Skip to content

Commit

Permalink
Prepare v3.1.0-beta.10 release (#705)
Browse files Browse the repository at this point in the history
  • Loading branch information
@sozercan
sozercan authored Jun 30, 2020
1 parent 8f56e0b commit 1c99315
Show file tree
Hide file tree
Showing 28 changed files with 556 additions and 164 deletions.
2 changes: 1 addition & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ IMG := $(REPOSITORY):latest
# DEV_TAG will be replaced with short Git SHA on pre-release stage in CI
DEV_TAG ?= dev

VERSION := v3.1.0-beta.9
VERSION := v3.1.0-beta.10

USE_LOCAL_IMG ?= false
KIND_VERSION=0.7.0
Expand Down
2 changes: 0 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
# Gatekeeper

[![Build Status](https://travis-ci.org/open-policy-agent/gatekeeper.svg?branch=master)](https://travis-ci.org/open-policy-agent/gatekeeper) [![Docker Repository on Quay](https://quay.io/repository/open-policy-agent/gatekeeper/status "Docker Repository on Quay")](https://quay.io/repository/open-policy-agent/gatekeeper)

## Want to help?
Join us to help define the direction and implementation of this project!

Expand Down
4 changes: 2 additions & 2 deletions charts/gatekeeper/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ description: A Helm chart for Gatekeeper
name: gatekeeper
keywords:
- open policy agent
version: v3.1.0-beta.9
version: v3.1.0-beta.10
home: https://github.com/open-policy-agent/gatekeeper
sources:
- https://github.com/open-policy-agent/gatekeeper.git
appVersion: v3.1.0-beta.9
appVersion: v3.1.0-beta.10
33 changes: 16 additions & 17 deletions charts/gatekeeper/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,22 +2,22 @@

## Parameters

| Parameter | Description | Default |
|:--------------------------|:------------------------------------------------------------|:---------------------------------------------------------------------------|
| auditInterval | The frequency with which audit is run | `60` |
| constraintViolationsLimit | The maximum # of audit violations reported on a constraint | `20` |
| auditFromCache | Take the roster of resources to audit from the OPA cache | `false` |
| logLevel | Minimum log level | `INFO` |
| image.pullPolicy | The image pull policy | `IfNotPresent` |
| image.repository | The Docker image repository | `quay.io/open-policy-agent/gatekeeper` |
| image.release | The image release tag to use | Current release version: `v3.1.0-beta.9` |
| resources | The resource request/limits for the container image | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi |
| nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` |
| affinity | The node affinity to use for pod scheduling | `{}` |
| tolerations | The tolerations to use for pod scheduling | `[]` |
| replicas | The number of Gatekeeper replicas to deploy for the webhook | `1` |
| podAnnotations | The annotations to add to the Gatekeeper pods | `container.seccomp.security.alpha.kubernetes.io/manager: runtime/default` |

| Parameter | Description | Default |
| :------------------------ | :---------------------------------------------------------- | :------------------------------------------------------------------------ |
| auditInterval | The frequency with which audit is run | `60` |
| constraintViolationsLimit | The maximum # of audit violations reported on a constraint | `20` |
| auditFromCache | Take the roster of resources to audit from the OPA cache | `false` |
| disableValidatingWebhook | Disable ValidatingWebhook | `false` |
| logLevel | Minimum log level | `INFO` |
| image.pullPolicy | The image pull policy | `IfNotPresent` |
| image.repository | Image repository | `openpolicyagent/gatekeeper` |
| image.release | The image release tag to use | Current release version: `v3.1.0-beta.10` |
| resources | The resource request/limits for the container image | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi |
| nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` |
| affinity | The node affinity to use for pod scheduling | `{}` |
| tolerations | The tolerations to use for pod scheduling | `[]` |
| replicas | The number of Gatekeeper replicas to deploy for the webhook | `1` |
| podAnnotations | The annotations to add to the Gatekeeper pods | `container.seccomp.security.alpha.kubernetes.io/manager: runtime/default` |

## Contributing Changes

Expand All @@ -27,4 +27,3 @@ template, please edit `kustomization.yaml` and `replacements.go` under that
directory and then run `make manifests`. Your changes will show up in the
`manifest_staging` directory and will be promoted to the root `charts` directory
the next time a Gatekeeper release is cut.

Binary file added charts/gatekeeper/gatekeeper-v3.1.0-beta.10.tgz
View file
Binary file not shown.
Binary file removed charts/gatekeeper/gatekeeper-v3.1.0-beta.9.tgz
View file
Binary file not shown.
12 changes: 6 additions & 6 deletions charts/gatekeeper/index.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,17 @@ apiVersion: v1
entries:
gatekeeper:
- apiVersion: v1
appVersion: v3.1.0-beta.9
created: "2020-05-21T03:44:42.0381923-07:00"
appVersion: v3.1.0-beta.10
created: "2020-06-29T15:35:37.1773834-07:00"
description: A Helm chart for Gatekeeper
digest: 2f912727f0610dd367be79e4b8a7a5a208c56c84f71b9c0325a6ff0569aff7bc
digest: 68559bfa5c891be94297196ff0dcb6b2aa9341d9d7b060520ea4ac88cd1cbe2b
home: https://github.com/open-policy-agent/gatekeeper
keywords:
- open policy agent
name: gatekeeper
sources:
- https://github.com/open-policy-agent/gatekeeper.git
urls:
- https://raw.githubusercontent.com/open-policy-agent/gatekeeper/master/charts/gatekeeper/gatekeeper-v3.1.0-beta.9.tgz
version: v3.1.0-beta.9
generated: "2020-05-21T03:44:42.0375264-07:00"
- https://raw.githubusercontent.com/open-policy-agent/gatekeeper/master/charts/gatekeeper/gatekeeper-v3.1.0-beta.10.tgz
version: v3.1.0-beta.10
generated: "2020-06-29T15:35:37.1767564-07:00"
86 changes: 86 additions & 0 deletions charts/gatekeeper/templates/constraintpodstatus-customresourcedefinition.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.2.4
creationTimestamp: null
labels:
app: '{{ template "gatekeeper.name" . }}'
chart: '{{ template "gatekeeper.name" . }}'
gatekeeper.sh/system: "yes"
heritage: '{{ .Release.Service }}'
release: '{{ .Release.Name }}'
name: constraintpodstatuses.status.gatekeeper.sh
spec:
group: status.gatekeeper.sh
names:
kind: ConstraintPodStatus
listKind: ConstraintPodStatusList
plural: constraintpodstatuses
singular: constraintpodstatus
scope: Namespaced
validation:
openAPIV3Schema:
description: ConstraintPodStatus is the Schema for the constraintpodstatuses
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
status:
description: ConstraintPodStatusStatus defines the observed state of ConstraintPodStatus
properties:
constraintUID:
description: Storing the constraint UID allows us to detect drift, such
as when a constraint has been recreated after its CRD was deleted
out from under it, interrupting the watch
type: string
enforced:
type: boolean
errors:
items:
description: Error represents a single error caught while adding a
constraint to OPA
properties:
code:
type: string
location:
type: string
message:
type: string
required:
- code
- message
type: object
type: array
id:
type: string
observedGeneration:
format: int64
type: integer
operations:
items:
type: string
type: array
type: object
type: object
version: v1beta1
versions:
- name: v1beta1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
88 changes: 88 additions & 0 deletions charts/gatekeeper/templates/constrainttemplatepodstatus-customresourcedefinition.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.2.4
creationTimestamp: null
labels:
app: '{{ template "gatekeeper.name" . }}'
chart: '{{ template "gatekeeper.name" . }}'
gatekeeper.sh/system: "yes"
heritage: '{{ .Release.Service }}'
release: '{{ .Release.Name }}'
name: constrainttemplatepodstatuses.status.gatekeeper.sh
spec:
group: status.gatekeeper.sh
names:
kind: ConstraintTemplatePodStatus
listKind: ConstraintTemplatePodStatusList
plural: constrainttemplatepodstatuses
singular: constrainttemplatepodstatus
scope: Namespaced
validation:
openAPIV3Schema:
description: ConstraintTemplatePodStatus is the Schema for the constrainttemplatepodstatuses
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
status:
description: ConstraintTemplatePodStatusStatus defines the observed state
of ConstraintTemplatePodStatus
properties:
errors:
items:
description: CreateCRDError represents a single error caught during
parsing, compiling, etc.
properties:
code:
type: string
location:
type: string
message:
type: string
required:
- code
- message
type: object
type: array
id:
description: 'Important: Run "make" to regenerate code after modifying
this file'
type: string
observedGeneration:
format: int64
type: integer
operations:
items:
type: string
type: array
templateUID:
description: UID is a type that holds unique ID values, including UUIDs. Because
we don't ONLY use UUIDs, this is an alias to string. Being a type
captures intent and helps make sure that UIDs and names do not get
conflated.
type: string
type: object
type: object
version: v1beta1
versions:
- name: v1beta1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
1 change: 1 addition & 0 deletions charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ spec:
- --constraint-violations-limit={{ .Values.constraintViolationsLimit }}
- --audit-from-cache={{ .Values.auditFromCache }}
- --operation=audit
- --operation=status
- --logtostderr
command:
- /manager
Expand Down
27 changes: 27 additions & 0 deletions charts/gatekeeper/templates/gatekeeper-manager-role-clusterrole.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,24 @@ rules:
- patch
- update
- watch
- apiGroups:
- policy
resources:
- podsecuritypolicies
verbs:
- use
- apiGroups:
- status.gatekeeper.sh
resources:
- '*'
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- templates.gatekeeper.sh
resources:
Expand All @@ -74,6 +92,15 @@ rules:
- patch
- update
- watch
- apiGroups:
- templates.gatekeeper.sh
resources:
- constrainttemplates/finalizers
verbs:
- delete
- get
- patch
- update
- apiGroups:
- templates.gatekeeper.sh
resources:
Expand Down
2 changes: 2 additions & 0 deletions ...templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if not .Values.disableValidatingWebhook }}
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
Expand Down Expand Up @@ -56,3 +57,4 @@ webhooks:
- namespaces
sideEffects: None
timeoutSeconds: 5
{{- end }}
14 changes: 6 additions & 8 deletions charts/gatekeeper/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,19 +2,17 @@ replicas: 1
auditInterval: 60
constraintViolationsLimit: 20
auditFromCache: false
disableValidatingWebhook: false
logLevel: INFO
image:
repository: quay.io/open-policy-agent/gatekeeper
release: v3.1.0-beta.9
repository: openpolicyagent/gatekeeper
release: v3.1.0-beta.10
pullPolicy: IfNotPresent
nodeSelector: {
kubernetes.io/os: linux
}
nodeSelector: { kubernetes.io/os: linux }
affinity: {}
tolerations: []
podAnnotations: {
container.seccomp.security.alpha.kubernetes.io/manager: runtime/default
}
podAnnotations:
{ container.seccomp.security.alpha.kubernetes.io/manager: runtime/default }
resources:
limits:
cpu: 1000m
Expand Down
4 changes: 2 additions & 2 deletions cmd/build/helmify/static/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ description: A Helm chart for Gatekeeper
name: gatekeeper
keywords:
- open policy agent
version: v3.1.0-beta.9
version: v3.1.0-beta.10
home: https://github.com/open-policy-agent/gatekeeper
sources:
- https://github.com/open-policy-agent/gatekeeper.git
appVersion: v3.1.0-beta.9
appVersion: v3.1.0-beta.10
4 changes: 2 additions & 2 deletions cmd/build/helmify/static/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,8 @@
| disableValidatingWebhook | Disable ValidatingWebhook | `false` |
| logLevel | Minimum log level | `INFO` |
| image.pullPolicy | The image pull policy | `IfNotPresent` |
| image.repository | The Docker image repository | `openpolicyagent/gatekeeper` |
| image.release | The image release tag to use | Current release version: `v3.1.0-beta.9` |
| image.repository | Image repository | `openpolicyagent/gatekeeper` |
| image.release | The image release tag to use | Current release version: `v3.1.0-beta.10` |
| resources | The resource request/limits for the container image | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi |
| nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` |
| affinity | The node affinity to use for pod scheduling | `{}` |
Expand Down
2 changes: 1 addition & 1 deletion cmd/build/helmify/static/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ disableValidatingWebhook: false
logLevel: INFO
image:
repository: openpolicyagent/gatekeeper
release: v3.1.0-beta.9
release: v3.1.0-beta.10
pullPolicy: IfNotPresent
nodeSelector: { kubernetes.io/os: linux }
affinity: {}
Expand Down
2 changes: 1 addition & 1 deletion config/crd/bases/config.gatekeeper.sh_configs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.2.5
controller-gen.kubebuilder.io/version: v0.2.4
creationTimestamp: null
name: configs.config.gatekeeper.sh
spec:
Expand Down
Loading

0 comments on commit 1c99315

Please sign in to comment.