From 206bbe9c9c500410daf7141ff76250f442135a1a Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 18 May 2022 19:37:25 -0700 Subject: [PATCH] chore: Prepare v3.9.0-beta.1 release (#2057) Signed-off-by: Max Smythe Co-authored-by: maxsmythe --- Makefile | 2 +- charts/gatekeeper/Chart.yaml | 4 ++-- charts/gatekeeper/README.md | 8 +++++--- .../templates/gatekeeper-audit-deployment.yaml | 7 +++++++ ...tekeeper-controller-manager-deployment.yaml | 7 +++++++ ...iguration-mutatingwebhookconfiguration.yaml | 1 + ...uration-validatingwebhookconfiguration.yaml | 1 + .../templates/namespace-post-install.yaml | 6 ++++++ .../templates/upgrade-crds-hook.yaml | 5 ++++- charts/gatekeeper/values.yaml | 10 +++++++--- cmd/build/helmify/static/Chart.yaml | 4 ++-- cmd/build/helmify/static/README.md | 6 +++--- cmd/build/helmify/static/values.yaml | 6 +++--- config/manager/manager.yaml | 4 ++-- deploy/gatekeeper.yaml | 18 ++++++++++++++++-- manifest_staging/charts/gatekeeper/Chart.yaml | 4 ++-- manifest_staging/charts/gatekeeper/README.md | 6 +++--- manifest_staging/charts/gatekeeper/values.yaml | 6 +++--- manifest_staging/deploy/gatekeeper.yaml | 4 ++-- 19 files changed, 77 insertions(+), 32 deletions(-) diff --git a/Makefile b/Makefile index b315b58a8cf..115d54210f4 100644 --- a/Makefile +++ b/Makefile @@ -8,7 +8,7 @@ DEV_TAG ?= dev USE_LOCAL_IMG ?= false ENABLE_EXTERNAL_DATA ?= false -VERSION := v3.9.0-beta.0 +VERSION := v3.9.0-beta.1 KIND_VERSION ?= 0.13.0 # note: k8s version pinned since KIND image availability lags k8s releases diff --git a/charts/gatekeeper/Chart.yaml b/charts/gatekeeper/Chart.yaml index 804827ff431..784279dd613 100644 --- a/charts/gatekeeper/Chart.yaml +++ b/charts/gatekeeper/Chart.yaml @@ -3,8 +3,8 @@ description: A Helm chart for Gatekeeper name: gatekeeper keywords: - open policy agent -version: 3.9.0-beta.0 +version: 3.9.0-beta.1 home: https://github.com/open-policy-agent/gatekeeper sources: - https://github.com/open-policy-agent/gatekeeper.git -appVersion: v3.9.0-beta.0 +appVersion: v3.9.0-beta.1 diff --git a/charts/gatekeeper/README.md b/charts/gatekeeper/README.md index 81e9cea71ad..8c501c7b941 100644 --- a/charts/gatekeeper/README.md +++ b/charts/gatekeeper/README.md @@ -66,13 +66,13 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | :-------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------ | | postInstall.labelNamespace.enabled | Add labels to the namespace during post install hooks | `true` | | postInstall.labelNamespace.image.repository | Image with kubectl to label the namespace | `openpolicyagent/gatekeeper-crds` | -| postInstall.labelNamespace.image.tag | Image tag | Current release version: `v3.9.0-beta.0` | +| postInstall.labelNamespace.image.tag | Image tag | Current release version: `v3.9.0-beta.1` | | postInstall.labelNamespace.image.pullPolicy | Image pullPolicy | `IfNotPresent` | | postInstall.labelNamespace.image.pullSecrets | Image pullSecrets | `[]` | | postInstall.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` | | preUninstall.deleteWebhooks.enabled | Delete webhooks before gatekeeper itself is uninstalled | `false` | | preUninstall.deleteWebhooks.image.repository | Image with kubectl to delete the webhooks | `openpolicyagent/gatekeeper-crds` | -| preUninstall.deleteWebhooks.image.tag | Image tag | Current release version: `v3.9.0-beta.0` | +| preUninstall.deleteWebhooks.image.tag | Image tag | Current release version: `v3.9.0-beta.1` | | preUninstall.deleteWebhooks.image.pullPolicy | Image pullPolicy | `IfNotPresent` | | preUninstall.deleteWebhooks.image.pullSecrets | Image pullSecrets | `[]` | | preUninstall.