Upgrading gatekeeper image to v3.6.0

.drone.yml

@@ -66,6 +66,7 @@ trigger:
   ref:
     include:
       - refs/heads/master
+      - refs/heads/upgrade_opa
       - refs/tags/**
 
 steps:
@@ -161,6 +162,7 @@ trigger:
   ref:
     include:
       - refs/heads/master
+      - refs/heads/upgrade_opa
       - refs/tags/**
 
 steps:
@@ -256,6 +258,7 @@ trigger:
   ref:
     include:
       - refs/heads/master
+      - refs/heads/upgrade_opa
       - refs/tags/**
 
 steps:
@@ -350,6 +353,7 @@ trigger:
   ref:
     include:
       - refs/heads/master
+      - refs/heads/upgrade_opa
       - refs/tags/**
 
 steps:

README.md

@@ -7,8 +7,8 @@ Kubernetes Cluster.
 
 The following packages are included in the Fury Kubernetes OPA module:
 
-- [Gatekeeper](katalog/gatekeeper): Ready to use gatekeeper deployment plus a set of rules. Version: **v3.5.1**
-  - [Gatekeeper Core](katalog/gatekeeper/core): Gatekeeper deployment, ready to apply rules. Version: **v3.5.1**
+- [Gatekeeper](katalog/gatekeeper): Ready to use gatekeeper deployment plus a set of rules. Version: **v3.6.0**
+  - [Gatekeeper Core](katalog/gatekeeper/core): Gatekeeper deployment, ready to apply rules. Version: **v3.6.0**
   - [Gatekeeper Rules](katalog/gatekeeper/rules): Gatekeeper rules:
     - deny of docker images with the latest tag
     - deny of pods that have no limit declared (both CPU and memory)

docs/releases/v1.5.0.md

@@ -0,0 +1,41 @@
+# Opa Core Module version 1.5.0
+
+`fury-kubernetes-opa` is part of the SIGHUP maintained [Kubernetes Fury Distribution](https://github.com/sighupio/fury-distribution). The module provides a policy engine based on OPA Gatekeeper to enable custom policy enforcement to be deployed on the Kubernetes cluster based on Velero. Team SIGHUP makes it a priority to maintain these modules in compliance with CNCF and with all the latest features from upstream.
+
+This release introduces the support for Kubernetes runtime `1.22` and
+drops support for `1.18`. Refer the [Compatibility
+Matrix](https://github.com/sighupio/fury-kubernetes-opa#compatibility) for more.
+
+## Changelog
+
+### Breaking Changes
+> None
+### Features
+- [#30](https://github.com/sighupio/fury-kubernetes-opa/pull/30) Supporting e2e test for 1.22.0 kubernetes
+- [#32](https://github.com/sighupio/fury-kubernetes-opa/pull/32) Updating GPM to 0.5.0
+- [#33](https://github.com/sighupio/fury-kubernetes-opa/pull/33) Upgrading gatekeeper from v3.4.0 to [v3.6.0](https://github.com/open-policy-agent/gatekeeper/releases/tag/v3.6.0)
+- [#31](https://github.com/sighupio/fury-kubernetes-opa/pull/31) Fixing OPA CRDs to support Kubernetes 1.22
+### Bug Fixes
+> None
+### Security Fixes
+> None
+#### Documentation updates
+> None
+
+### Upgrade Guide
+
+#### Warnings
+
+Upgrade from `v1.4.x` to `v1.5.0` should be fairly smooth.
+
+#### Process
+
+To upgrade this core module from `v1.4.0` to `v1.5.0`, you need to download this new version, then apply the `kustomize` project. No further action is required.
+
+```bash
+$ kustomize build katalog/gatekeeper | kubectl apply -f - --force
+# changes will be applied
+```
+
+
+

katalog/gatekeeper/core/deploy.yml

@@ -33,6 +33,8 @@ spec:
         - --operation=audit
         - --operation=status
         - --logtostderr
+        - --health-addr=:9090
+        - --prometheus-port=8888
         command:
         - /manager
         env:
@@ -124,6 +126,8 @@ spec:
       containers:
         - args:
             - --port=8443
+            - --health-addr=:9090
+            - --prometheus-port=8888
             - --logtostderr
             - --exempt-namespace=$(POD_NAMESPACE)
             - --operation=webhook

katalog/gatekeeper/core/kustomization.yaml

@@ -22,4 +22,4 @@ resources:
 images:
   - name: openpolicyagent/gatekeeper
     newName: registry.sighup.io/fury/openpolicyagent/gatekeeper
-    newTag: v3.5.1
+    newTag: v3.6.0