diff --git a/Makefile b/Makefile index d62f4f61b63..e14215596d1 100644 --- a/Makefile +++ b/Makefile @@ -10,7 +10,7 @@ DEV_TAG ?= dev USE_LOCAL_IMG ?= false ENABLE_EXTERNAL_DATA ?= false -VERSION := v3.9.0 +VERSION := v3.9.1 KIND_VERSION ?= 0.13.0 # note: k8s version pinned since KIND image availability lags k8s releases diff --git a/charts/gatekeeper/Chart.yaml b/charts/gatekeeper/Chart.yaml index 663978399c7..2e2aa975da5 100644 --- a/charts/gatekeeper/Chart.yaml +++ b/charts/gatekeeper/Chart.yaml @@ -3,8 +3,8 @@ description: A Helm chart for Gatekeeper name: gatekeeper keywords: - open policy agent -version: 3.9.0 +version: 3.9.1 home: https://github.com/open-policy-agent/gatekeeper sources: - https://github.com/open-policy-agent/gatekeeper.git -appVersion: v3.9.0 +appVersion: v3.9.1 diff --git a/charts/gatekeeper/README.md b/charts/gatekeeper/README.md index 8a32a029331..dfa8a96496a 100644 --- a/charts/gatekeeper/README.md +++ b/charts/gatekeeper/README.md @@ -67,7 +67,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | postInstall.labelNamespace.enabled | Add labels to the namespace during post install hooks | `true` | | postInstall.labelNamespace.extraNamespaces | The extra namespaces that need to have the label during post upgrade hooks | `[]` | | postInstall.labelNamespace.image.repository | Image with kubectl to label the namespace | `openpolicyagent/gatekeeper-crds` | -| postInstall.labelNamespace.image.tag | Image tag | Current release version: `v3.9.0` | +| postInstall.labelNamespace.image.tag | Image tag | Current release version: `v3.9.1` | | postInstall.labelNamespace.image.pullPolicy | Image pullPolicy | `IfNotPresent` | | postInstall.labelNamespace.image.pullSecrets | Image pullSecrets | `[]` | | postInstall.labelNamespace.extraRules | Extra rules for the gatekeeper-update-namespace-label Role | `[]` | @@ -83,13 +83,13 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | postUpgrade.labelNamespace.enabled | Add labels to the namespace during post upgrade hooks | `false` | | postUpgrade.labelNamespace.extraNamespaces | The extra namespaces that need to have the label during post upgrade hooks | `[]` | | postUpgrade.labelNamespace.image.repository | Image with kubectl to label the namespace | `openpolicyagent/gatekeeper-crds` | -| postUpgrade.labelNamespace.image.tag | Image tag | Current release version: `v3.9.0` | +| postUpgrade.labelNamespace.image.tag | Image tag | Current release version: `v3.9.1` | | postUpgrade.labelNamespace.image.pullPolicy | Image pullPolicy | `IfNotPresent` | | postUpgrade.labelNamespace.image.pullSecrets | Image pullSecrets | `[]` | postUpgrade.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` | | preUninstall.deleteWebhooks.enabled | Delete webhooks before gatekeeper itself is uninstalled | `false` | | preUninstall.deleteWebhooks.image.repository | Image with kubectl to delete the webhooks | `openpolicyagent/gatekeeper-crds` | -| preUninstall.deleteWebhooks.image.tag | Image tag | Current release version: `v3.9.0` | +| preUninstall.deleteWebhooks.image.tag | Image tag | Current release version: `v3.9.1` | | preUninstall.deleteWebhooks.image.pullPolicy | Image pullPolicy | `IfNotPresent` | | preUninstall.deleteWebhooks.image.pullSecrets | Image pullSecrets | `[]` | | preUninstall.deleteWebhooks.extraRules | Extra rules for the gatekeeper-delete-webhook-configs Role | `[]` | @@ -127,7 +127,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | logLevel | Minimum log level | `INFO` | | image.pullPolicy | The image pull policy | `IfNotPresent` | | image.repository | Image repository | `openpolicyagent/gatekeeper` | -| image.release | The image release tag to use | Current release version: `v3.9.0` | +| image.release | The image release tag to use | Current release version: `v3.9.1` | | image.pullSecrets | Specify an array of imagePullSecrets | `[]` | | resources | The resource request/limits for the container image | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi | | nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` | diff --git a/charts/gatekeeper/values.yaml b/charts/gatekeeper/values.yaml index 77dc4846b46..07ef210e2ed 100644 --- a/charts/gatekeeper/values.yaml +++ b/charts/gatekeeper/values.yaml @@ -34,7 +34,7 @@ postUpgrade: enabled: false image: repository: openpolicyagent/gatekeeper-crds - tag: v3.9.0 + tag: v3.9.1 pullPolicy: IfNotPresent pullSecrets: [] extraNamespaces: [] @@ -53,7 +53,7 @@ postInstall: enabled: true image: repository: openpolicyagent/gatekeeper-crds - tag: v3.9.0 + tag: v3.9.1 pullPolicy: IfNotPresent pullSecrets: [] extraNamespaces: [] @@ -82,7 +82,7 @@ preUninstall: enabled: false image: repository: openpolicyagent/gatekeeper-crds - tag: v3.9.0 + tag: v3.9.1 pullPolicy: IfNotPresent pullSecrets: [] securityContext: @@ -97,7 +97,7 @@ preUninstall: image: repository: openpolicyagent/gatekeeper crdRepository: openpolicyagent/gatekeeper-crds - release: v3.9.0 + release: v3.9.1 pullPolicy: IfNotPresent pullSecrets: [] podAnnotations: {} diff --git a/cmd/build/helmify/static/Chart.yaml b/cmd/build/helmify/static/Chart.yaml index 663978399c7..2e2aa975da5 100644 --- a/cmd/build/helmify/static/Chart.yaml +++ b/cmd/build/helmify/static/Chart.yaml @@ -3,8 +3,8 @@ description: A Helm chart for Gatekeeper name: gatekeeper keywords: - open policy agent -version: 3.9.0 +version: 3.9.1 home: https://github.com/open-policy-agent/gatekeeper sources: - https://github.com/open-policy-agent/gatekeeper.git -appVersion: v3.9.0 +appVersion: v3.9.1 diff --git a/cmd/build/helmify/static/README.md b/cmd/build/helmify/static/README.md index 8a32a029331..dfa8a96496a 100644 --- a/cmd/build/helmify/static/README.md +++ b/cmd/build/helmify/static/README.md @@ -67,7 +67,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | postInstall.labelNamespace.enabled | Add labels to the namespace during post install hooks | `true` | | postInstall.labelNamespace.extraNamespaces | The extra namespaces that need to have the label during post upgrade hooks | `[]` | | postInstall.labelNamespace.image.repository | Image with kubectl to label the namespace | `openpolicyagent/gatekeeper-crds` | -| postInstall.labelNamespace.image.tag | Image tag | Current release version: `v3.9.0` | +| postInstall.labelNamespace.image.tag | Image tag | Current release version: `v3.9.1` | | postInstall.labelNamespace.image.pullPolicy | Image pullPolicy | `IfNotPresent` | | postInstall.labelNamespace.image.pullSecrets | Image pullSecrets | `[]` | | postInstall.labelNamespace.extraRules | Extra rules for the gatekeeper-update-namespace-label Role | `[]` | @@ -83,13 +83,13 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | postUpgrade.labelNamespace.enabled | Add labels to the namespace during post upgrade hooks | `false` | | postUpgrade.labelNamespace.extraNamespaces | The extra namespaces that need to have the label during post upgrade hooks | `[]` | | postUpgrade.labelNamespace.image.repository | Image with kubectl to label the namespace | `openpolicyagent/gatekeeper-crds` | -| postUpgrade.labelNamespace.image.tag | Image tag | Current release version: `v3.9.0` | +| postUpgrade.labelNamespace.image.tag | Image tag | Current release version: `v3.9.1` | | postUpgrade.labelNamespace.image.pullPolicy | Image pullPolicy | `IfNotPresent` | | postUpgrade.labelNamespace.image.pullSecrets | Image pullSecrets | `[]` | postUpgrade.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` | | preUninstall.deleteWebhooks.enabled | Delete webhooks before gatekeeper itself is uninstalled | `false` | | preUninstall.deleteWebhooks.image.repository | Image with kubectl to delete the webhooks | `openpolicyagent/gatekeeper-crds` | -| preUninstall.deleteWebhooks.image.tag | Image tag | Current release version: `v3.9.0` | +| preUninstall.deleteWebhooks.image.tag | Image tag | Current release version: `v3.9.1` | | preUninstall.deleteWebhooks.image.pullPolicy | Image pullPolicy | `IfNotPresent` | | preUninstall.deleteWebhooks.image.pullSecrets | Image pullSecrets | `[]` | | preUninstall.deleteWebhooks.extraRules | Extra rules for the gatekeeper-delete-webhook-configs Role | `[]` | @@ -127,7 +127,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | logLevel | Minimum log level | `INFO` | | image.pullPolicy | The image pull policy | `IfNotPresent` | | image.repository | Image repository | `openpolicyagent/gatekeeper` | -| image.release | The image release tag to use | Current release version: `v3.9.0` | +| image.release | The image release tag to use | Current release version: `v3.9.1` | | image.pullSecrets | Specify an array of imagePullSecrets | `[]` | | resources | The resource request/limits for the container image | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi | | nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` | diff --git a/cmd/build/helmify/static/values.yaml b/cmd/build/helmify/static/values.yaml index 77dc4846b46..07ef210e2ed 100644 --- a/cmd/build/helmify/static/values.yaml +++ b/cmd/build/helmify/static/values.yaml @@ -34,7 +34,7 @@ postUpgrade: enabled: false image: repository: openpolicyagent/gatekeeper-crds - tag: v3.9.0 + tag: v3.9.1 pullPolicy: IfNotPresent pullSecrets: [] extraNamespaces: [] @@ -53,7 +53,7 @@ postInstall: enabled: true image: repository: openpolicyagent/gatekeeper-crds - tag: v3.9.0 + tag: v3.9.1 pullPolicy: IfNotPresent pullSecrets: [] extraNamespaces: [] @@ -82,7 +82,7 @@ preUninstall: enabled: false image: repository: openpolicyagent/gatekeeper-crds - tag: v3.9.0 + tag: v3.9.1 pullPolicy: IfNotPresent pullSecrets: [] securityContext: @@ -97,7 +97,7 @@ preUninstall: image: repository: openpolicyagent/gatekeeper crdRepository: openpolicyagent/gatekeeper-crds - release: v3.9.0 + release: v3.9.1 pullPolicy: IfNotPresent pullSecrets: [] podAnnotations: {} diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index d65f638aadf..3c7423b809b 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -52,7 +52,7 @@ spec: - "--operation=webhook" - "--operation=mutation-webhook" - "--disable-opa-builtin={http.send}" - image: openpolicyagent/gatekeeper:v3.9.0 + image: openpolicyagent/gatekeeper:v3.9.1 imagePullPolicy: Always name: manager ports: @@ -145,7 +145,7 @@ spec: - --disable-cert-rotation command: - /manager - image: openpolicyagent/gatekeeper:v3.9.0 + image: openpolicyagent/gatekeeper:v3.9.1 env: # used by Gatekeeper - name: POD_NAMESPACE diff --git a/deploy/gatekeeper.yaml b/deploy/gatekeeper.yaml index d0826e85f55..d73207a9117 100644 --- a/deploy/gatekeeper.yaml +++ b/deploy/gatekeeper.yaml @@ -2454,7 +2454,7 @@ spec: fieldPath: metadata.namespace - name: CONTAINER_NAME value: manager - image: openpolicyagent/gatekeeper:v3.9.0 + image: openpolicyagent/gatekeeper:v3.9.1 imagePullPolicy: Always livenessProbe: httpGet: @@ -2572,7 +2572,7 @@ spec: fieldPath: metadata.namespace - name: CONTAINER_NAME value: manager - image: openpolicyagent/gatekeeper:v3.9.0 + image: openpolicyagent/gatekeeper:v3.9.1 imagePullPolicy: Always livenessProbe: httpGet: diff --git a/manifest_staging/charts/gatekeeper/Chart.yaml b/manifest_staging/charts/gatekeeper/Chart.yaml index 663978399c7..2e2aa975da5 100644 --- a/manifest_staging/charts/gatekeeper/Chart.yaml +++ b/manifest_staging/charts/gatekeeper/Chart.yaml @@ -3,8 +3,8 @@ description: A Helm chart for Gatekeeper name: gatekeeper keywords: - open policy agent -version: 3.9.0 +version: 3.9.1 home: https://github.com/open-policy-agent/gatekeeper sources: - https://github.com/open-policy-agent/gatekeeper.git -appVersion: v3.9.0 +appVersion: v3.9.1 diff --git a/manifest_staging/charts/gatekeeper/README.md b/manifest_staging/charts/gatekeeper/README.md index 8a32a029331..dfa8a96496a 100644 --- a/manifest_staging/charts/gatekeeper/README.md +++ b/manifest_staging/charts/gatekeeper/README.md @@ -67,7 +67,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | postInstall.labelNamespace.enabled | Add labels to the namespace during post install hooks | `true` | | postInstall.labelNamespace.extraNamespaces | The extra namespaces that need to have the label during post upgrade hooks | `[]` | | postInstall.labelNamespace.image.repository | Image with kubectl to label the namespace | `openpolicyagent/gatekeeper-crds` | -| postInstall.labelNamespace.image.tag | Image tag | Current release version: `v3.9.0` | +| postInstall.labelNamespace.image.tag | Image tag | Current release version: `v3.9.1` | | postInstall.labelNamespace.image.pullPolicy | Image pullPolicy | `IfNotPresent` | | postInstall.labelNamespace.image.pullSecrets | Image pullSecrets | `[]` | | postInstall.labelNamespace.extraRules | Extra rules for the gatekeeper-update-namespace-label Role | `[]` | @@ -83,13 +83,13 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | postUpgrade.labelNamespace.enabled | Add labels to the namespace during post upgrade hooks | `false` | | postUpgrade.labelNamespace.extraNamespaces | The extra namespaces that need to have the label during post upgrade hooks | `[]` | | postUpgrade.labelNamespace.image.repository | Image with kubectl to label the namespace | `openpolicyagent/gatekeeper-crds` | -| postUpgrade.labelNamespace.image.tag | Image tag | Current release version: `v3.9.0` | +| postUpgrade.labelNamespace.image.tag | Image tag | Current release version: `v3.9.1` | | postUpgrade.labelNamespace.image.pullPolicy | Image pullPolicy | `IfNotPresent` | | postUpgrade.labelNamespace.image.pullSecrets | Image pullSecrets | `[]` | postUpgrade.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` | | preUninstall.deleteWebhooks.enabled | Delete webhooks before gatekeeper itself is uninstalled | `false` | | preUninstall.deleteWebhooks.image.repository | Image with kubectl to delete the webhooks | `openpolicyagent/gatekeeper-crds` | -| preUninstall.deleteWebhooks.image.tag | Image tag | Current release version: `v3.9.0` | +| preUninstall.deleteWebhooks.image.tag | Image tag | Current release version: `v3.9.1` | | preUninstall.deleteWebhooks.image.pullPolicy | Image pullPolicy | `IfNotPresent` | | preUninstall.deleteWebhooks.image.pullSecrets | Image pullSecrets | `[]` | | preUninstall.deleteWebhooks.extraRules | Extra rules for the gatekeeper-delete-webhook-configs Role | `[]` | @@ -127,7 +127,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | logLevel | Minimum log level | `INFO` | | image.pullPolicy | The image pull policy | `IfNotPresent` | | image.repository | Image repository | `openpolicyagent/gatekeeper` | -| image.release | The image release tag to use | Current release version: `v3.9.0` | +| image.release | The image release tag to use | Current release version: `v3.9.1` | | image.pullSecrets | Specify an array of imagePullSecrets | `[]` | | resources | The resource request/limits for the container image | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi | | nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` | diff --git a/manifest_staging/charts/gatekeeper/values.yaml b/manifest_staging/charts/gatekeeper/values.yaml index 77dc4846b46..07ef210e2ed 100644 --- a/manifest_staging/charts/gatekeeper/values.yaml +++ b/manifest_staging/charts/gatekeeper/values.yaml @@ -34,7 +34,7 @@ postUpgrade: enabled: false image: repository: openpolicyagent/gatekeeper-crds - tag: v3.9.0 + tag: v3.9.1 pullPolicy: IfNotPresent pullSecrets: [] extraNamespaces: [] @@ -53,7 +53,7 @@ postInstall: enabled: true image: repository: openpolicyagent/gatekeeper-crds - tag: v3.9.0 + tag: v3.9.1 pullPolicy: IfNotPresent pullSecrets: [] extraNamespaces: [] @@ -82,7 +82,7 @@ preUninstall: enabled: false image: repository: openpolicyagent/gatekeeper-crds - tag: v3.9.0 + tag: v3.9.1 pullPolicy: IfNotPresent pullSecrets: [] securityContext: @@ -97,7 +97,7 @@ preUninstall: image: repository: openpolicyagent/gatekeeper crdRepository: openpolicyagent/gatekeeper-crds - release: v3.9.0 + release: v3.9.1 pullPolicy: IfNotPresent pullSecrets: [] podAnnotations: {} diff --git a/manifest_staging/deploy/gatekeeper.yaml b/manifest_staging/deploy/gatekeeper.yaml index d0826e85f55..d73207a9117 100644 --- a/manifest_staging/deploy/gatekeeper.yaml +++ b/manifest_staging/deploy/gatekeeper.yaml @@ -2454,7 +2454,7 @@ spec: fieldPath: metadata.namespace - name: CONTAINER_NAME value: manager - image: openpolicyagent/gatekeeper:v3.9.0 + image: openpolicyagent/gatekeeper:v3.9.1 imagePullPolicy: Always livenessProbe: httpGet: @@ -2572,7 +2572,7 @@ spec: fieldPath: metadata.namespace - name: CONTAINER_NAME value: manager - image: openpolicyagent/gatekeeper:v3.9.0 + image: openpolicyagent/gatekeeper:v3.9.1 imagePullPolicy: Always livenessProbe: httpGet: