Merge branch 'master' into dependabot/docker/golang-1.23-bookworm

cmd/build/helmify/kustomize-for-helm.yaml

@@ -79,8 +79,8 @@ spec:
             - --prometheus-port=HELMSUBST_DEPLOYMENT_CONTROLLER_MANAGER_METRICS_PORT
             - --logtostderr
             - --log-denies={{ .Values.logDenies }}
-            - --emit-admission-events={{ .Values.emitAdmissionEvents }}
-            - --log-stats-admission={{ .Values.logStatsAdmission }}
+            - HELMSUBST_DEPLOYMENT_CONTROLLER_MANAGER_EMIT_ADMISSION_EVENTS
+            - HELMSUBST_DEPLOYMENT_CONTROLLER_MANAGER_LOG_STATS_ADMISSION
             - --admission-events-involved-namespace={{ .Values.admissionEventsInvolvedNamespace }}
             - --log-level={{ (.Values.controllerManager.logLevel | empty | not) | ternary .Values.controllerManager.logLevel .Values.logLevel }}
             - --exempt-namespace={{ .Release.Namespace }}
@@ -171,14 +171,14 @@ spec:
             - --validating-webhook-configuration-name={{ .Values.validatingWebhookName }}
             - --mutating-webhook-configuration-name={{ .Values.mutatingWebhookName }}
             - --audit-from-cache={{ .Values.auditFromCache }}
-            - --audit-chunk-size={{ .Values.auditChunkSize }}
+            - HELMSUBST_DEPLOYMENT_AUDIT_CHUNK_SIZE
             - --audit-match-kind-only={{ .Values.auditMatchKindOnly }}
-            - --emit-audit-events={{ .Values.emitAuditEvents }}
-            - --log-stats-audit={{ .Values.logStatsAudit }}
+            - HELMSUBST_DEPLOYMENT_AUDIT_EMIT_EVENTS
+            - HELMSUBST_DEPLOYMENT_AUDIT_LOG_STATS_ADMISSION
             - --audit-events-involved-namespace={{ .Values.auditEventsInvolvedNamespace }}
             - --operation=audit
             - --operation=status
-            - HELMSUBST_PUBSUB_ARGS
+            - HELMSUBST_DEPLOYMENT_AUDIT_PUBSUB_ARGS
             - HELMSUBST_MUTATION_STATUS_ENABLED_ARG
             - --logtostderr
             - --health-addr=:HELMSUBST_DEPLOYMENT_AUDIT_HEALTH_PORT

cmd/build/helmify/replacements.go

@@ -19,6 +19,10 @@ var replacements = map[string]string{
 
 	"HELMSUBST_DEPLOYMENT_CONTROLLER_MANAGER_LIVENESS_TIMEOUT": `{{ .Values.controllerManager.livenessTimeout }}`,
 
+	"- HELMSUBST_DEPLOYMENT_CONTROLLER_MANAGER_EMIT_ADMISSION_EVENTS": `{{ if hasKey .Values "emitAdmissionEvents" }}- --emit-admission-events={{ .Values.emitAdmissionEvents }}{{- end }}`,
+
+	"- HELMSUBST_DEPLOYMENT_CONTROLLER_MANAGER_LOG_STATS_ADMISSION": `{{ if hasKey .Values "logStatsAdmission" }}- --log-stats-admission={{ .Values.logStatsAdmission }}{{- end }}`,
+
 	"HELMSUBST_DEPLOYMENT_AUDIT_HOST_NETWORK": `{{ .Values.audit.hostNetwork }}`,
 
 	"HELMSUBST_DEPLOYMENT_AUDIT_DNS_POLICY": `{{ .Values.audit.dnsPolicy }}`,
@@ -92,6 +96,12 @@ var replacements = map[string]string{
         {{- toYaml .Values.auditPodAnnotations | trim | nindent 8 }}
         {{- end }}`,
 
+	"- HELMSUBST_DEPLOYMENT_AUDIT_CHUNK_SIZE": `{{ if hasKey .Values "auditChunkSize" }}- --audit-chunk-size={{ .Values.auditChunkSize }}{{- end }}`,
+
+	"- HELMSUBST_DEPLOYMENT_AUDIT_EMIT_EVENTS": `{{ if hasKey .Values "emitAuditEvents" }}- --emit-audit-events={{ .Values.emitAuditEvents }}{{- end }}`,
+
+	"- HELMSUBST_DEPLOYMENT_AUDIT_LOG_STATS_ADMISSION": `{{ if hasKey .Values "logStatsAudit" }}- --log-stats-audit={{ .Values.logStatsAudit }}{{- end }}`,
+
 	"HELMSUBST_SECRET_ANNOTATIONS": `{{- toYaml .Values.secretAnnotations | trim | nindent 4 }}`,
 
 	"- HELMSUBST_TLS_HEALTHCHECK_ENABLED_ARG": `{{ if .Values.enableTLSHealthcheck}}- --enable-tls-healthcheck{{- end }}`,
@@ -102,9 +112,13 @@ var replacements = map[string]string{
 
 	"- HELMSUBST_MUTATION_STATUS_ENABLED_ARG": `{{ if not .Values.disableMutation}}- --operation=mutation-status{{- end }}`,
 
-	"- HELMSUBST_PUBSUB_ARGS": `{{ if .Values.audit.enablePubsub}}
+	"- HELMSUBST_DEPLOYMENT_AUDIT_PUBSUB_ARGS": `{{ if hasKey .Values.audit "enablePubsub" }}
         - --enable-pub-sub={{ .Values.audit.enablePubsub }}
+        {{- end }}
+        {{ if hasKey .Values.audit "connection" }}
         - --audit-connection={{ .Values.audit.connection }}
+        {{- end }}
+        {{ if hasKey .Values.audit "channel" }}
         - --audit-channel={{ .Values.audit.channel }}
         {{- end }}`,
 

cmd/build/helmify/static/values.yaml

@@ -39,10 +39,6 @@ auditChunkSize: 500
 logLevel: INFO
 logDenies: false
 logMutations: false
-logStatsAdmission: false
-logStatsAudit: false
-emitAdmissionEvents: false
-emitAuditEvents: false
 admissionEventsInvolvedNamespace: false
 auditEventsInvolvedNamespace: false
 resourceQuota: true
@@ -231,9 +227,6 @@ controllerManager:
 audit:
   serviceAccount:
     name: gatekeeper-admin
-  enablePubsub: false
-  connection: audit-connection
-  channel: audit-channel
   hostNetwork: false
   dnsPolicy: ClusterFirst
   metricsPort: 8888

docs/Release_Management.md

@@ -8,7 +8,7 @@ This document describes Gatekeeper project release management, which includes re
 
 - **X.Y.Z** refers to the version (git tag) of Gatekeeper that is released. This is the version of the Gatekeeper image and the Chart version.
 - **Breaking changes** refer to schema changes, flag changes, and behavior changes of Gatekeeper that may require a clean installation during upgrade, and it may introduce changes that could break backward compatibility.
-- **Milestone** should be designed to include feature sets to accommodate 2 months release cycles including test gates. GitHub's milestones are used by maintainers to manage each release. PRs and Issues for each release should be created as part of a corresponding milestone.
+- **Milestone** should be designed to include feature sets to accommodate 3 months release cycles including test gates. GitHub's milestones are used by maintainers to manage each release. PRs and Issues for each release should be created as part of a corresponding milestone.
 - **Patch releases** refer to applicable fixes, including security fixes, may be backported to support releases, depending on severity and feasibility.
 - **Test gates** should include soak tests and upgrade tests from the last minor version.