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` | @@ -88,6 +88,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | disableMutation | Disable mutation | `false` | | validatingWebhookTimeoutSeconds | The timeout for the validating webhook in seconds | `3` | | validatingWebhookFailurePolicy | The failurePolicy for the validating webhook | `Ignore` | +| validatingWebhookObjectSelector | The label selector to further refine which namespaced resources will be selected by the webhook. Please note that an exemption label means users can circumvent Gatekeeper's validation webhook unless measures are taken to control how exemption labels can be set. | `{}` | | validatingWebhookCheckIgnoreFailurePolicy | The failurePolicy for the check-ignore-label validating webhook | `Fail` | | validatingWebhookExemptNamespacesLabels | Additional namespace labels that will be exempt from the validating webhook. Please note that anyone in the cluster capable to manage namespaces will be able to skip all Gatekeeper validation by setting one of these labels for their namespace. | `{}` | | validatingWebhookCustomRules | Custom rules for selecting which API resources trigger the webhook. Mutually exclusive with `enableDeleteOperations`. NOTE: If you change this, ensure all your constraints are still being enforced. | `{}` | @@ -97,6 +98,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | mutatingWebhookFailurePolicy | The failurePolicy for the mutating webhook | `Ignore` | | mutatingWebhookReinvocationPolicy | The reinvocationPolicy for the mutating webhook | `Never` | | mutatingWebhookExemptNamespacesLabels | Additional namespace labels that will be exempt from the mutating webhook. Please note that anyone in the cluster capable to manage namespaces will be able to skip all Gatekeeper validation by setting one of these labels for their namespace. | `{}` | +| mutatingWebhookObjectSelector | The label selector to further refine which namespaced resources will be selected by the webhook. Please note that an exemption label means users can circumvent Gatekeeper's mutation webhook unless measures are taken to control how exemption labels can be set. | `{}` | | mutatingWebhookTimeoutSeconds | The timeout for the mutating webhook in seconds | `3` | | mutatingWebhookCustomRules | Custom rules for selecting which API resources trigger the webhook. NOTE: If you change this, ensure all your constraints are still being enforced. | `{}` | | emitAdmissionEvents | Emit K8s events in gatekeeper namespace for admission violations (alpha feature) | `false` | @@ -105,7 +107,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | logLevel | Minimum log level | `INFO` | | image.pullPolicy | The image pull policy | `IfNotPresent` | | image.repository | Image repository | `openpolicyagent/gatekeeper` | -| image.release | The image release tag to use | Current release version: `v3.9.0-beta.0` | +| image.release | The image release tag to use | Current release version: `v3.9.0-beta.1` | | image.pullSecrets | Specify an array of imagePullSecrets | `[]` | | resources | The resource request/limits for the container image | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi | | nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` | diff --git a/charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml b/charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml index 542cf226153..8369cbfaf52 100644 --- a/charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml +++ b/charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml @@ -72,6 +72,13 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: CONTAINER_NAME + value: manager