From fc6d54aa75d51bd299e07deb91621d33ddf3a87b Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 28 Jun 2023 14:08:49 -0300 Subject: [PATCH] Kubewarden v1.7.0-rc1 release (#253) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Releases Kubewarden stack v1.7.0-rc1 updating all the 3 Helm charts. Signed-off-by: José Guilherme Vanz --- charts/kubewarden-controller/Chart.yaml | 8 ++++---- charts/kubewarden-controller/chart-values.yaml | 13 +------------ charts/kubewarden-controller/values.yaml | 13 +------------ charts/kubewarden-crds/Chart.yaml | 6 +++--- .../templates/admissionpolicies.yaml | 11 +++++++++++ .../templates/clusteradmissionpolicies.yaml | 11 +++++++++++ charts/kubewarden-defaults/Chart.yaml | 8 ++++---- charts/kubewarden-defaults/chart-values.yaml | 10 ++++------ charts/kubewarden-defaults/values.yaml | 10 ++++------ 9 files changed, 43 insertions(+), 47 deletions(-) diff --git a/charts/kubewarden-controller/Chart.yaml b/charts/kubewarden-controller/Chart.yaml index 16a07ecb..5409b970 100644 --- a/charts/kubewarden-controller/Chart.yaml +++ b/charts/kubewarden-controller/Chart.yaml @@ -21,9 +21,9 @@ maintainers: # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.5.3 +version: 1.6.0-rc1 # This is the version of Kubewarden stack -appVersion: "v1.6.0" +appVersion: v1.7.0-rc1 annotations: # required ones: catalog.cattle.io/certified: rancher # Any application we are adding as a helm chart @@ -33,14 +33,14 @@ annotations: catalog.cattle.io/display-name: Kubewarden # Only for Charts with custom UI catalog.cattle.io/os: linux # this means linux only, other choice here is "windows". For charts that support both, don't add this annotation # optional ones: - catalog.cattle.io/auto-install: kubewarden-crds=1.3.1 # Similar to requires but auto-installed, not manually installed. Accepts `match`, or a specific version. + catalog.cattle.io/auto-install: kubewarden-crds=1.4.0-rc1 catalog.cattle.io/provides-gvr: "policyservers.policies.kubewarden.io/v1" # Declare that this chart provides a type, which other charts may use in `requires-gvr`. Only add to parent, not CRD chart. # The following two will create a UI warning if the request is not available in cluster # Assume the most standard setup for your chart. These can be strings with amounts, ie 64Mi or 2Gi are both valid. catalog.cattle.io/requests-cpu: "250m" catalog.cattle.io/requests-memory: "50Mi" catalog.cattle.io/rancher-version: ">= 2.6.0-0 <= 2.7.100-0" # Chart will only be available for users in the specified Rancher version(s), here its 2.5.0-2.5.99. This _must_ use build metadata or it won't work correctly for future RC's. - catalog.cattle.io/upstream-version: "1.5.3" # The version of the upstream chart or app. It prevents the unexpected "downgrade" when upgrading an installed chart that uses our 100.x.x+upVersion version schema. + catalog.cattle.io/upstream-version: 1.6.0-rc1 # Valid values for the following annotation include: `cluster-tool`, `app` or `cluster-template` # See the Cluster Tools section to learn more about when to set this value to `cluster-tool`. catalog.cattle.io/type: cluster-tool diff --git a/charts/kubewarden-controller/chart-values.yaml b/charts/kubewarden-controller/chart-values.yaml index a5d50a56..f3208235 100644 --- a/charts/kubewarden-controller/chart-values.yaml +++ b/charts/kubewarden-controller/chart-values.yaml @@ -1,5 +1,4 @@ # Settings for kubewarden-controller. - # nameOverride Replaces the release name of the chart in Chart.yaml file when # this is used to construct Kubernetes object names nameOverride: "" @@ -10,23 +9,19 @@ imagePullSecrets: [] # -- Additional labels to add to all resources additionalLabels: {} # app: kubewarden-controller - # -- Additional annotations to add to all resources additionalAnnotations: {} # owner: IT-group1 - # SecurityContext to be used in the controller and audit-scanner containers. The # content of the containerSecurityContext will be set directly as the # securityContext of the container containerSecurityContext: allowPrivilegeEscalation: false - # SecurityContext to be used in the controller and audit-scanner pods. The # content of the podSecurityContext will be set directly as the securityContext # of the pod podSecurityContext: runAsNonRoot: true - # SecurityContext to be used in the pre-delete-hook job container and pod. # The content of the next fields will be set directly as the securityContext # of the container and pod used in the pre-delete-hook job. @@ -35,7 +30,6 @@ preDeleteHook: allowPrivilegeEscalation: false podSecurityContext: runAsNonRoot: true - # open-telemetry options telemetry: enabled: False @@ -47,22 +41,19 @@ telemetry: # endpoint: "all-in-one-collector.jaeger.svc.cluster.local:14250" # tls: # insecure: true - image: # The registry is defined in the global.cattle.systemDefaultRegistry value # controller image to be used repository: "kubewarden/kubewarden-controller" # image tag - tag: "v1.6.2" + tag: v1.7.0-rc1 pullPolicy: IfNotPresent - preDeleteJob: image: # The registry is defined in the global.cattle.systemDefaultRegistry value # kubectl image to be used in the pre-delete helm hook repository: "kubewarden/kubectl" tag: "v1.25.9" - # kubewarden-controller deployment settings: podAnnotations: {} nodeSelector: {} @@ -79,7 +70,6 @@ tls: source: cert-manager-self-signed # "cert-manager"-only options: certManagerIssuerName: "" - # Resource limits & requests # Ref: https://kubernetes.io/docs/user-guide/compute-resources/ resources: @@ -97,7 +87,6 @@ resources: requests: cpu: 250m memory: 50Mi - # experimental Kubewarden features. These features are not recommended for # production yet, and are not covered by SemVer guarantees. experimental: diff --git a/charts/kubewarden-controller/values.yaml b/charts/kubewarden-controller/values.yaml index a15a0531..5e100d60 100644 --- a/charts/kubewarden-controller/values.yaml +++ b/charts/kubewarden-controller/values.yaml @@ -11,7 +11,6 @@ global: name: default enabled: true # Settings for kubewarden-controller. - # nameOverride Replaces the release name of the chart in Chart.yaml file when # this is used to construct Kubernetes object names nameOverride: "" @@ -22,23 +21,19 @@ imagePullSecrets: [] # -- Additional labels to add to all resources additionalLabels: {} # app: kubewarden-controller - # -- Additional annotations to add to all resources additionalAnnotations: {} # owner: IT-group1 - # SecurityContext to be used in the controller and audit-scanner containers. The # content of the containerSecurityContext will be set directly as the # securityContext of the container containerSecurityContext: allowPrivilegeEscalation: false - # SecurityContext to be used in the controller and audit-scanner pods. The # content of the podSecurityContext will be set directly as the securityContext # of the pod podSecurityContext: runAsNonRoot: true - # SecurityContext to be used in the pre-delete-hook job container and pod. # The content of the next fields will be set directly as the securityContext # of the container and pod used in the pre-delete-hook job. @@ -47,7 +42,6 @@ preDeleteHook: allowPrivilegeEscalation: false podSecurityContext: runAsNonRoot: true - # open-telemetry options telemetry: enabled: False @@ -59,22 +53,19 @@ telemetry: # endpoint: "all-in-one-collector.jaeger.svc.cluster.local:14250" # tls: # insecure: true - image: # The registry is defined in the global.cattle.systemDefaultRegistry value # controller image to be used repository: "kubewarden/kubewarden-controller" # image tag - tag: "v1.6.2" + tag: v1.7.0-rc1 pullPolicy: IfNotPresent - preDeleteJob: image: # The registry is defined in the global.cattle.systemDefaultRegistry value # kubectl image to be used in the pre-delete helm hook repository: "kubewarden/kubectl" tag: "v1.25.9" - # kubewarden-controller deployment settings: podAnnotations: {} nodeSelector: {} @@ -91,7 +82,6 @@ tls: source: cert-manager-self-signed # "cert-manager"-only options: certManagerIssuerName: "" - # Resource limits & requests # Ref: https://kubernetes.io/docs/user-guide/compute-resources/ resources: @@ -109,7 +99,6 @@ resources: requests: cpu: 250m memory: 50Mi - # experimental Kubewarden features. These features are not recommended for # production yet, and are not covered by SemVer guarantees. experimental: diff --git a/charts/kubewarden-crds/Chart.yaml b/charts/kubewarden-crds/Chart.yaml index 5d3fa765..c0a15d87 100644 --- a/charts/kubewarden-crds/Chart.yaml +++ b/charts/kubewarden-crds/Chart.yaml @@ -20,9 +20,9 @@ keywords: # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.3.1 +version: 1.4.0-rc1 # This is the version of Kubewarden stack -appVersion: "v1.6.0" +appVersion: v1.7.0-rc1 annotations: # required ones: catalog.cattle.io/certified: rancher # Any application we are adding as a helm chart @@ -31,7 +31,7 @@ annotations: catalog.cattle.io/os: linux # this means linux only, other choice here is "windows". For charts that support both, don't add this annotation # optional ones: catalog.cattle.io/hidden: true # Hide specific charts. Only use on CRD charts. - catalog.cattle.io/upstream-version: "1.3.1" # The version of the upstream chart or app. It prevents the unexpected "downgrade" when upgrading an installed chart that uses our 100.x.x+upVersion version schema. + catalog.cattle.io/upstream-version: 1.4.0-rc1 # Valid values for the following annotation include: `cluster-tool`, `app` or `cluster-template` # See the Cluster Tools section to learn more about when to set this value to `cluster-tool`. catalog.cattle.io/type: cluster-tool diff --git a/charts/kubewarden-crds/templates/admissionpolicies.yaml b/charts/kubewarden-crds/templates/admissionpolicies.yaml index fbba084b..27087b2c 100644 --- a/charts/kubewarden-crds/templates/admissionpolicies.yaml +++ b/charts/kubewarden-crds/templates/admissionpolicies.yaml @@ -39,6 +39,17 @@ spec: jsonPath: .status.policyStatus name: Status type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .metadata.annotations['io\.kubewarden\.policy\.severity'] + name: Severity + priority: 1 + type: string + - jsonPath: .metadata.annotations['io\.kubewarden\.policy\.category'] + name: Category + priority: 1 + type: string name: v1 schema: openAPIV3Schema: diff --git a/charts/kubewarden-crds/templates/clusteradmissionpolicies.yaml b/charts/kubewarden-crds/templates/clusteradmissionpolicies.yaml index 68cf7cb5..3cc2684e 100644 --- a/charts/kubewarden-crds/templates/clusteradmissionpolicies.yaml +++ b/charts/kubewarden-crds/templates/clusteradmissionpolicies.yaml @@ -39,6 +39,17 @@ spec: jsonPath: .status.policyStatus name: Status type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .metadata.annotations['io\.kubewarden\.policy\.severity'] + name: Severity + priority: 1 + type: string + - jsonPath: .metadata.annotations['io\.kubewarden\.policy\.category'] + name: Category + priority: 1 + type: string name: v1 schema: openAPIV3Schema: diff --git a/charts/kubewarden-defaults/Chart.yaml b/charts/kubewarden-defaults/Chart.yaml index d2f9be76..fdf8993f 100644 --- a/charts/kubewarden-defaults/Chart.yaml +++ b/charts/kubewarden-defaults/Chart.yaml @@ -20,9 +20,9 @@ keywords: # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.6.1 +version: 1.7.0-rc1 # This is the version of Kubewarden stack -appVersion: "v1.6.0" +appVersion: v1.7.0-rc1 annotations: # required ones: catalog.cattle.io/certified: rancher # Any application we are adding as a helm chart @@ -33,8 +33,8 @@ annotations: catalog.cattle.io/os: linux # this means linux only, other choice here is "windows". For charts that support both, don't add this annotation # optional ones: catalog.cattle.io/hidden: true # Hide specific charts. Only use on CRD charts. - catalog.cattle.io/auto-install: kubewarden-crds=1.3.1 # Similar to requires but auto-installed, not manually installed. Accepts `match`, or a specific version. - catalog.cattle.io/upstream-version: "1.6.0" # The version of the upstream chart or app. It prevents the unexpected "downgrade" when upgrading an installed chart that uses our 100.x.x+upVersion version schema. + catalog.cattle.io/auto-install: kubewarden-crds=1.4.0-rc1 + catalog.cattle.io/upstream-version: 1.7.0-rc1 # Valid values for the following annotation include: `cluster-tool`, `app` or `cluster-template` # See the Cluster Tools section to learn more about when to set this value to `cluster-tool`. catalog.cattle.io/type: cluster-tool diff --git a/charts/kubewarden-defaults/chart-values.yaml b/charts/kubewarden-defaults/chart-values.yaml index d275da6c..07d6304a 100644 --- a/charts/kubewarden-defaults/chart-values.yaml +++ b/charts/kubewarden-defaults/chart-values.yaml @@ -1,18 +1,16 @@ # -- Additional labels to add to all resources additionalLabels: {} # app: kubewarden-defaults - # -- Additional annotations to add to all resources additionalAnnotations: {} # owner: IT-group1 - # Policy Server settings policyServer: replicaCount: 1 image: # The registry is defined in the global.cattle.systemDefaultRegistry value repository: "kubewarden/policy-server" - tag: "v1.6.0" + tag: v1.7.0-rc1 serviceAccountName: policy-server # verificationConfig: your_configmap # Configmap containing a Sigstore verification configuration under a key @@ -60,7 +58,7 @@ policyServer: # - uri: "uri3" # certs: # - "cert4" - sourceAuthorities: + sourceAuthorities: {} crdVersion: "policies.kubewarden.io/v1" recommendedPolicies: enabled: False @@ -116,7 +114,7 @@ recommendedPolicies: capabilitiesPolicy: module: "kubewarden/policies/capabilities-psp:v0.1.11" name: "drop-capabilities" - allowed_capabilities: + allowed_capabilities: [] required_drop_capabilities: - ALL - default_add_capabilities: + default_add_capabilities: [] diff --git a/charts/kubewarden-defaults/values.yaml b/charts/kubewarden-defaults/values.yaml index 344a3745..5a9bd0b7 100644 --- a/charts/kubewarden-defaults/values.yaml +++ b/charts/kubewarden-defaults/values.yaml @@ -13,18 +13,16 @@ global: # -- Additional labels to add to all resources additionalLabels: {} # app: kubewarden-defaults - # -- Additional annotations to add to all resources additionalAnnotations: {} # owner: IT-group1 - # Policy Server settings policyServer: replicaCount: 1 image: # The registry is defined in the global.cattle.systemDefaultRegistry value repository: "kubewarden/policy-server" - tag: "v1.6.0" + tag: v1.7.0-rc1 serviceAccountName: policy-server # verificationConfig: your_configmap # Configmap containing a Sigstore verification configuration under a key @@ -72,7 +70,7 @@ policyServer: # - uri: "uri3" # certs: # - "cert4" - sourceAuthorities: + sourceAuthorities: {} crdVersion: "policies.kubewarden.io/v1" recommendedPolicies: enabled: False @@ -128,7 +126,7 @@ recommendedPolicies: capabilitiesPolicy: module: "kubewarden/policies/capabilities-psp:v0.1.11" name: "drop-capabilities" - allowed_capabilities: + allowed_capabilities: [] required_drop_capabilities: - ALL - default_add_capabilities: + default_add_capabilities: []