chore: update to support GK 3.15 & remove support for GK 3.12 (ratify…

…-project#1318)
akashsinghal · Mar 14, 2024 · 4288940 · 4288940
1 parent 1f50ed8
commit 4288940
Show file tree

Hide file tree

Showing 7 changed files with 10 additions and 10 deletions.
diff --git a/.github/workflows/build-pr.yml b/.github/workflows/build-pr.yml
@@ -87,7 +87,7 @@ jobs:
       fail-fast: false
       matrix:
         KUBERNETES_VERSION: ["1.26.10", "1.27.7"]
-        GATEKEEPER_VERSION: ["3.12.0", "3.13.0", "3.14.0"]
+        GATEKEEPER_VERSION: ["3.13.0", "3.14.0", "3.15.0"]
     steps:
       - name: Check out code into the Go module directory
         uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
@@ -147,7 +147,7 @@ jobs:
       fail-fast: false
       matrix:
         KUBERNETES_VERSION: ["1.26.10", "1.27.7"]
-        GATEKEEPER_VERSION: ["3.12.0", "3.13.0", "3.14.0"]
+        GATEKEEPER_VERSION: ["3.13.0", "3.14.0", "3.15.0"]
     steps:
       - name: Check out code into the Go module directory
         uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2

diff --git a/Makefile b/Makefile
@@ -28,7 +28,7 @@ LDFLAGS += -X $(GO_PKG)/internal/version.GitTag=$(GIT_TAG)
 KIND_VERSION ?= 0.14.0
 KUBERNETES_VERSION ?= 1.27.7
 KIND_KUBERNETES_VERSION ?= 1.27.3
-GATEKEEPER_VERSION ?= 3.14.0
+GATEKEEPER_VERSION ?= 3.15.0
 DAPR_VERSION ?= 1.11.1
 COSIGN_VERSION ?= 1.13.1
 NOTATION_VERSION ?= 1.0.0-rc.7
@@ -467,10 +467,10 @@ e2e-azure-setup: e2e-create-all-image e2e-notation-setup e2e-notation-leaf-cert-
 
 e2e-deploy-gatekeeper: e2e-helm-install
 	./.staging/helm/linux-amd64/helm repo add gatekeeper https://open-policy-agent.github.io/gatekeeper/charts
-	if [ ${GATEKEEPER_VERSION} = "3.12.0" ] || [ ${GATEKEEPER_VERSION} = "3.13.0" ]; then ./.staging/helm/linux-amd64/helm install gatekeeper/gatekeeper --version ${GATEKEEPER_VERSION} --name-template=gatekeeper --namespace ${GATEKEEPER_NAMESPACE} --create-namespace --set enableExternalData=true --set validatingWebhookTimeoutSeconds=5 --set mutatingWebhookTimeoutSeconds=2 --set auditInterval=0; fi
+	if [ ${GATEKEEPER_VERSION} = "3.13.0" ]; then ./.staging/helm/linux-amd64/helm install gatekeeper/gatekeeper --version ${GATEKEEPER_VERSION} --name-template=gatekeeper --namespace ${GATEKEEPER_NAMESPACE} --create-namespace --set enableExternalData=true --set validatingWebhookTimeoutSeconds=5 --set mutatingWebhookTimeoutSeconds=2 --set auditInterval=0; fi
 	if [ ${GATEKEEPER_VERSION} = "3.13.0" ]; then kubectl -n ${GATEKEEPER_NAMESPACE} patch deployment gatekeeper-controller-manager --type=json -p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--external-data-provider-response-cache-ttl=1s"}]' && sleep 60; fi
 	# Gatekeeper versions >= 3.14.0 need a special helm value to override the default external data response cache ttl to 10s
-	if [ ${GATEKEEPER_VERSION} != "3.12.0" ] && [ ${GATEKEEPER_VERSION} != "3.13.0" ]; then ./.staging/helm/linux-amd64/helm install gatekeeper/gatekeeper --version ${GATEKEEPER_VERSION} --name-template=gatekeeper --namespace ${GATEKEEPER_NAMESPACE} --create-namespace --set enableExternalData=true --set validatingWebhookTimeoutSeconds=5 --set mutatingWebhookTimeoutSeconds=2 --set auditInterval=0 --set externaldataProviderResponseCacheTTL=1s; fi
+	if [ ${GATEKEEPER_VERSION} != "3.13.0" ]; then ./.staging/helm/linux-amd64/helm install gatekeeper/gatekeeper --version ${GATEKEEPER_VERSION} --name-template=gatekeeper --namespace ${GATEKEEPER_NAMESPACE} --create-namespace --set enableExternalData=true --set validatingWebhookTimeoutSeconds=5 --set mutatingWebhookTimeoutSeconds=2 --set auditInterval=0 --set externaldataProviderResponseCacheTTL=1s; fi
 
 e2e-build-crd-image:
 	docker build --progress=plain --no-cache --build-arg KUBE_VERSION=${KUBERNETES_VERSION} --build-arg TARGETOS="linux" --build-arg TARGETARCH="amd64" -f crd.Dockerfile -t localbuildcrd:test ./charts/ratify/crds

diff --git a/charts/ratify/README.md b/charts/ratify/README.md
@@ -65,7 +65,7 @@ $ helm upgrade -n gatekeeper-system [RELEASE_NAME] ratify/ratify
 | resources.requests.memory                          | Memory request of Ratify Deployment                                                                                                                                                                                                                                                                                                                                    | `512Mi`                           |
 | serviceAccount.create                              | Create new dedicated Ratify service account                                                                                                                                                                                                                                                                                                                            | `true`                            |
 | serviceAccount.name                                | Name of Ratify service account to create                                                                                                                                                                                                                                                                                                                               | `ratify-admin`                    |
-| gatekeeper.version                                 | Determines the Gatekeeper CRD versioning                                                                                                                                                                                                                                                                                                                               | `3.14.0`                          |
+| gatekeeper.version                                 | Determines the Gatekeeper CRD versioning                                                                                                                                                                                                                                                                                                                               | `3.15.0`                          |
 | gatekeeper.namespace                               | Namespace Gatekeeper is installed                                                                                                                                                                                                                                                                                                                                      | `gatekeeper-system`               |
 | instrumentation.metricsEnabled                     | Initializes the configured metrics provider                                                                                                                                                                                                                                                                                                                            | `true`                            |
 | instrumentation.metricsType                        | Specifies the metrics provider type                                                                                                                                                                                                                                                                                                                                    | `prometheus`                      |

diff --git a/charts/ratify/values.yaml b/charts/ratify/values.yaml
@@ -40,7 +40,7 @@ serviceAccount:
   create: true
   name: ratify-admin
 gatekeeper:
-  version: "3.14.0"
+  version: "3.15.0"
   namespace: # default is gatekeeper-system
 instrumentation:
   metricsEnabled: true

diff --git a/dev.helmfile.yaml b/dev.helmfile.yaml
@@ -10,7 +10,7 @@ releases:
     namespace: gatekeeper-system
     createNamespace: true
     chart: gatekeeper/gatekeeper
-    version: 3.14.0
+    version: 3.15.0
     wait: true
     set:
       - name: enableExternalData

diff --git a/dev.high-availability.helmfile.yaml b/dev.high-availability.helmfile.yaml
@@ -20,7 +20,7 @@ releases:
     namespace: gatekeeper-system
     createNamespace: true
     chart: gatekeeper/gatekeeper
-    version: 3.14.0
+    version: 3.15.0
     wait: true
     set:
       - name: enableExternalData

diff --git a/scripts/azure-ci-test.sh b/scripts/azure-ci-test.sh
@@ -28,7 +28,7 @@ export KEYVAULT_NAME="${KEYVAULT_NAME:-ratify-akv-${SUFFIX}}"
 export USER_ASSIGNED_IDENTITY_NAME="${USER_ASSIGNED_IDENTITY_NAME:-ratify-e2e-identity-${SUFFIX}}"
 export LOCATION="eastus"
 export KUBERNETES_VERSION=${1:-1.27.7}
-GATEKEEPER_VERSION=${2:-3.14.0}
+GATEKEEPER_VERSION=${2:-3.15.0}
 TENANT_ID=$3
 export RATIFY_NAMESPACE=${4:-gatekeeper-system}
 CERT_DIR=${5:-"~/ratify/certs"}