imagePullPolicy: '{{ .Values.image.pullPolicy }}' livenessProbe: httpGet: diff --git a/charts/gatekeeper/templates/gatekeeper-controller-manager-deployment.yaml b/charts/gatekeeper/templates/gatekeeper-controller-manager-deployment.yaml index 32bb56d283c..ab30510b6bc 100644 --- a/charts/gatekeeper/templates/gatekeeper-controller-manager-deployment.yaml +++ b/charts/gatekeeper/templates/gatekeeper-controller-manager-deployment.yaml @@ -84,6 +84,13 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: CONTAINER_NAME + value: manager imagePullPolicy: '{{ .Values.image.pullPolicy }}' livenessProbe: httpGet: diff --git a/charts/gatekeeper/templates/gatekeeper-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml b/charts/gatekeeper/templates/gatekeeper-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml index ad409d1ae97..b56ac504e27 100644 --- a/charts/gatekeeper/templates/gatekeeper-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml +++ b/charts/gatekeeper/templates/gatekeeper-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml @@ -31,6 +31,7 @@ webhooks: operator: NotIn value: {{ $value }} {{- end }} + objectSelector: {{ toYaml .Values.mutatingWebhookObjectSelector }} reinvocationPolicy: {{ .Values.mutatingWebhookReinvocationPolicy }} rules: {{- if .Values.mutatingWebhookCustomRules }} diff --git a/charts/gatekeeper/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml b/charts/gatekeeper/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml index ba07e823b5e..0b5146339ef 100644 --- a/charts/gatekeeper/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml +++ b/charts/gatekeeper/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml @@ -31,6 +31,7 @@ webhooks: operator: NotIn value: {{ $value }} {{- end }} + objectSelector: {{ toYaml .Values.validatingWebhookObjectSelector }} rules: {{- if .Values.validatingWebhookCustomRules }} {{- toYaml .Values.validatingWebhookCustomRules | nindent 2 }} diff --git a/charts/gatekeeper/templates/namespace-post-install.yaml b/charts/gatekeeper/templates/namespace-post-install.yaml index 0c277d92112..d120168db11 100644 --- a/charts/gatekeeper/templates/namespace-post-install.yaml +++ b/charts/gatekeeper/templates/namespace-post-install.yaml @@ -36,6 +36,9 @@ spec: - label - ns - {{ .Release.Namespace }} + {{- range .Values.postInstall.labelNamespace.extraNamespaces }} + - {{ . }} + {{- end }} - admission.gatekeeper.sh/ignore=no-self-managing - --overwrite securityContext: @@ -76,6 +79,9 @@ rules: - patch resourceNames: - {{ .Release.Namespace }} + {{- range .Values.postInstall.labelNamespace.extraNamespaces }} + - {{ . }} + {{- end }} {{- end }} --- {{- if .Values.rbac.create }} diff --git a/charts/gatekeeper/templates/upgrade-crds-hook.yaml b/charts/gatekeeper/templates/upgrade-crds-hook.yaml index f69d10971d7..f280bf0f2ab 100644 --- a/charts/gatekeeper/templates/upgrade-crds-hook.yaml +++ b/charts/gatekeeper/templates/upgrade-crds-hook.yaml @@ -95,7 +95,10 @@ spec: {{- toYaml .Values.crds.resources | nindent 10 }} securityContext: {{- toYaml .Values.crds.securityContext | nindent 10 }} + affinity: + {{- toYaml .Values.upgradeCRDs.affinity | nindent 8 }} nodeSelector: kubernetes.io/os: linux - + tolerations: + {{- toYaml .Values.upgradeCRDs.tolerations | nindent 8 }} {{- end }} diff --git a/charts/gatekeeper/values.yaml b/charts/gatekeeper/values.yaml index 8750d448080..e82ef936b28 100644 --- a/charts/gatekeeper/values.yaml +++ b/charts/gatekeeper/values.yaml @@ -8,6 +8,7 @@ disableValidatingWebhook: false validatingWebhookTimeoutSeconds: 3 validatingWebhookFailurePolicy: Ignore validatingWebhookExemptNamespacesLabels: {} +validatingWebhookObjectSelector: {} validatingWebhookCheckIgnoreFailurePolicy: Fail validatingWebhookCustomRules: {} enableDeleteOperations: false @@ -16,6 +17,7 @@ enableTLSHealthcheck: false mutatingWebhookFailurePolicy: Ignore mutatingWebhookReinvocationPolicy: Never mutatingWebhookExemptNamespacesLabels: {} +mutatingWebhookObjectSelector: {} mutatingWebhookTimeoutSeconds: 1 mutatingWebhookCustomRules: {} mutationAnnotations: false @@ -31,9 +33,10 @@ postInstall: enabled: true image: repository: openpolicyagent/gatekeeper-crds - tag: v3.9.0-beta.0 + tag: v3.9.0-beta.1 pullPolicy: IfNotPresent pullSecrets: [] + extraNamespaces: [] securityContext: allowPrivilegeEscalation: false capabilities: @@ -48,7 +51,7 @@ preUninstall: enabled: false image: repository: openpolicyagent/gatekeeper-crds - tag: v3.9.0-beta.0 + tag: v3.9.0-beta.1 pullPolicy: IfNotPresent pullSecrets: [] securityContext: @@ -63,7 +66,7 @@ preUninstall: image: repository: openpolicyagent/gatekeeper crdRepository: openpolicyagent/gatekeeper-crds - release: v3.9.0-beta.0 + release: v3.9.0-beta.1 pullPolicy: IfNotPresent pullSecrets: [] podAnnotations: @@ -156,5 +159,6 @@ psp: enabled: true upgradeCRDs: enabled: true + tolerations: [] rbac: create: true diff --git a/cmd/build/helmify/static/Chart.yaml b/cmd/build/helmify/static/Chart.yaml index 804827ff431..784279dd613 100644 --- a/cmd/build/helmify/static/Chart.yaml +++ b/cmd/build/helmify/static/Chart.yaml @@ -3,8 +3,8 @@ description: A Helm chart for Gatekeeper name: gatekeeper keywords: - open policy agent -version: 3.9.0-beta.0 +version: 3.9.0-beta.1 home: https://github.com/open-policy-agent/gatekeeper sources: - https://github.com/open-policy-agent/gatekeeper.git -appVersion: v3.9.0-beta.0 +appVersion: v3.9.0-beta.1 diff --git a/cmd/build/helmify/static/README.md b/cmd/build/helmify/static/README.md index 1a8ee7bb46f..8c501c7b941 100644 --- a/cmd/build/helmify/static/README.md +++ b/cmd/build/helmify/static/README.md @@ -66,13 +66,13 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | :-------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------ | | postInstall.labelNamespace.enabled | Add labels to the namespace during post install hooks | `true` | | postInstall.labelNamespace.image.repository | Image with kubectl to label the namespace | `openpolicyagent/gatekeeper-crds` | -| postInstall.labelNamespace.image.tag | Image tag | Current release version: `v3.9.0-beta.0` | +| postInstall.labelNamespace.image.tag | Image tag | Current release version: `v3.9.0-beta.1` | | postInstall.labelNamespace.image.pullPolicy | Image pullPolicy | `IfNotPresent` | | postInstall.labelNamespace.image.pullSecrets | Image pullSecrets | `[]` | | postInstall.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` | | preUninstall.deleteWebhooks.enabled | Delete webhooks before gatekeeper itself is uninstalled | `false` | | preUninstall.deleteWebhooks.image.repository | Image with kubectl to delete the webhooks | `openpolicyagent/gatekeeper-crds` | -| preUninstall.deleteWebhooks.image.tag | Image tag | Current release version: `v3.9.0-beta.0` | +| preUninstall.deleteWebhooks.image.tag | Image tag | Current release version: `v3.9.0-beta.1` | | preUninstall.deleteWebhooks.image.pullPolicy | Image pullPolicy | `IfNotPresent` | | preUninstall.deleteWebhooks.image.pullSecrets | Image pullSecrets | `[]` | | preUninstall.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` | @@ -107,7 +107,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | logLevel | Minimum log level | `INFO` | | image.pullPolicy | The image pull policy | `IfNotPresent` | | image.repository | Image repository | `openpolicyagent/gatekeeper` | -| image.release | The image release tag to use | Current release version: `v3.9.0-beta.0` | +| image.release | The image release tag to use | Current release version: `v3.9.0-beta.1` | | image.pullSecrets | Specify an array of imagePullSecrets | `[]` | | resources | The resource request/limits for the container image | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi | | nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` | diff --git a/cmd/build/helmify/static/values.yaml b/cmd/build/helmify/static/values.yaml index 20b7b99cd5d..e82ef936b28 100644 --- a/cmd/build/helmify/static/values.yaml +++ b/cmd/build/helmify/static/values.yaml @@ -33,7 +33,7 @@ postInstall: enabled: true image: repository: openpolicyagent/gatekeeper-crds - tag: v3.9.0-beta.0 + tag: v3.9.0-beta.1 pullPolicy: IfNotPresent pullSecrets: [] extraNamespaces: [] @@ -51,7 +51,7 @@ preUninstall: enabled: false image: repository: openpolicyagent/gatekeeper-crds - tag: v3.9.0-beta.0 + tag: v3.9.0-beta.1 pullPolicy: IfNotPresent pullSecrets: [] securityContext: @@ -66,7 +66,7 @@ preUninstall: image: repository: openpolicyagent/gatekeeper crdRepository: openpolicyagent/gatekeeper-crds - release: v3.9.0-beta.0 + release: v3.9.0-beta.1 pullPolicy: IfNotPresent pullSecrets: [] podAnnotations: diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 8675df8cb2a..c5324d3b2e7 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -52,7 +52,7 @@ spec: - "--operation=webhook" - "--operation=mutation-webhook" - "--disable-opa-builtin={http.send}" - image: openpolicyagent/gatekeeper:v3.9.0-beta.0 + image: openpolicyagent/gatekeeper:v3.9.0-beta.1 imagePullPolicy: Always name: manager ports: @@ -144,7 +144,7 @@ spec: - --disable-opa-builtin={http.send} command: - /manager - image: openpolicyagent/gatekeeper:v3.9.0-beta.0 + image: openpolicyagent/gatekeeper:v3.9.0-beta.1 env: # used by Gatekeeper - name: POD_NAMESPACE diff --git a/deploy/gatekeeper.yaml b/deploy/gatekeeper.yaml index ccd38be939e..d8abc9dc6cc 100644 --- a/deploy/gatekeeper.yaml +++ b/deploy/gatekeeper.yaml @@ -2440,7 +2440,14 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name - image: openpolicyagent/gatekeeper:v3.9.0-beta.0 + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: CONTAINER_NAME + value: manager + image: openpolicyagent/gatekeeper:v3.9.0-beta.1 imagePullPolicy: Always livenessProbe: httpGet: @@ -2544,7 +2551,14 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name - image: openpolicyagent/gatekeeper:v3.9.0-beta.0 + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: CONTAINER_NAME + value: manager + image: openpolicyagent/gatekeeper:v3.9.0-beta.1 imagePullPolicy: Always livenessProbe: httpGet: diff --git a/manifest_staging/charts/gatekeeper/Chart.yaml b/manifest_staging/charts/gatekeeper/Chart.yaml index 804827ff431..784279dd613 100644 --- a/manifest_staging/charts/gatekeeper/Chart.yaml +++ b/manifest_staging/charts/gatekeeper/Chart.yaml @@ -3,8 +3,8 @@ description: A Helm chart for Gatekeeper name: gatekeeper keywords: - open policy agent -version: 3.9.0-beta.0 +version: 3.9.0-beta.1 home: https://github.com/open-policy-agent/gatekeeper sources: - https://github.com/open-policy-agent/gatekeeper.git -appVersion: v3.9.0-beta.0 +appVersion: v3.9.0-beta.1 diff --git a/manifest_staging/charts/gatekeeper/README.md b/manifest_staging/charts/gatekeeper/README.md index 1a8ee7bb46f..8c501c7b941 100644 --- a/manifest_staging/charts/gatekeeper/README.md +++ b/manifest_staging/charts/gatekeeper/README.md @@ -66,13 +66,13 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | :-------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------ | | postInstall.labelNamespace.enabled | Add labels to the namespace during post install hooks | `true` | | postInstall.labelNamespace.image.repository | Image with kubectl to label the namespace | `openpolicyagent/gatekeeper-crds` | -| postInstall.labelNamespace.image.tag | Image tag | Current release version: `v3.9.0-beta.0` | +| postInstall.labelNamespace.image.tag | Image tag | Current release version: `v3.9.0-beta.1` | | postInstall.labelNamespace.image.pullPolicy | Image pullPolicy | `IfNotPresent` | | postInstall.labelNamespace.image.pullSecrets | Image pullSecrets | `[]` | | postInstall.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` | | preUninstall.deleteWebhooks.enabled | Delete webhooks before gatekeeper itself is uninstalled | `false` | | preUninstall.deleteWebhooks.image.repository | Image with kubectl to delete the webhooks | `openpolicyagent/gatekeeper-crds` | -| preUninstall.deleteWebhooks.image.tag | Image tag | Current release version: `v3.9.0-beta.0` | +| preUninstall.deleteWebhooks.image.tag | Image tag | Current release version: `v3.9.0-beta.1` | | preUninstall.deleteWebhooks.image.pullPolicy | Image pullPolicy | `IfNotPresent` | | preUninstall.deleteWebhooks.image.pullSecrets | Image pullSecrets | `[]` | | preUninstall.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` | @@ -107,7 +107,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | logLevel | Minimum log level | `INFO` | | image.pullPolicy | The image pull policy | `IfNotPresent` | | image.repository | Image repository | `openpolicyagent/gatekeeper` | -| image.release | The image release tag to use | Current release version: `v3.9.0-beta.0` | +| image.release | The image release tag to use | Current release version: `v3.9.0-beta.1` | | image.pullSecrets | Specify an array of imagePullSecrets | `[]` | | resources | The resource request/limits for the container image | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi | | nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` | diff --git a/manifest_staging/charts/gatekeeper/values.yaml b/manifest_staging/charts/gatekeeper/values.yaml index 20b7b99cd5d..e82ef936b28 100644 --- a/manifest_staging/charts/gatekeeper/values.yaml +++ b/manifest_staging/charts/gatekeeper/values.yaml @@ -33,7 +33,7 @@ postInstall: enabled: true image: repository: openpolicyagent/gatekeeper-crds - tag: v3.9.0-beta.0 + tag: v3.9.0-beta.1 pullPolicy: IfNotPresent pullSecrets: [] extraNamespaces: [] @@ -51,7 +51,7 @@ preUninstall: enabled: false image: repository: openpolicyagent/gatekeeper-crds - tag: v3.9.0-beta.0 + tag: v3.9.0-beta.1 pullPolicy: IfNotPresent pullSecrets: [] securityContext: @@ -66,7 +66,7 @@ preUninstall: image: repository: openpolicyagent/gatekeeper crdRepository: openpolicyagent/gatekeeper-crds - release: v3.9.0-beta.0 + release: v3.9.0-beta.1 pullPolicy: IfNotPresent pullSecrets: [] podAnnotations: diff --git a/manifest_staging/deploy/gatekeeper.yaml b/manifest_staging/deploy/gatekeeper.yaml index bc537598796..d8abc9dc6cc 100644 --- a/manifest_staging/deploy/gatekeeper.yaml +++ b/manifest_staging/deploy/gatekeeper.yaml @@ -2447,7 +2447,7 @@ spec: fieldPath: metadata.namespace - name: CONTAINER_NAME value: manager - image: openpolicyagent/gatekeeper:v3.9.0-beta.0 + image: openpolicyagent/gatekeeper:v3.9.0-beta.1 imagePullPolicy: Always livenessProbe: httpGet: @@ -2558,7 +2558,7 @@ spec: fieldPath: metadata.namespace - name: CONTAINER_NAME value: manager - image: openpolicyagent/gatekeeper:v3.9.0-beta.0 + image: openpolicyagent/gatekeeper:v3.9.0-beta.1 imagePullPolicy: Always livenessProbe: httpGet: