Kubewarden v1.7.0-rc1 release (#253)

Releases Kubewarden stack v1.7.0-rc1 updating all the 3 Helm charts.

Signed-off-by: José Guilherme Vanz <[email protected]>

charts/kubewarden-controller/Chart.yaml

@@ -21,9 +21,9 @@ maintainers:
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.5.3
+version: 1.6.0-rc1
 # This is the version of Kubewarden stack
-appVersion: "v1.6.0"
+appVersion: v1.7.0-rc1
 annotations:
   # required ones:
   catalog.cattle.io/certified: rancher # Any application we are adding as a helm chart
@@ -33,14 +33,14 @@ annotations:
   catalog.cattle.io/display-name: Kubewarden # Only for Charts with custom UI
   catalog.cattle.io/os: linux # this means linux only, other choice here is "windows". For charts that support both, don't add this annotation
   # optional ones:
-  catalog.cattle.io/auto-install: kubewarden-crds=1.3.1 # Similar to requires but auto-installed, not manually installed. Accepts `match`, or a specific version.
+  catalog.cattle.io/auto-install: kubewarden-crds=1.4.0-rc1
   catalog.cattle.io/provides-gvr: "policyservers.policies.kubewarden.io/v1" # Declare that this chart provides a type, which other charts may use in `requires-gvr`. Only add to parent, not CRD chart.
   # The following two will create a UI warning if the request is not available in cluster
   # Assume the most standard setup for your chart. These can be strings with amounts, ie 64Mi or 2Gi are both valid.
   catalog.cattle.io/requests-cpu: "250m"
   catalog.cattle.io/requests-memory: "50Mi"
   catalog.cattle.io/rancher-version: ">= 2.6.0-0 <= 2.7.100-0" # Chart will only be available for users in the specified Rancher version(s), here its 2.5.0-2.5.99. This _must_ use build metadata or it won't work correctly for future RC's.
-  catalog.cattle.io/upstream-version: "1.5.3" # The version of the upstream chart or app. It prevents the unexpected "downgrade" when upgrading an installed chart that uses our 100.x.x+upVersion version schema.
+  catalog.cattle.io/upstream-version: 1.6.0-rc1
   # Valid values for the following annotation include: `cluster-tool`, `app` or `cluster-template`
   # See the Cluster Tools section to learn more about when to set this value to `cluster-tool`.
   catalog.cattle.io/type: cluster-tool

charts/kubewarden-controller/chart-values.yaml

@@ -1,5 +1,4 @@
 # Settings for kubewarden-controller.
-
 # nameOverride Replaces the release name of the chart in Chart.yaml file when
 # this is used to construct Kubernetes object names
 nameOverride: ""
@@ -10,23 +9,19 @@ imagePullSecrets: []
 # -- Additional labels to add to all resources
 additionalLabels: {}
 #   app: kubewarden-controller
-
 # -- Additional annotations to add to all resources
 additionalAnnotations: {}
 #   owner: IT-group1
-
 # SecurityContext to be used in the controller and audit-scanner containers. The
 # content of the containerSecurityContext will be set directly as the
 # securityContext of the container
 containerSecurityContext:
   allowPrivilegeEscalation: false
-
 # SecurityContext to be used in the controller and audit-scanner pods. The
 # content of the podSecurityContext will be set directly as the securityContext
 # of the pod
 podSecurityContext:
   runAsNonRoot: true
-
 # SecurityContext to be used in the pre-delete-hook job container and pod.
 # The content of the next fields will be set directly as the securityContext
 # of the container and pod used in the pre-delete-hook job.
@@ -35,7 +30,6 @@ preDeleteHook:
     allowPrivilegeEscalation: false
   podSecurityContext:
     runAsNonRoot: true
-
 # open-telemetry options
 telemetry:
   enabled: False
@@ -47,22 +41,19 @@ telemetry:
     # endpoint: "all-in-one-collector.jaeger.svc.cluster.local:14250"
     # tls:
     #  insecure: true
-
 image:
   # The registry is defined in the global.cattle.systemDefaultRegistry value
   # controller image to be used
   repository: "kubewarden/kubewarden-controller"
   # image tag
-  tag: "v1.6.2"
+  tag: v1.7.0-rc1
   pullPolicy: IfNotPresent
-
 preDeleteJob:
   image:
     # The registry is defined in the global.cattle.systemDefaultRegistry value
     # kubectl image to be used in the pre-delete helm hook
     repository: "kubewarden/kubectl"
     tag: "v1.25.9"
-
 # kubewarden-controller deployment settings:
 podAnnotations: {}
 nodeSelector: {}
@@ -79,7 +70,6 @@ tls:
   source: cert-manager-self-signed
   # "cert-manager"-only options:
   certManagerIssuerName: ""
-
 # Resource limits & requests
 # Ref: https://kubernetes.io/docs/user-guide/compute-resources/
 resources:
@@ -97,7 +87,6 @@ resources:
     requests:
       cpu: 250m
       memory: 50Mi
-
 # experimental Kubewarden features. These features are not recommended for
 # production yet, and are not covered by SemVer guarantees.
 experimental:

charts/kubewarden-controller/values.yaml

@@ -11,7 +11,6 @@ global:
       name: default
       enabled: true
 # Settings for kubewarden-controller.
-
 # nameOverride Replaces the release name of the chart in Chart.yaml file when
 # this is used to construct Kubernetes object names
 nameOverride: ""
@@ -22,23 +21,19 @@ imagePullSecrets: []
 # -- Additional labels to add to all resources
 additionalLabels: {}
 #   app: kubewarden-controller
-
 # -- Additional annotations to add to all resources
 additionalAnnotations: {}
 #   owner: IT-group1
-
 # SecurityContext to be used in the controller and audit-scanner containers. The
 # content of the containerSecurityContext will be set directly as the
 # securityContext of the container
 containerSecurityContext:
   allowPrivilegeEscalation: false
-
 # SecurityContext to be used in the controller and audit-scanner pods. The
 # content of the podSecurityContext will be set directly as the securityContext
 # of the pod
 podSecurityContext:
   runAsNonRoot: true
-
 # SecurityContext to be used in the pre-delete-hook job container and pod.
 # The content of the next fields will be set directly as the securityContext
 # of the container and pod used in the pre-delete-hook job.
@@ -47,7 +42,6 @@ preDeleteHook:
     allowPrivilegeEscalation: false
   podSecurityContext:
     runAsNonRoot: true
-
 # open-telemetry options
 telemetry:
   enabled: False
@@ -59,22 +53,19 @@ telemetry:
     # endpoint: "all-in-one-collector.jaeger.svc.cluster.local:14250"
     # tls:
     #  insecure: true
-
 image:
   # The registry is defined in the global.cattle.systemDefaultRegistry value
   # controller image to be used
   repository: "kubewarden/kubewarden-controller"
   # image tag
-  tag: "v1.6.2"
+  tag: v1.7.0-rc1
   pullPolicy: IfNotPresent
-
 preDeleteJob:
   image:
     # The registry is defined in the global.cattle.systemDefaultRegistry value
     # kubectl image to be used in the pre-delete helm hook
     repository: "kubewarden/kubectl"
     tag: "v1.25.9"
-
 # kubewarden-controller deployment settings:
 podAnnotations: {}
 nodeSelector: {}
@@ -91,7 +82,6 @@ tls:
   source: cert-manager-self-signed
   # "cert-manager"-only options:
   certManagerIssuerName: ""
-
 # Resource limits & requests
 # Ref: https://kubernetes.io/docs/user-guide/compute-resources/
 resources:
@@ -109,7 +99,6 @@ resources:
     requests:
       cpu: 250m
       memory: 50Mi
-
 # experimental Kubewarden features. These features are not recommended for
 # production yet, and are not covered by SemVer guarantees.
 experimental:

charts/kubewarden-crds/Chart.yaml

@@ -20,9 +20,9 @@ keywords:
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.3.1
+version: 1.4.0-rc1
 # This is the version of Kubewarden stack
-appVersion: "v1.6.0"
+appVersion: v1.7.0-rc1
 annotations:
   # required ones:
   catalog.cattle.io/certified: rancher # Any application we are adding as a helm chart
@@ -31,7 +31,7 @@ annotations:
   catalog.cattle.io/os: linux # this means linux only, other choice here is "windows". For charts that support both, don't add this annotation
   # optional ones:
   catalog.cattle.io/hidden: true # Hide specific charts. Only use on CRD charts.
-  catalog.cattle.io/upstream-version: "1.3.1" # The version of the upstream chart or app. It prevents the unexpected "downgrade" when upgrading an installed chart that uses our 100.x.x+upVersion version schema.
+  catalog.cattle.io/upstream-version: 1.4.0-rc1
   # Valid values for the following annotation include: `cluster-tool`, `app` or `cluster-template`
   # See the Cluster Tools section to learn more about when to set this value to `cluster-tool`.
   catalog.cattle.io/type: cluster-tool

charts/kubewarden-crds/templates/admissionpolicies.yaml

@@ -39,6 +39,17 @@ spec:
       jsonPath: .status.policyStatus
       name: Status
       type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    - jsonPath: .metadata.annotations['io\.kubewarden\.policy\.severity']
+      name: Severity
+      priority: 1
+      type: string
+    - jsonPath: .metadata.annotations['io\.kubewarden\.policy\.category']
+      name: Category
+      priority: 1
+      type: string
     name: v1
     schema:
       openAPIV3Schema:

charts/kubewarden-crds/templates/clusteradmissionpolicies.yaml

@@ -39,6 +39,17 @@ spec:
       jsonPath: .status.policyStatus
       name: Status
       type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    - jsonPath: .metadata.annotations['io\.kubewarden\.policy\.severity']
+      name: Severity
+      priority: 1
+      type: string
+    - jsonPath: .metadata.annotations['io\.kubewarden\.policy\.category']
+      name: Category
+      priority: 1
+      type: string
     name: v1
     schema:
       openAPIV3Schema:

charts/kubewarden-defaults/Chart.yaml

@@ -20,9 +20,9 @@ keywords:
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.6.1
+version: 1.7.0-rc1
 # This is the version of Kubewarden stack
-appVersion: "v1.6.0"
+appVersion: v1.7.0-rc1
 annotations:
   # required ones:
   catalog.cattle.io/certified: rancher # Any application we are adding as a helm chart
@@ -33,8 +33,8 @@ annotations:
   catalog.cattle.io/os: linux # this means linux only, other choice here is "windows". For charts that support both, don't add this annotation
   # optional ones:
   catalog.cattle.io/hidden: true # Hide specific charts. Only use on CRD charts.
-  catalog.cattle.io/auto-install: kubewarden-crds=1.3.1 # Similar to requires but auto-installed, not manually installed. Accepts `match`, or a specific version.
-  catalog.cattle.io/upstream-version: "1.6.0" # The version of the upstream chart or app. It prevents the unexpected "downgrade" when upgrading an installed chart that uses our 100.x.x+upVersion version schema.
+  catalog.cattle.io/auto-install: kubewarden-crds=1.4.0-rc1
+  catalog.cattle.io/upstream-version: 1.7.0-rc1
   # Valid values for the following annotation include: `cluster-tool`, `app` or `cluster-template`
   # See the Cluster Tools section to learn more about when to set this value to `cluster-tool`.
   catalog.cattle.io/type: cluster-tool

charts/kubewarden-defaults/chart-values.yaml

@@ -1,18 +1,16 @@
 # -- Additional labels to add to all resources
 additionalLabels: {}
 # app: kubewarden-defaults
-
 # -- Additional annotations to add to all resources
 additionalAnnotations: {}
 # owner: IT-group1
-
 # Policy Server settings
 policyServer:
   replicaCount: 1
   image:
     # The registry is defined in the global.cattle.systemDefaultRegistry value
     repository: "kubewarden/policy-server"
-    tag: "v1.6.0"
+    tag: v1.7.0-rc1
   serviceAccountName: policy-server
   # verificationConfig: your_configmap
   # Configmap containing a Sigstore verification configuration under a key
@@ -60,7 +58,7 @@ policyServer:
   #   - uri: "uri3"
   #     certs:
   #       - "cert4"
-  sourceAuthorities:
+  sourceAuthorities: {}
 crdVersion: "policies.kubewarden.io/v1"
 recommendedPolicies:
   enabled: False
@@ -116,7 +114,7 @@ recommendedPolicies:
   capabilitiesPolicy:
     module: "kubewarden/policies/capabilities-psp:v0.1.11"
     name: "drop-capabilities"
-    allowed_capabilities:
+    allowed_capabilities: []
     required_drop_capabilities:
       - ALL
-    default_add_capabilities:
+    default_add_capabilities: []

charts/kubewarden-defaults/values.yaml

@@ -13,18 +13,16 @@ global:
 # -- Additional labels to add to all resources
 additionalLabels: {}
 # app: kubewarden-defaults
-
 # -- Additional annotations to add to all resources
 additionalAnnotations: {}
 # owner: IT-group1
-
 # Policy Server settings
 policyServer:
   replicaCount: 1
   image:
     # The registry is defined in the global.cattle.systemDefaultRegistry value
     repository: "kubewarden/policy-server"
-    tag: "v1.6.0"
+    tag: v1.7.0-rc1
   serviceAccountName: policy-server
   # verificationConfig: your_configmap
   # Configmap containing a Sigstore verification configuration under a key
@@ -72,7 +70,7 @@ policyServer:
   #   - uri: "uri3"
   #     certs:
   #       - "cert4"
-  sourceAuthorities:
+  sourceAuthorities: {}
 crdVersion: "policies.kubewarden.io/v1"
 recommendedPolicies:
   enabled: False
@@ -128,7 +126,7 @@ recommendedPolicies:
   capabilitiesPolicy:
     module: "kubewarden/policies/capabilities-psp:v0.1.11"
     name: "drop-capabilities"
-    allowed_capabilities:
+    allowed_capabilities: []
     required_drop_capabilities:
       - ALL
-    default_add_capabilities:
+    default_add_capabilities: []