml .nodeSelector | nindent 8 }}
{{- end }} {{- end }}
{{- end }} backoffLimit: 3
{{- end }} {{- end }}

9
packages/rancher-gatekeeper/generated-changes/patch/templates/upgrade-crds-hook.yaml.patch
View File

@ -1,14 +1,15 @@
--- charts-original/templates/upgrade-crds-hook.yaml --- charts-original/templates/upgrade-crds-hook.yaml
+++ charts/templates/upgrade-crds-hook.yaml +++ charts/templates/upgrade-crds-hook.yaml
@@ -87,26 +87,14 @@ @@ -87,7 +87,7 @@
spec: spec:
serviceAccountName: gatekeeper-admin-upgrade-crds serviceAccountName: gatekeeper-admin-upgrade-crds
restartPolicy: Never restartPolicy: Never
- {{- if .Values.image.pullSecrets }} - {{- if .Values.image.pullSecrets }}
+ {{- if .Values.images.pullSecrets }} + {{- if .Values.images.pullSecrets }}
imagePullSecrets: imagePullSecrets:
- {{- toYaml .Values.image.pullSecrets | nindent 8 }} {{- toYaml .Values.image.pullSecrets | nindent 8 }}
+ {{- toYaml .Values.images.pullSecrets | nindent 8 }} {{- end }}
@@ -96,20 +96,8 @@
{{- end }} {{- end }}
containers: containers:
- name: crds-upgrade - name: crds-upgrade
@ -31,7 +32,7 @@
args: args:
- apply - apply
- -f - -f
@@ -120,11 +108,9 @@ @@ -123,11 +111,9 @@
{{- end }} {{- end }}
{{- toYaml .Values.crds.securityContext | nindent 10 }} {{- toYaml .Values.crds.securityContext | nindent 10 }}
{{- with .Values.crds }} {{- with .Values.crds }}

17
packages/rancher-gatekeeper/generated-changes/patch/templates/webhook-configs-pre-delete.yaml.patch
View File

@ -1,7 +1,7 @@
--- charts-original/templates/webhook-configs-pre-delete.yaml --- charts-original/templates/webhook-configs-pre-delete.yaml
+++ charts/templates/webhook-configs-pre-delete.yaml +++ charts/templates/webhook-configs-pre-delete.yaml
@@ -35,7 +35,7 @@ @@ -38,7 +38,7 @@
serviceAccount: gatekeeper-delete-webhook-configs {{- end }}
containers: containers:
- name: kubectl-delete - name: kubectl-delete
- image: "{{ .Values.preUninstall.deleteWebhookConfigurations.image.repository }}:{{ .Values.preUninstall.deleteWebhookConfigurations.image.tag }}" - image: "{{ .Values.preUninstall.deleteWebhookConfigurations.image.repository }}:{{ .Values.preUninstall.deleteWebhookConfigurations.image.tag }}"
@ -9,18 +9,9 @@
imagePullPolicy: {{ .Values.preUninstall.deleteWebhookConfigurations.image.pullPolicy }} imagePullPolicy: {{ .Values.preUninstall.deleteWebhookConfigurations.image.pullPolicy }}
args: args:
- delete - delete
@@ -46,7 +46,7 @@ @@ -57,12 +57,16 @@
- mutatingwebhookconfiguration/{{ .Values.mutatingWebhookName }}
{{- end }} {{- end }}
resources: {{- toYaml .Values.preUninstall.securityContext | nindent 12 }}
- {{- toYaml .Values.preUninstall.resources | nindent 10 }}
+ {{- toYaml .Values.preUninstall.resources | nindent 12 }}
securityContext:
{{- if .Values.enableRuntimeDefaultSeccompProfile }}
seccompProfile:
@@ -54,12 +54,16 @@
{{- end }}
{{- toYaml .Values.preUninstall.securityContext | nindent 10 }}
{{- with .Values.preUninstall }} {{- with .Values.preUninstall }}
- nodeSelector: - nodeSelector:
- {{- toYaml .nodeSelector | nindent 8 }} - {{- toYaml .nodeSelector | nindent 8 }}

29
packages/rancher-gatekeeper/generated-changes/patch/values.yaml.patch
View File

@ -1,44 +1,44 @@
--- charts-original/values.yaml --- charts-original/values.yaml
+++ charts/values.yaml +++ charts/values.yaml
@@ -37,10 +37,13 @@ @@ -39,10 +39,13 @@
admissionEventsInvolvedNamespace: false admissionEventsInvolvedNamespace: false
auditEventsInvolvedNamespace: false auditEventsInvolvedNamespace: false
resourceQuota: true resourceQuota: true
-image: -image:
- repository: openpolicyagent/gatekeeper - repository: openpolicyagent/gatekeeper
- crdRepository: openpolicyagent/gatekeeper-crds - crdRepository: openpolicyagent/gatekeeper-crds
- release: v3.12.0 - release: v3.13.0
+images: +images:
+ gatekeeper: + gatekeeper:
+ repository: rancher/mirrored-openpolicyagent-gatekeeper + repository: rancher/mirrored-openpolicyagent-gatekeeper
+ tag: v3.12.0 + tag: v3.13.0
+ gatekeepercrd: + gatekeepercrd:
+ repository: rancher/mirrored-openpolicyagent-gatekeeper-crds + repository: rancher/mirrored-openpolicyagent-gatekeeper-crds
+ tag: v3.12.0 + tag: v3.13.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
pullSecrets: [] pullSecrets: []
preInstall: preInstall:
@@ -52,8 +55,8 @@ @@ -54,8 +57,8 @@
labelNamespace: labelNamespace:
enabled: false enabled: false
image: image:
- repository: openpolicyagent/gatekeeper-crds - repository: openpolicyagent/gatekeeper-crds
- tag: v3.12.0 - tag: v3.13.0
+ repository: rancher/kubectl + repository: rancher/kubectl
+ tag: v1.20.2 + tag: v1.20.2
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
pullSecrets: [] pullSecrets: []
extraNamespaces: [] extraNamespaces: []
@@ -82,7 +85,7 @@ @@ -85,7 +88,7 @@
enabled: true enabled: true
extraRules: [] extraRules: []
image: image:
- repository: openpolicyagent/gatekeeper-crds - repository: openpolicyagent/gatekeeper-crds
+ repository: rancher/mirrored-openpolicyagent-gatekeeper-crds + repository: rancher/mirrored-openpolicyagent-gatekeeper-crds
tag: v3.12.0 tag: v3.13.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
pullSecrets: [] pullSecrets: []
@@ -97,7 +100,7 @@ @@ -101,7 +104,7 @@
probeWebhook: probeWebhook:
enabled: true enabled: true
image: image:
@ -47,15 +47,16 @@
tag: 7.83.1 tag: 7.83.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
pullSecrets: [] pullSecrets: []
@@ -121,13 +124,13 @@ @@ -126,14 +129,14 @@
extraRules: [] extraRules: []
enabled: false enabled: false
image: image:
- repository: openpolicyagent/gatekeeper-crds - repository: openpolicyagent/gatekeeper-crds
+ repository: rancher/mirrored-openpolicyagent-gatekeeper-crds + repository: rancher/mirrored-openpolicyagent-gatekeeper-crds
tag: v3.12.0 tag: v3.13.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
pullSecrets: [] pullSecrets: []
priorityClassName: ""
affinity: {} affinity: {}
tolerations: [] tolerations: []
- nodeSelector: {kubernetes.io/os: linux} - nodeSelector: {kubernetes.io/os: linux}
@ -63,7 +64,7 @@
resources: {} resources: {}
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
@@ -171,7 +174,7 @@ @@ -179,7 +182,7 @@
weight: 100 weight: 100
topologySpreadConstraints: [] topologySpreadConstraints: []
tolerations: [] tolerations: []
@ -72,7 +73,7 @@
resources: resources:
limits: limits:
memory: 512Mi memory: 512Mi
@@ -209,7 +212,7 @@ @@ -218,7 +221,7 @@
disableCertRotation: true disableCertRotation: true
affinity: {} affinity: {}
tolerations: [] tolerations: []
@ -81,7 +82,7 @@
resources: resources:
limits: limits:
memory: 512Mi memory: 512Mi
@@ -248,10 +251,16 @@ @@ -257,10 +260,16 @@
pdb: pdb:
controllerManager: controllerManager:
minAvailable: 1 minAvailable: 1

4
packages/rancher-gatekeeper/package.yaml
View File

@ -1,5 +1,5 @@
url: https://open-policy-agent.github.io/gatekeeper/charts/gatekeeper-3.12.0.tgz url: https://open-policy-agent.github.io/gatekeeper/charts/gatekeeper-3.13.0.tgz
version: 103.0.1 version: 103.1.0
additionalCharts: additionalCharts:
- workingDir: charts-crd - workingDir: charts-crd
crdOptions: crdOptions: