andata
/
rancher-charts
mirror of https://git.rancher.io/charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

make prepare/patch gatekeeper 3.13.0

pull/2879/head
Diogo Souza 2023-08-16 21:33:28 -03:00
parent b4b4ec834f
commit e49da0e885
13 changed files with 57 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
packages/rancher-gatekeeper/generated-changes/patch/Chart.yaml.patch
View File

@ -5,7 +5,7 @@
+ catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/display-name: OPA Gatekeeper
+ catalog.cattle.io/kube-version: '>= 1.20.0-0 < 1.28.0-0'
+ catalog.cattle.io/kube-version: '>= 1.20.0-0'
+ catalog.cattle.io/namespace: cattle-gatekeeper-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/permits-os: linux,windows
@ -15,7 +15,7 @@
+ catalog.cattle.io/type: cluster-tool
+ catalog.cattle.io/ui-component: gatekeeper
apiVersion: v2
appVersion: v3.12.0
appVersion: v3.13.0
-description: A Helm chart for Gatekeeper
+description: Modifies Open Policy Agent's upstream gatekeeper chart that provides
+ policy-based control for cloud native environments
@ -29,4 +29,4 @@
+name: rancher-gatekeeper
sources:
- https://github.com/open-policy-agent/gatekeeper.git
version: 3.12.0
version: 3.13.0

2
packages/rancher-gatekeeper/generated-changes/patch/README.md.patch
View File

@ -1,6 +1,6 @@
--- charts-original/README.md
+++ charts/README.md
@@ -118,7 +118,7 @@
@@ -129,7 +129,7 @@
| crds.nodeSelector | The node selector to use for pod scheduling in crds hook jobs | `kubernetes.io/os: linux` |
| crds.resources | The resource request/limits for the container image in crds hook jobs | `{}` |
| crds.securityContext | Security context applied to the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 65532, "runAsNonRoot": true, "runAsUser": 65532 }` |

2
packages/rancher-gatekeeper/generated-changes/patch/templates/_helpers.tpl.patch
View File

@ -37,7 +37,7 @@
imagePullPolicy: {{ .Values.postInstall.probeWebhook.image.pullPolicy }}
command:
- "curl"
@@ -69,10 +92,10 @@
@@ -70,10 +93,10 @@
resources:
{{- toYaml .Values.postInstall.resources | nindent 4 }}
securityContext:

8
packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-audit-deployment.yaml.patch
View File

@ -1,6 +1,6 @@
--- charts-original/templates/gatekeeper-audit-deployment.yaml
+++ charts/templates/gatekeeper-audit-deployment.yaml
@@ -42,11 +42,7 @@
@@ -45,11 +45,7 @@
{{- toYaml .Values.audit.affinity | nindent 8 }}
automountServiceAccountToken: true
containers:
@ -13,7 +13,7 @@
args:
- --audit-interval={{ .Values.auditInterval }}
- --log-level={{ (.Values.audit.logLevel | empty | not) | ternary .Values.audit.logLevel .Values.logLevel }}
@@ -94,7 +90,7 @@
@@ -102,7 +98,7 @@
fieldPath: metadata.namespace
- name: CONTAINER_NAME
value: manager
@ -22,7 +22,7 @@
livenessProbe:
httpGet:
path: /healthz
@@ -130,9 +126,11 @@
@@ -138,9 +134,11 @@
dnsPolicy: {{ .Values.audit.dnsPolicy }}
hostNetwork: {{ .Values.audit.hostNetwork }}
imagePullSecrets:
@ -37,7 +37,7 @@
{{- if .Values.audit.priorityClassName }}
priorityClassName: {{ .Values.audit.priorityClassName }}
{{- end }}
@@ -140,8 +138,10 @@
@@ -148,8 +146,10 @@
{{- toYaml .Values.audit.podSecurityContext | nindent 8 }}
serviceAccountName: gatekeeper-admin
terminationGracePeriodSeconds: 60

8
packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-controller-manager-deployment.yaml.patch
View File

@ -1,6 +1,6 @@
--- charts-original/templates/gatekeeper-controller-manager-deployment.yaml
+++ charts/templates/gatekeeper-controller-manager-deployment.yaml
@@ -42,11 +42,8 @@
@@ -44,11 +44,8 @@
{{- toYaml .Values.controllerManager.affinity | nindent 8 }}
automountServiceAccountToken: true
containers:
@ -14,7 +14,7 @@
args:
- --port={{ .Values.controllerManager.port }}
- --health-addr=:{{ .Values.controllerManager.healthPort }}
@@ -111,7 +108,6 @@
@@ -113,7 +110,6 @@
fieldPath: metadata.namespace
- name: CONTAINER_NAME
value: manager
@ -22,7 +22,7 @@
livenessProbe:
httpGet:
path: /healthz
@@ -148,9 +144,11 @@
@@ -150,9 +146,11 @@
dnsPolicy: {{ .Values.controllerManager.dnsPolicy }}
hostNetwork: {{ .Values.controllerManager.hostNetwork }}
imagePullSecrets:
@ -37,7 +37,7 @@
{{- if .Values.controllerManager.priorityClassName }}
priorityClassName: {{ .Values.controllerManager.priorityClassName }}
{{- end }}
@@ -158,8 +156,10 @@
@@ -160,8 +158,10 @@
{{- toYaml .Values.controllerManager.podSecurityContext | nindent 8 }}
serviceAccountName: gatekeeper-admin
terminationGracePeriodSeconds: 60

2
packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-manager-role-clusterrole.yaml.patch
View File

@ -1,6 +1,6 @@
--- charts-original/templates/gatekeeper-manager-role-clusterrole.yaml
+++ charts/templates/gatekeeper-manager-role-clusterrole.yaml
@@ -106,7 +106,7 @@
@@ -118,7 +118,7 @@
- patch
- update
- watch

6
packages/rancher-gatekeeper/generated-changes/patch/templates/namespace-post-install.yaml.patch
View File

@ -1,6 +1,6 @@
--- charts-original/templates/namespace-post-install.yaml
+++ charts/templates/namespace-post-install.yaml
@@ -44,7 +44,7 @@
@@ -47,7 +47,7 @@
{{- end }}
containers:
- name: kubectl-label
@ -9,7 +9,7 @@
imagePullPolicy: {{ .Values.postInstall.labelNamespace.image.pullPolicy }}
args:
- label
@@ -85,12 +85,10 @@
@@ -88,12 +88,10 @@
{{- toYaml .Values.postInstall.securityContext | nindent 12 }}
{{- end }}
{{- with .Values.postInstall }}
@ -24,7 +24,7 @@
{{- end }}
---
apiVersion: v1
@@ -132,6 +130,12 @@
@@ -135,6 +133,12 @@
{{- range .Values.postInstall.labelNamespace.extraNamespaces }}
- {{ . }}
{{- end }}

8
packages/rancher-gatekeeper/generated-changes/patch/templates/namespace-post-upgrade.yaml.patch
View File

@ -1,7 +1,7 @@
--- charts-original/templates/namespace-post-upgrade.yaml
+++ charts/templates/namespace-post-upgrade.yaml
@@ -36,7 +36,7 @@
serviceAccount: gatekeeper-update-namespace-label-post-upgrade
@@ -39,7 +39,7 @@
{{- end }}
containers:
- name: kubectl-label
- image: "{{ .Values.postUpgrade.labelNamespace.image.repository }}:{{ .Values.postUpgrade.labelNamespace.image.tag }}"
@ -9,7 +9,7 @@
imagePullPolicy: {{ .Values.postUpgrade.labelNamespace.image.pullPolicy }}
args:
- label
@@ -77,12 +77,10 @@
@@ -80,12 +80,10 @@
{{- toYaml .Values.postUpgrade.securityContext | nindent 12 }}
{{- end }}
{{- with .Values.postUpgrade }}
@ -24,7 +24,7 @@
{{- end }}
---
apiVersion: v1
@@ -123,6 +121,12 @@
@@ -126,6 +124,12 @@
{{- range .Values.postUpgrade.labelNamespace.extraNamespaces }}
- {{ . }}
{{- end }}

4
packages/rancher-gatekeeper/generated-changes/patch/templates/probe-webhook-post-install.yaml.patch
View File

@ -1,6 +1,6 @@
--- charts-original/templates/probe-webhook-post-install.yaml
+++ charts/templates/probe-webhook-post-install.yaml
@@ -37,12 +37,10 @@
@@ -40,12 +40,10 @@
containers:
{{- include "gatekeeper.postInstallWebhookProbeContainer" . | nindent 8 }}
{{- with .Values.postInstall }}
@ -13,5 +13,5 @@
- nodeSelector:
- {{- toYaml .nodeSelector | nindent 8 }}
{{- end }}
{{- end }}
backoffLimit: 3
{{- end }}

9
packages/rancher-gatekeeper/generated-changes/patch/templates/upgrade-crds-hook.yaml.patch
View File

@ -1,14 +1,15 @@
--- charts-original/templates/upgrade-crds-hook.yaml
+++ charts/templates/upgrade-crds-hook.yaml
@@ -87,26 +87,14 @@
@@ -87,7 +87,7 @@
spec:
serviceAccountName: gatekeeper-admin-upgrade-crds
restartPolicy: Never
- {{- if .Values.image.pullSecrets }}
+ {{- if .Values.images.pullSecrets }}
imagePullSecrets:
- {{- toYaml .Values.image.pullSecrets | nindent 8 }}
+ {{- toYaml .Values.images.pullSecrets | nindent 8 }}
{{- toYaml .Values.image.pullSecrets | nindent 8 }}
{{- end }}
@@ -96,20 +96,8 @@
{{- end }}
containers:
- name: crds-upgrade
@ -31,7 +32,7 @@
args:
- apply
- -f
@@ -120,11 +108,9 @@
@@ -123,11 +111,9 @@
{{- end }}
{{- toYaml .Values.crds.securityContext | nindent 10 }}
{{- with .Values.crds }}

17
packages/rancher-gatekeeper/generated-changes/patch/templates/webhook-configs-pre-delete.yaml.patch
View File

@ -1,7 +1,7 @@
--- charts-original/templates/webhook-configs-pre-delete.yaml
+++ charts/templates/webhook-configs-pre-delete.yaml
@@ -35,7 +35,7 @@
serviceAccount: gatekeeper-delete-webhook-configs
@@ -38,7 +38,7 @@
{{- end }}
containers:
- name: kubectl-delete
- image: "{{ .Values.preUninstall.deleteWebhookConfigurations.image.repository }}:{{ .Values.preUninstall.deleteWebhookConfigurations.image.tag }}"
@ -9,18 +9,9 @@
imagePullPolicy: {{ .Values.preUninstall.deleteWebhookConfigurations.image.pullPolicy }}
args:
- delete
@@ -46,7 +46,7 @@
- mutatingwebhookconfiguration/{{ .Values.mutatingWebhookName }}
@@ -57,12 +57,16 @@
{{- end }}
resources:
- {{- toYaml .Values.preUninstall.resources | nindent 10 }}
+ {{- toYaml .Values.preUninstall.resources | nindent 12 }}
securityContext:
{{- if .Values.enableRuntimeDefaultSeccompProfile }}
seccompProfile:
@@ -54,12 +54,16 @@
{{- end }}
{{- toYaml .Values.preUninstall.securityContext | nindent 10 }}
{{- toYaml .Values.preUninstall.securityContext | nindent 12 }}
{{- with .Values.preUninstall }}
- nodeSelector:
- {{- toYaml .nodeSelector | nindent 8 }}

29
packages/rancher-gatekeeper/generated-changes/patch/values.yaml.patch
View File

@ -1,44 +1,44 @@
--- charts-original/values.yaml
+++ charts/values.yaml
@@ -37,10 +37,13 @@
@@ -39,10 +39,13 @@
admissionEventsInvolvedNamespace: false
auditEventsInvolvedNamespace: false
resourceQuota: true
-image:
- repository: openpolicyagent/gatekeeper
- crdRepository: openpolicyagent/gatekeeper-crds
- release: v3.12.0
- release: v3.13.0
+images:
+ gatekeeper:
+ repository: rancher/mirrored-openpolicyagent-gatekeeper
+ tag: v3.12.0
+ tag: v3.13.0
+ gatekeepercrd:
+ repository: rancher/mirrored-openpolicyagent-gatekeeper-crds
+ tag: v3.12.0
+ tag: v3.13.0
pullPolicy: IfNotPresent
pullSecrets: []
preInstall:
@@ -52,8 +55,8 @@
@@ -54,8 +57,8 @@
labelNamespace:
enabled: false
image:
- repository: openpolicyagent/gatekeeper-crds
- tag: v3.12.0
- tag: v3.13.0
+ repository: rancher/kubectl
+ tag: v1.20.2
pullPolicy: IfNotPresent
pullSecrets: []
extraNamespaces: []
@@ -82,7 +85,7 @@
@@ -85,7 +88,7 @@
enabled: true
extraRules: []
image:
- repository: openpolicyagent/gatekeeper-crds
+ repository: rancher/mirrored-openpolicyagent-gatekeeper-crds
tag: v3.12.0
tag: v3.13.0
pullPolicy: IfNotPresent
pullSecrets: []
@@ -97,7 +100,7 @@
@@ -101,7 +104,7 @@
probeWebhook:
enabled: true
image:
@ -47,15 +47,16 @@
tag: 7.83.1
pullPolicy: IfNotPresent
pullSecrets: []
@@ -121,13 +124,13 @@
@@ -126,14 +129,14 @@
extraRules: []
enabled: false
image:
- repository: openpolicyagent/gatekeeper-crds
+ repository: rancher/mirrored-openpolicyagent-gatekeeper-crds
tag: v3.12.0
tag: v3.13.0
pullPolicy: IfNotPresent
pullSecrets: []
priorityClassName: ""
affinity: {}
tolerations: []
- nodeSelector: {kubernetes.io/os: linux}
@ -63,7 +64,7 @@
resources: {}
securityContext:
allowPrivilegeEscalation: false
@@ -171,7 +174,7 @@
@@ -179,7 +182,7 @@
weight: 100
topologySpreadConstraints: []
tolerations: []
@ -72,7 +73,7 @@
resources:
limits:
memory: 512Mi
@@ -209,7 +212,7 @@
@@ -218,7 +221,7 @@
disableCertRotation: true
affinity: {}
tolerations: []
@ -81,7 +82,7 @@
resources:
limits:
memory: 512Mi
@@ -248,10 +251,16 @@
@@ -257,10 +260,16 @@
pdb:
controllerManager:
minAvailable: 1

4
packages/rancher-gatekeeper/package.yaml
View File

@ -1,5 +1,5 @@
url: https://open-policy-agent.github.io/gatekeeper/charts/gatekeeper-3.12.0.tgz
version: 103.0.1
url: https://open-policy-agent.github.io/gatekeeper/charts/gatekeeper-3.13.0.tgz
version: 103.1.0
additionalCharts:
- workingDir: charts-crd
crdOptions: