Skip to content

Commit

Permalink
chore: Prepare v3.9.0-beta.2 release (#2079)
Browse files Browse the repository at this point in the history 
Co-authored-by: sozercan <[email protected]>
Co-authored-by: Sertaç Özercan <[email protected]>
  • Loading branch information
@github-actions @sozercan
3 people authored Jun 3, 2022
1 parent b390b22 commit 24aad6c
Show file tree
Hide file tree
Showing 16 changed files with 80 additions and 38 deletions.
2 changes: 1 addition & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ DEV_TAG ?= dev
USE_LOCAL_IMG ?= false
ENABLE_EXTERNAL_DATA ?= false

VERSION := v3.9.0-beta.1
VERSION := v3.9.0-beta.2

KIND_VERSION ?= 0.13.0
# note: k8s version pinned since KIND image availability lags k8s releases
Expand Down
4 changes: 2 additions & 2 deletions charts/gatekeeper/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ description: A Helm chart for Gatekeeper
name: gatekeeper
keywords:
- open policy agent
version: 3.9.0-beta.1
version: 3.9.0-beta.2
home: https://github.com/open-policy-agent/gatekeeper
sources:
- https://github.com/open-policy-agent/gatekeeper.git
appVersion: v3.9.0-beta.1
appVersion: v3.9.0-beta.2
20 changes: 10 additions & 10 deletions charts/gatekeeper/README.md
View file

Large diffs are not rendered by default.

4 changes: 4 additions & 0 deletions charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,10 @@ spec:
- --health-addr=:{{ .Values.audit.healthPort }}
- --prometheus-port={{ .Values.audit.metricsPort }}
- --enable-external-data={{ .Values.enableExternalData }}

{{- range .Values.metricsBackends}}
- --metrics-backend={{ . }}
{{- end }}
command:
- /manager
env:
Expand Down
4 changes: 4 additions & 0 deletions charts/gatekeeper/templates/gatekeeper-controller-manager-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,10 @@ spec:
- --enable-external-data={{ .Values.enableExternalData }}
- --log-mutations={{ .Values.logMutations }}
- --mutation-annotations={{ .Values.mutationAnnotations }}

{{- range .Values.metricsBackends}}
- --metrics-backend={{ . }}
{{- end }}
{{ if .Values.enableTLSHealthcheck}}- --enable-tls-healthcheck{{- end }}
{{ if not .Values.disableMutation}}- --operation=mutation-webhook{{- end }}

Expand Down
18 changes: 18 additions & 0 deletions ...templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,24 @@ webhooks:
{{- end }}
resources:
- '*'
# Explicitly list all known subresources except "status" (to avoid destabilizing the cluster and increasing load on gatekeeper).
# You can find a rough list of subresources by doing a case-sensitive search in the Kubernetes codebase for 'Subresource("'
- 'pods/ephemeralcontainers'
- 'pods/exec'
- 'pods/log'
- 'pods/eviction'
- 'pods/portforward'
- 'pods/proxy'
- 'pods/attach'
- 'pods/binding'
- 'deployments/scale'
- 'replicasets/scale'
- 'statefulsets/scale'
- 'replicationcontrollers/scale'
- 'services/proxy'
- 'nodes/proxy'
# For constraints that mitigate CVE-2020-8554
- 'services/status'
{{- end }}
sideEffects: None
timeoutSeconds: {{ .Values.validatingWebhookTimeoutSeconds }}
Expand Down
7 changes: 4 additions & 3 deletions charts/gatekeeper/values.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
replicas: 3
auditInterval: 60
metricsBackends: ["prometheus"]
auditMatchKindOnly: false
constraintViolationsLimit: 20
auditFromCache: false
Expand Down Expand Up @@ -33,7 +34,7 @@ postInstall:
enabled: true
image:
repository: openpolicyagent/gatekeeper-crds
tag: v3.9.0-beta.1
tag: v3.9.0-beta.2
pullPolicy: IfNotPresent
pullSecrets: []
extraNamespaces: []
Expand All @@ -51,7 +52,7 @@ preUninstall:
enabled: false
image:
repository: openpolicyagent/gatekeeper-crds
tag: v3.9.0-beta.1
tag: v3.9.0-beta.2
pullPolicy: IfNotPresent
pullSecrets: []
securityContext:
Expand All @@ -66,7 +67,7 @@ preUninstall:
image:
repository: openpolicyagent/gatekeeper
crdRepository: openpolicyagent/gatekeeper-crds
release: v3.9.0-beta.1
release: v3.9.0-beta.2
pullPolicy: IfNotPresent
pullSecrets: []
podAnnotations:
Expand Down
4 changes: 2 additions & 2 deletions cmd/build/helmify/static/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ description: A Helm chart for Gatekeeper
name: gatekeeper
keywords:
- open policy agent
version: 3.9.0-beta.1
version: 3.9.0-beta.2
home: https://github.com/open-policy-agent/gatekeeper
sources:
- https://github.com/open-policy-agent/gatekeeper.git
appVersion: v3.9.0-beta.1
appVersion: v3.9.0-beta.2
6 changes: 3 additions & 3 deletions cmd/build/helmify/static/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi
| :-------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------ |
| postInstall.labelNamespace.enabled | Add labels to the namespace during post install hooks | `true` |
| postInstall.labelNamespace.image.repository | Image with kubectl to label the namespace | `openpolicyagent/gatekeeper-crds` |
| postInstall.labelNamespace.image.tag | Image tag | Current release version: `v3.9.0-beta.1` |
| postInstall.labelNamespace.image.tag | Image tag | Current release version: `v3.9.0-beta.2` |
| postInstall.labelNamespace.image.pullPolicy | Image pullPolicy | `IfNotPresent` |
| postInstall.labelNamespace.image.pullSecrets | Image pullSecrets | `[]` |
| postInstall.probeWebhook.enabled | Probe webhook API post install. When enabled along with `postInstall.labelNamespace.enabled`, this probe will run as part of `postInstall.labelNamespace` Job as an initContainer | `true` |
Expand All @@ -80,7 +80,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi
| postInstall.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` |
| preUninstall.deleteWebhooks.enabled | Delete webhooks before gatekeeper itself is uninstalled | `false` |
| preUninstall.deleteWebhooks.image.repository | Image with kubectl to delete the webhooks | `openpolicyagent/gatekeeper-crds` |
| preUninstall.deleteWebhooks.image.tag | Image tag | Current release version: `v3.9.0-beta.1` |
| preUninstall.deleteWebhooks.image.tag | Image tag | Current release version: `v3.9.0-beta.2` |
| preUninstall.deleteWebhooks.image.pullPolicy | Image pullPolicy | `IfNotPresent` |
| preUninstall.deleteWebhooks.image.pullSecrets | Image pullSecrets | `[]` |
| preUninstall.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` |
Expand Down Expand Up @@ -116,7 +116,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi
| logLevel | Minimum log level | `INFO` |
| image.pullPolicy | The image pull policy | `IfNotPresent` |
| image.repository | Image repository | `openpolicyagent/gatekeeper` |
| image.release | The image release tag to use | Current release version: `v3.9.0-beta.1` |
| image.release | The image release tag to use | Current release version: `v3.9.0-beta.2` |
| image.pullSecrets | Specify an array of imagePullSecrets | `[]` |
| resources | The resource request/limits for the container image | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi |
| nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` |
Expand Down
6 changes: 3 additions & 3 deletions cmd/build/helmify/static/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ postInstall:
enabled: true
image:
repository: openpolicyagent/gatekeeper-crds
tag: v3.9.0-beta.1
tag: v3.9.0-beta.2
pullPolicy: IfNotPresent
pullSecrets: []
extraNamespaces: []
Expand Down Expand Up @@ -62,7 +62,7 @@ preUninstall:
enabled: false
image:
repository: openpolicyagent/gatekeeper-crds
tag: v3.9.0-beta.1
tag: v3.9.0-beta.2
pullPolicy: IfNotPresent
pullSecrets: []
securityContext:
Expand All @@ -77,7 +77,7 @@ preUninstall:
image:
repository: openpolicyagent/gatekeeper
crdRepository: openpolicyagent/gatekeeper-crds
release: v3.9.0-beta.1
release: v3.9.0-beta.2
pullPolicy: IfNotPresent
pullSecrets: []
podAnnotations:
Expand Down
4 changes: 2 additions & 2 deletions config/manager/manager.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ spec:
- "--operation=webhook"
- "--operation=mutation-webhook"
- "--disable-opa-builtin={http.send}"
image: openpolicyagent/gatekeeper:v3.9.0-beta.1
image: openpolicyagent/gatekeeper:v3.9.0-beta.2
imagePullPolicy: Always
name: manager
ports:
Expand Down Expand Up @@ -144,7 +144,7 @@ spec:
- --disable-opa-builtin={http.send}
command:
- /manager
image: openpolicyagent/gatekeeper:v3.9.0-beta.1
image: openpolicyagent/gatekeeper:v3.9.0-beta.2
env:
# used by Gatekeeper
- name: POD_NAMESPACE
Expand Down
19 changes: 17 additions & 2 deletions deploy/gatekeeper.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2447,7 +2447,7 @@ spec:
fieldPath: metadata.namespace
- name: CONTAINER_NAME
value: manager
image: openpolicyagent/gatekeeper:v3.9.0-beta.1
image: openpolicyagent/gatekeeper:v3.9.0-beta.2
imagePullPolicy: Always
livenessProbe:
httpGet:
Expand Down Expand Up @@ -2558,7 +2558,7 @@ spec:
fieldPath: metadata.namespace
- name: CONTAINER_NAME
value: manager
image: openpolicyagent/gatekeeper:v3.9.0-beta.1
image: openpolicyagent/gatekeeper:v3.9.0-beta.2
imagePullPolicy: Always
livenessProbe:
httpGet:
Expand Down Expand Up @@ -2692,6 +2692,21 @@ webhooks:
- UPDATE
resources:
- '*'
- pods/ephemeralcontainers
- pods/exec
- pods/log
- pods/eviction
- pods/portforward
- pods/proxy
- pods/attach
- pods/binding
- deployments/scale
- replicasets/scale
- statefulsets/scale
- replicationcontrollers/scale
- services/proxy
- nodes/proxy
- services/status
sideEffects: None
timeoutSeconds: 3
- admissionReviewVersions:
Expand Down
4 changes: 2 additions & 2 deletions manifest_staging/charts/gatekeeper/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ description: A Helm chart for Gatekeeper
name: gatekeeper
keywords:
- open policy agent
version: 3.9.0-beta.1
version: 3.9.0-beta.2
home: https://github.com/open-policy-agent/gatekeeper
sources:
- https://github.com/open-policy-agent/gatekeeper.git
appVersion: v3.9.0-beta.1
appVersion: v3.9.0-beta.2
Loading

0 comments on commit 24aad6c

Please sign in to comment.