diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/Chart.yaml packages/rancher-gatekeeper/charts/Chart.yaml --- packages/rancher-gatekeeper/charts-original/Chart.yaml +++ packages/rancher-gatekeeper/charts/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 description: A Helm chart for Gatekeeper -name: gatekeeper +name: rancher-gatekeeper keywords: - open policy agent version: v3.1.0-rc.1 @@ -8,3 +8,11 @@ sources: - https://github.com/open-policy-agent/gatekeeper.git appVersion: v3.1.0-rc.1 +icon: https://charts.rancher.io/assets/logos/gatekeeper.svg +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/experimental: true + catalog.cattle.io/namespace: cattle-gatekeeper-system + catalog.cattle.io/release-name: rancher-gatekeeper + catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match + catalog.cattle.io/provides-gvr: configs.config.gatekeeper.sh/v1alpha1 diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/README.md packages/rancher-gatekeeper/charts/README.md --- packages/rancher-gatekeeper/charts-original/README.md +++ packages/rancher-gatekeeper/charts/README.md @@ -4,7 +4,7 @@ | Parameter | Description | Default | |:--------------------------|:---------------------------------------------------------------------------------|:--------------------------------------------------------------------------| -| auditInterval | The frequency with which audit is run | `60` | +| auditInterval | The frequency with which audit is run | `300` | | constraintViolationsLimit | The maximum # of audit violations reported on a constraint | `20` | | auditFromCache | Take the roster of resources to audit from the OPA cache | `false` | | auditChunkSize | Chunk size for listing cluster resources for audit (alpha feature) | `0` | diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/crds/config-customresourcedefinition.yaml packages/rancher-gatekeeper/charts/crds/config-customresourcedefinition.yaml --- packages/rancher-gatekeeper/charts-original/crds/config-customresourcedefinition.yaml +++ packages/rancher-gatekeeper/charts/crds/config-customresourcedefinition.yaml @@ -0,0 +1,111 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + helm.sh/hook-delete-policy: before-hook-creation + creationTimestamp: null + labels: + app: '{{ .Chart.Name }}' + chart: '{{ .Chart.Name }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: configs.config.gatekeeper.sh +spec: + group: config.gatekeeper.sh + names: + kind: Config + listKind: ConfigList + plural: configs + shortNames: + - config + singular: config + scope: Namespaced + validation: + openAPIV3Schema: + description: Config is the Schema for the configs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConfigSpec defines the desired state of Config + properties: + match: + description: Configuration for namespace exclusion + items: + properties: + excludedNamespaces: + items: + type: string + type: array + processes: + items: + type: string + type: array + type: object + type: array + readiness: + description: Configuration for readiness tracker + properties: + statsEnabled: + type: boolean + type: object + sync: + description: Configuration for syncing k8s objects + properties: + syncOnly: + description: If non-empty, only entries on this list will be replicated into OPA + items: + properties: + group: + type: string + kind: + type: string + version: + type: string + type: object + type: array + type: object + validation: + description: Configuration for validation + properties: + traces: + description: List of requests to trace. Both "user" and "kinds" must be specified + items: + properties: + dump: + description: Also dump the state of OPA with the trace. Set to `All` to dump everything. + type: string + kind: + description: Only trace requests of the following GroupVersionKind + properties: + group: + type: string + kind: + type: string + version: + type: string + type: object + user: + description: Only trace requests from the specified user + type: string + type: object + type: array + type: object + type: object + status: + description: ConfigStatus defines the observed state of Config + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/crds/constraintpodstatus-customresourcedefinition.yaml packages/rancher-gatekeeper/charts/crds/constraintpodstatus-customresourcedefinition.yaml --- packages/rancher-gatekeeper/charts-original/crds/constraintpodstatus-customresourcedefinition.yaml +++ packages/rancher-gatekeeper/charts/crds/constraintpodstatus-customresourcedefinition.yaml @@ -0,0 +1,78 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + app: '{{ .Chart.Name }}' + chart: '{{ .Chart.Name }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: constraintpodstatuses.status.gatekeeper.sh +spec: + group: status.gatekeeper.sh + names: + kind: ConstraintPodStatus + listKind: ConstraintPodStatusList + plural: constraintpodstatuses + singular: constraintpodstatus + scope: Namespaced + validation: + openAPIV3Schema: + description: ConstraintPodStatus is the Schema for the constraintpodstatuses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: ConstraintPodStatusStatus defines the observed state of ConstraintPodStatus + properties: + constraintUID: + description: Storing the constraint UID allows us to detect drift, such as when a constraint has been recreated after its CRD was deleted out from under it, interrupting the watch + type: string + enforced: + type: boolean + errors: + items: + description: Error represents a single error caught while adding a constraint to OPA + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + type: string + observedGeneration: + format: int64 + type: integer + operations: + items: + type: string + type: array + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/crds/constrainttemplate-customresourcedefinition.yaml packages/rancher-gatekeeper/charts/crds/constrainttemplate-customresourcedefinition.yaml --- packages/rancher-gatekeeper/charts-original/crds/constrainttemplate-customresourcedefinition.yaml +++ packages/rancher-gatekeeper/charts/crds/constrainttemplate-customresourcedefinition.yaml @@ -0,0 +1,106 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/hook-delete-policy: before-hook-creation + creationTimestamp: null + labels: + app: '{{ .Chart.Name }}' + chart: '{{ .Chart.Name }}' + controller-tools.k8s.io: "1.0" + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: constrainttemplates.templates.gatekeeper.sh +spec: + group: templates.gatekeeper.sh + names: + kind: ConstraintTemplate + plural: constrainttemplates + shortNames: + - constraints + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + crd: + properties: + spec: + properties: + names: + properties: + kind: + type: string + shortNames: + items: + type: string + type: array + type: object + validation: + type: object + type: object + type: object + targets: + items: + properties: + libs: + items: + type: string + type: array + rego: + type: string + target: + type: string + type: object + type: array + type: object + status: + properties: + byPod: + items: + properties: + errors: + items: + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + description: a unique identifier for the pod that wrote the status + type: string + observedGeneration: + format: int64 + type: integer + type: object + type: array + created: + type: boolean + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true + - name: v1alpha1 + served: true + storage: false diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/crds/constrainttemplatepodstatus-customresourcedefinition.yaml packages/rancher-gatekeeper/charts/crds/constrainttemplatepodstatus-customresourcedefinition.yaml --- packages/rancher-gatekeeper/charts-original/crds/constrainttemplatepodstatus-customresourcedefinition.yaml +++ packages/rancher-gatekeeper/charts/crds/constrainttemplatepodstatus-customresourcedefinition.yaml @@ -0,0 +1,77 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + app: '{{ .Chart.Name }}' + chart: '{{ .Chart.Name }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: constrainttemplatepodstatuses.status.gatekeeper.sh +spec: + group: status.gatekeeper.sh + names: + kind: ConstraintTemplatePodStatus + listKind: ConstraintTemplatePodStatusList + plural: constrainttemplatepodstatuses + singular: constrainttemplatepodstatus + scope: Namespaced + validation: + openAPIV3Schema: + description: ConstraintTemplatePodStatus is the Schema for the constrainttemplatepodstatuses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: ConstraintTemplatePodStatusStatus defines the observed state of ConstraintTemplatePodStatus + properties: + errors: + items: + description: CreateCRDError represents a single error caught during parsing, compiling, etc. + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + description: 'Important: Run "make" to regenerate code after modifying this file' + type: string + observedGeneration: + format: int64 + type: integer + operations: + items: + type: string + type: array + templateUID: + description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + type: string + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/index.yaml packages/rancher-gatekeeper/charts/index.yaml --- packages/rancher-gatekeeper/charts-original/index.yaml +++ packages/rancher-gatekeeper/charts/index.yaml @@ -1,18 +0,0 @@ -apiVersion: v1 -entries: - gatekeeper: - - apiVersion: v1 - appVersion: v3.1.0-rc.1 - created: "2020-08-14T12:56:49.1898705-07:00" - description: A Helm chart for Gatekeeper - digest: 92d0b106768faa7d880fb772f7c6b2cba591ab348897db4317543241b32c7fb7 - home: https://github.com/open-policy-agent/gatekeeper - keywords: - - open policy agent - name: gatekeeper - sources: - - https://github.com/open-policy-agent/gatekeeper.git - urls: - - https://raw.githubusercontent.com/open-policy-agent/gatekeeper/v3.1.0-rc.1/charts/gatekeeper/gatekeeper-v3.1.0-rc.1.tgz - version: v3.1.0-rc.1 -generated: "2020-08-14T12:56:49.1890596-07:00" diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/_helpers.tpl packages/rancher-gatekeeper/charts/templates/_helpers.tpl --- packages/rancher-gatekeeper/charts-original/templates/_helpers.tpl +++ packages/rancher-gatekeeper/charts/templates/_helpers.tpl @@ -42,3 +42,11 @@ {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/config-customresourcedefinition.yaml packages/rancher-gatekeeper/charts/templates/config-customresourcedefinition.yaml --- packages/rancher-gatekeeper/charts-original/templates/config-customresourcedefinition.yaml +++ packages/rancher-gatekeeper/charts/templates/config-customresourcedefinition.yaml @@ -1,112 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation - creationTimestamp: null - labels: - app: '{{ template "gatekeeper.name" . }}' - chart: '{{ template "gatekeeper.name" . }}' - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - name: configs.config.gatekeeper.sh -spec: - group: config.gatekeeper.sh - names: - kind: Config - listKind: ConfigList - plural: configs - shortNames: - - config - singular: config - scope: Namespaced - validation: - openAPIV3Schema: - description: Config is the Schema for the configs API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConfigSpec defines the desired state of Config - properties: - match: - description: Configuration for namespace exclusion - items: - properties: - excludedNamespaces: - items: - type: string - type: array - processes: - items: - type: string - type: array - type: object - type: array - readiness: - description: Configuration for readiness tracker - properties: - statsEnabled: - type: boolean - type: object - sync: - description: Configuration for syncing k8s objects - properties: - syncOnly: - description: If non-empty, only entries on this list will be replicated into OPA - items: - properties: - group: - type: string - kind: - type: string - version: - type: string - type: object - type: array - type: object - validation: - description: Configuration for validation - properties: - traces: - description: List of requests to trace. Both "user" and "kinds" must be specified - items: - properties: - dump: - description: Also dump the state of OPA with the trace. Set to `All` to dump everything. - type: string - kind: - description: Only trace requests of the following GroupVersionKind - properties: - group: - type: string - kind: - type: string - version: - type: string - type: object - user: - description: Only trace requests from the specified user - type: string - type: object - type: array - type: object - type: object - status: - description: ConfigStatus defines the observed state of Config - type: object - type: object - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/constraintpodstatus-customresourcedefinition.yaml packages/rancher-gatekeeper/charts/templates/constraintpodstatus-customresourcedefinition.yaml --- packages/rancher-gatekeeper/charts-original/templates/constraintpodstatus-customresourcedefinition.yaml +++ packages/rancher-gatekeeper/charts/templates/constraintpodstatus-customresourcedefinition.yaml @@ -1,78 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - app: '{{ template "gatekeeper.name" . }}' - chart: '{{ template "gatekeeper.name" . }}' - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - name: constraintpodstatuses.status.gatekeeper.sh -spec: - group: status.gatekeeper.sh - names: - kind: ConstraintPodStatus - listKind: ConstraintPodStatusList - plural: constraintpodstatuses - singular: constraintpodstatus - scope: Namespaced - validation: - openAPIV3Schema: - description: ConstraintPodStatus is the Schema for the constraintpodstatuses API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - status: - description: ConstraintPodStatusStatus defines the observed state of ConstraintPodStatus - properties: - constraintUID: - description: Storing the constraint UID allows us to detect drift, such as when a constraint has been recreated after its CRD was deleted out from under it, interrupting the watch - type: string - enforced: - type: boolean - errors: - items: - description: Error represents a single error caught while adding a constraint to OPA - properties: - code: - type: string - location: - type: string - message: - type: string - required: - - code - - message - type: object - type: array - id: - type: string - observedGeneration: - format: int64 - type: integer - operations: - items: - type: string - type: array - type: object - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/constrainttemplate-customresourcedefinition.yaml packages/rancher-gatekeeper/charts/templates/constrainttemplate-customresourcedefinition.yaml --- packages/rancher-gatekeeper/charts-original/templates/constrainttemplate-customresourcedefinition.yaml +++ packages/rancher-gatekeeper/charts/templates/constrainttemplate-customresourcedefinition.yaml @@ -1,107 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation - creationTimestamp: null - labels: - app: '{{ template "gatekeeper.name" . }}' - chart: '{{ template "gatekeeper.name" . }}' - controller-tools.k8s.io: "1.0" - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - name: constrainttemplates.templates.gatekeeper.sh -spec: - group: templates.gatekeeper.sh - names: - kind: ConstraintTemplate - plural: constrainttemplates - shortNames: - - constraints - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - crd: - properties: - spec: - properties: - names: - properties: - kind: - type: string - shortNames: - items: - type: string - type: array - type: object - validation: - type: object - type: object - type: object - targets: - items: - properties: - libs: - items: - type: string - type: array - rego: - type: string - target: - type: string - type: object - type: array - type: object - status: - properties: - byPod: - items: - properties: - errors: - items: - properties: - code: - type: string - location: - type: string - message: - type: string - required: - - code - - message - type: object - type: array - id: - description: a unique identifier for the pod that wrote the status - type: string - observedGeneration: - format: int64 - type: integer - type: object - type: array - created: - type: boolean - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true - - name: v1alpha1 - served: true - storage: false diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/constrainttemplatepodstatus-customresourcedefinition.yaml packages/rancher-gatekeeper/charts/templates/constrainttemplatepodstatus-customresourcedefinition.yaml --- packages/rancher-gatekeeper/charts-original/templates/constrainttemplatepodstatus-customresourcedefinition.yaml +++ packages/rancher-gatekeeper/charts/templates/constrainttemplatepodstatus-customresourcedefinition.yaml @@ -1,77 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - app: '{{ template "gatekeeper.name" . }}' - chart: '{{ template "gatekeeper.name" . }}' - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - name: constrainttemplatepodstatuses.status.gatekeeper.sh -spec: - group: status.gatekeeper.sh - names: - kind: ConstraintTemplatePodStatus - listKind: ConstraintTemplatePodStatusList - plural: constrainttemplatepodstatuses - singular: constrainttemplatepodstatus - scope: Namespaced - validation: - openAPIV3Schema: - description: ConstraintTemplatePodStatus is the Schema for the constrainttemplatepodstatuses API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - status: - description: ConstraintTemplatePodStatusStatus defines the observed state of ConstraintTemplatePodStatus - properties: - errors: - items: - description: CreateCRDError represents a single error caught during parsing, compiling, etc. - properties: - code: - type: string - location: - type: string - message: - type: string - required: - - code - - message - type: object - type: array - id: - description: 'Important: Run "make" to regenerate code after modifying this file' - type: string - observedGeneration: - format: int64 - type: integer - operations: - items: - type: string - type: array - templateUID: - description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. - type: string - type: object - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/gatekeeper-admin-serviceaccount.yaml packages/rancher-gatekeeper/charts/templates/gatekeeper-admin-serviceaccount.yaml --- packages/rancher-gatekeeper/charts-original/templates/gatekeeper-admin-serviceaccount.yaml +++ packages/rancher-gatekeeper/charts/templates/gatekeeper-admin-serviceaccount.yaml @@ -8,4 +8,4 @@ heritage: '{{ .Release.Service }}' release: '{{ .Release.Name }}' name: gatekeeper-admin - namespace: gatekeeper-system + namespace: '{{ .Release.Namespace }}' diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/gatekeeper-audit-deployment.yaml packages/rancher-gatekeeper/charts/templates/gatekeeper-audit-deployment.yaml --- packages/rancher-gatekeeper/charts-original/templates/gatekeeper-audit-deployment.yaml +++ packages/rancher-gatekeeper/charts/templates/gatekeeper-audit-deployment.yaml @@ -10,7 +10,7 @@ heritage: '{{ .Release.Service }}' release: '{{ .Release.Name }}' name: gatekeeper-audit - namespace: gatekeeper-system + namespace: '{{ .Release.Namespace }}' spec: replicas: 1 selector: @@ -58,7 +58,7 @@ valueFrom: fieldRef: fieldPath: metadata.name - image: '{{ .Values.image.repository }}:{{ .Values.image.release }}' + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' imagePullPolicy: '{{ .Values.image.pullPolicy }}' livenessProbe: httpGet: diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/gatekeeper-controller-manager-deployment.yaml packages/rancher-gatekeeper/charts/templates/gatekeeper-controller-manager-deployment.yaml --- packages/rancher-gatekeeper/charts-original/templates/gatekeeper-controller-manager-deployment.yaml +++ packages/rancher-gatekeeper/charts/templates/gatekeeper-controller-manager-deployment.yaml @@ -10,7 +10,7 @@ heritage: '{{ .Release.Service }}' release: '{{ .Release.Name }}' name: gatekeeper-controller-manager - namespace: gatekeeper-system + namespace: '{{ .Release.Namespace }}' spec: replicas: {{ .Values.replicas }} selector: @@ -67,7 +67,7 @@ valueFrom: fieldRef: fieldPath: metadata.name - image: '{{ .Values.image.repository }}:{{ .Values.image.release }}' + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' imagePullPolicy: '{{ .Values.image.pullPolicy }}' livenessProbe: httpGet: diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/gatekeeper-manager-role-role.yaml packages/rancher-gatekeeper/charts/templates/gatekeeper-manager-role-role.yaml --- packages/rancher-gatekeeper/charts-original/templates/gatekeeper-manager-role-role.yaml +++ packages/rancher-gatekeeper/charts/templates/gatekeeper-manager-role-role.yaml @@ -9,7 +9,7 @@ heritage: '{{ .Release.Service }}' release: '{{ .Release.Name }}' name: gatekeeper-manager-role - namespace: gatekeeper-system + namespace: '{{ .Release.Namespace }}' rules: - apiGroups: - "" diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml packages/rancher-gatekeeper/charts/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml --- packages/rancher-gatekeeper/charts-original/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml +++ packages/rancher-gatekeeper/charts/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml @@ -15,4 +15,4 @@ subjects: - kind: ServiceAccount name: gatekeeper-admin - namespace: gatekeeper-system + namespace: '{{ .Release.Namespace }}' diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/gatekeeper-manager-rolebinding-rolebinding.yaml packages/rancher-gatekeeper/charts/templates/gatekeeper-manager-rolebinding-rolebinding.yaml --- packages/rancher-gatekeeper/charts-original/templates/gatekeeper-manager-rolebinding-rolebinding.yaml +++ packages/rancher-gatekeeper/charts/templates/gatekeeper-manager-rolebinding-rolebinding.yaml @@ -8,7 +8,7 @@ heritage: '{{ .Release.Service }}' release: '{{ .Release.Name }}' name: gatekeeper-manager-rolebinding - namespace: gatekeeper-system + namespace: '{{ .Release.Namespace }}' roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -16,4 +16,4 @@ subjects: - kind: ServiceAccount name: gatekeeper-admin - namespace: gatekeeper-system + namespace: '{{ .Release.Namespace }}' diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/gatekeeper-system-namespace.yaml packages/rancher-gatekeeper/charts/templates/gatekeeper-system-namespace.yaml --- packages/rancher-gatekeeper/charts-original/templates/gatekeeper-system-namespace.yaml +++ packages/rancher-gatekeeper/charts/templates/gatekeeper-system-namespace.yaml @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - admission.gatekeeper.sh/ignore: no-self-managing - app: '{{ template "gatekeeper.name" . }}' - chart: '{{ template "gatekeeper.name" . }}' - control-plane: controller-manager - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - name: gatekeeper-system diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml packages/rancher-gatekeeper/charts/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml --- packages/rancher-gatekeeper/charts-original/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml +++ packages/rancher-gatekeeper/charts/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml @@ -15,7 +15,7 @@ caBundle: Cg== service: name: gatekeeper-webhook-service - namespace: gatekeeper-system + namespace: '{{ .Release.Namespace }}' path: /v1/admit failurePolicy: Ignore name: validation.gatekeeper.sh @@ -39,7 +39,7 @@ caBundle: Cg== service: name: gatekeeper-webhook-service - namespace: gatekeeper-system + namespace: '{{ .Release.Namespace }}' path: /v1/admitlabel failurePolicy: Fail name: check-ignore-label.gatekeeper.sh diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/gatekeeper-webhook-server-cert-secret.yaml packages/rancher-gatekeeper/charts/templates/gatekeeper-webhook-server-cert-secret.yaml --- packages/rancher-gatekeeper/charts-original/templates/gatekeeper-webhook-server-cert-secret.yaml +++ packages/rancher-gatekeeper/charts/templates/gatekeeper-webhook-server-cert-secret.yaml @@ -8,4 +8,4 @@ heritage: '{{ .Release.Service }}' release: '{{ .Release.Name }}' name: gatekeeper-webhook-server-cert - namespace: gatekeeper-system + namespace: '{{ .Release.Namespace }}' diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/templates/gatekeeper-webhook-service-service.yaml packages/rancher-gatekeeper/charts/templates/gatekeeper-webhook-service-service.yaml --- packages/rancher-gatekeeper/charts-original/templates/gatekeeper-webhook-service-service.yaml +++ packages/rancher-gatekeeper/charts/templates/gatekeeper-webhook-service-service.yaml @@ -8,7 +8,7 @@ heritage: '{{ .Release.Service }}' release: '{{ .Release.Name }}' name: gatekeeper-webhook-service - namespace: gatekeeper-system + namespace: '{{ .Release.Namespace }}' spec: ports: - port: 443 diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-gatekeeper/charts-original/values.yaml packages/rancher-gatekeeper/charts/values.yaml --- packages/rancher-gatekeeper/charts-original/values.yaml +++ packages/rancher-gatekeeper/charts/values.yaml @@ -1,5 +1,5 @@ replicas: 3 -auditInterval: 60 +auditInterval: 300 constraintViolationsLimit: 20 auditFromCache: false disableValidatingWebhook: false @@ -8,8 +8,8 @@ emitAdmissionEvents: false emitAuditEvents: false image: - repository: openpolicyagent/gatekeeper - release: v3.1.0-rc.1 + repository: rancher/opa-gatekeeper + tag: v3.1.0-rc.1 pullPolicy: IfNotPresent nodeSelector: { kubernetes.io/os: linux } affinity: {} @@ -23,3 +23,8 @@ requests: cpu: 100m memory: 256Mi +global: + systemDefaultRegistry: "" + kubectl: + repository: rancher/istio-kubectl + tag: 1.5.8