Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: Prepare v3.8.0-rc.1 release #1962

Merged
merged 1 commit into from
Apr 5, 2022
Merged

chore: Prepare v3.8.0-rc.1 release #1962

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ DEV_TAG ?= dev
USE_LOCAL_IMG ?= false
ENABLE_EXTERNAL_DATA ?= false

VERSION := v3.7.0
VERSION := v3.8.0-rc.1

KIND_VERSION ?= 0.11.0
# note: k8s version pinned since KIND image availability lags k8s releases
Expand Down
4 changes: 2 additions & 2 deletions charts/gatekeeper/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ description: A Helm chart for Gatekeeper
name: gatekeeper
keywords:
- open policy agent
version: 3.7.0
version: 3.8.0-rc.1
home: https://github.com/open-policy-agent/gatekeeper
sources:
- https://github.com/open-policy-agent/gatekeeper.git
appVersion: v3.7.0
appVersion: v3.8.0-rc.1
139 changes: 76 additions & 63 deletions charts/gatekeeper/README.md
View file
Open in desktop

Large diffs are not rendered by default.

90 changes: 72 additions & 18 deletions charts/gatekeeper/crds/assign-customresourcedefinition.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,9 +62,10 @@ spec:
description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything.
properties:
excludedNamespaces:
description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.'
items:
description: 'A string that supports globbing at its end. Ex: "kube-*" will match "kube-system" or "kube-public". The asterisk is required for wildcard matching.'
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.'
pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
type: string
type: array
kinds:
Expand All @@ -83,7 +84,7 @@ spec:
type: object
type: array
labelSelector:
description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.'
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
Expand Down Expand Up @@ -113,11 +114,11 @@ spec:
type: object
type: object
name:
description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix-based glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`.'
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.'
pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
type: string
namespaceSelector:
description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
Expand Down Expand Up @@ -147,13 +148,14 @@ spec:
type: object
type: object
namespaces:
description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.'
items:
description: 'A string that supports globbing at its end. Ex: "kube-*" will match "kube-system" or "kube-public". The asterisk is required for wildcard matching.'
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.'
pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
type: string
type: array
scope:
description: ResourceScope is an enum defining the different scopes available to a custom resource
description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`)
type: string
type: object
parameters:
Expand All @@ -162,6 +164,31 @@ spec:
assign:
description: Assign.value holds the value to be assigned
properties:
externalData:
description: ExternalData describes the external data provider to be used for mutation.
properties:
dataSource:
default: ValueAtLocation
description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters.
enum:
- ValueAtLocation
- Username
type: string
default:
description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault".
type: string
failurePolicy:
default: Fail
description: FailurePolicy specifies the policy to apply when the external data provider returns an error.
enum:
- UseDefault
- Ignore
- Fail
type: string
provider:
description: Provider is the name of the external data provider.
type: string
type: object
fromMetadata:
description: FromMetadata assigns a value from the specified metadata field.
properties:
Expand Down Expand Up @@ -273,9 +300,10 @@ spec:
description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything.
properties:
excludedNamespaces:
description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.'
items:
description: 'A string that supports globbing at its end. Ex: "kube-*" will match "kube-system" or "kube-public". The asterisk is required for wildcard matching.'
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.'
pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
type: string
type: array
kinds:
Expand All @@ -294,7 +322,7 @@ spec:
type: object
type: array
labelSelector:
description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.'
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
Expand Down Expand Up @@ -324,11 +352,11 @@ spec:
type: object
type: object
name:
description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix-based glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`.'
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.'
pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
type: string
namespaceSelector:
description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
Expand Down Expand Up @@ -358,13 +386,14 @@ spec:
type: object
type: object
namespaces:
description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.'
items:
description: 'A string that supports globbing at its end. Ex: "kube-*" will match "kube-system" or "kube-public". The asterisk is required for wildcard matching.'
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.'
pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
type: string
type: array
scope:
description: ResourceScope is an enum defining the different scopes available to a custom resource
description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`)
type: string
type: object
parameters:
Expand All @@ -373,6 +402,31 @@ spec:
assign:
description: Assign.value holds the value to be assigned
properties:
externalData:
description: ExternalData describes the external data provider to be used for mutation.
properties:
dataSource:
default: ValueAtLocation
description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters.
enum:
- ValueAtLocation
- Username
type: string
default:
description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault".
type: string
failurePolicy:
default: Fail
description: FailurePolicy specifies the policy to apply when the external data provider returns an error.
enum:
- UseDefault
- Ignore
- Fail
type: string
provider:
description: Provider is the name of the external data provider.
type: string
type: object
fromMetadata:
description: FromMetadata assigns a value from the specified metadata field.
properties:
Expand Down
Loading