Skip to content

Commit

Permalink
chore: Prepare v3.8.0-rc.1 release
Browse files Browse the repository at this point in the history 
Signed-off-by: GitHub <[email protected]>
  • Loading branch information
@chewong
chewong authored Apr 5, 2022
1 parent b1715cd commit 00f5b4a
Show file tree
Hide file tree
Showing 26 changed files with 689 additions and 256 deletions.
2 changes: 1 addition & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ DEV_TAG ?= dev
USE_LOCAL_IMG ?= false
ENABLE_EXTERNAL_DATA ?= false

VERSION := v3.7.0
VERSION := v3.8.0-rc.1

KIND_VERSION ?= 0.11.0
# note: k8s version pinned since KIND image availability lags k8s releases
Expand Down
4 changes: 2 additions & 2 deletions charts/gatekeeper/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ description: A Helm chart for Gatekeeper
name: gatekeeper
keywords:
- open policy agent
version: 3.7.0
version: 3.8.0-rc.1
home: https://github.com/open-policy-agent/gatekeeper
sources:
- https://github.com/open-policy-agent/gatekeeper.git
appVersion: v3.7.0
appVersion: v3.8.0-rc.1
139 changes: 76 additions & 63 deletions charts/gatekeeper/README.md
View file

Large diffs are not rendered by default.

90 changes: 72 additions & 18 deletions charts/gatekeeper/crds/assign-customresourcedefinition.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,9 +62,10 @@ spec:
description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything.
properties:
excludedNamespaces:
description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.'
items:
description: 'A string that supports globbing at its end. Ex: "kube-*" will match "kube-system" or "kube-public". The asterisk is required for wildcard matching.'
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.'
pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
type: string
type: array
kinds:
Expand All @@ -83,7 +84,7 @@ spec:
type: object
type: array
labelSelector:
description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.'
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
Expand Down Expand Up @@ -113,11 +114,11 @@ spec:
type: object
type: object
name:
description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix-based glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`.'
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.'
pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
type: string
namespaceSelector:
description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
Expand Down Expand Up @@ -147,13 +148,14 @@ spec:
type: object
type: object
namespaces:
description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.'
items:
description: 'A string that supports globbing at its end. Ex: "kube-*" will match "kube-system" or "kube-public". The asterisk is required for wildcard matching.'
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.'
pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
type: string
type: array
scope:
description: ResourceScope is an enum defining the different scopes available to a custom resource
description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`)
type: string
type: object
parameters:
Expand All @@ -162,6 +164,31 @@ spec:
assign:
description: Assign.value holds the value to be assigned
properties:
externalData:
description: ExternalData describes the external data provider to be used for mutation.
properties:
dataSource:
default: ValueAtLocation
description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters.
enum:
- ValueAtLocation
- Username
type: string
default:
description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault".
type: string
failurePolicy:
default: Fail
description: FailurePolicy specifies the policy to apply when the external data provider returns an error.
enum:
- UseDefault
- Ignore
- Fail
type: string
provider:
description: Provider is the name of the external data provider.
type: string
type: object
fromMetadata:
description: FromMetadata assigns a value from the specified metadata field.
properties:
Expand Down Expand Up @@ -273,9 +300,10 @@ spec:
description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything.
properties:
excludedNamespaces:
description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.'
items:
description: 'A string that supports globbing at its end. Ex: "kube-*" will match "kube-system" or "kube-public". The asterisk is required for wildcard matching.'
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.'
pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
type: string
type: array
kinds:
Expand All @@ -294,7 +322,7 @@ spec:
type: object
type: array
labelSelector:
description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.'
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
Expand Down Expand Up @@ -324,11 +352,11 @@ spec:
type: object
type: object
name:
description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix-based glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`.'
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.'
pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
type: string
namespaceSelector:
description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
Expand Down Expand Up @@ -358,13 +386,14 @@ spec:
type: object
type: object
namespaces:
description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.'
items:
description: 'A string that supports globbing at its end. Ex: "kube-*" will match "kube-system" or "kube-public". The asterisk is required for wildcard matching.'
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.'
pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
type: string
type: array
scope:
description: ResourceScope is an enum defining the different scopes available to a custom resource
description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`)
type: string
type: object
parameters:
Expand All @@ -373,6 +402,31 @@ spec:
assign:
description: Assign.value holds the value to be assigned
properties:
externalData:
description: ExternalData describes the external data provider to be used for mutation.
properties:
dataSource:
default: ValueAtLocation
description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters.
enum:
- ValueAtLocation
- Username
type: string
default:
description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault".
type: string
failurePolicy:
default: Fail
description: FailurePolicy specifies the policy to apply when the external data provider returns an error.
enum:
- UseDefault
- Ignore
- Fail
type: string
provider:
description: Provider is the name of the external data provider.
type: string
type: object
fromMetadata:
description: FromMetadata assigns a value from the specified metadata field.
properties:
Expand Down
Loading

0 comments on commit 00f5b4a

Please sign in to comment.