diff --git a/Makefile b/Makefile index 47881606b1b..48de3ddf276 100644 --- a/Makefile +++ b/Makefile @@ -10,7 +10,7 @@ DEV_TAG ?= dev USE_LOCAL_IMG ?= false ENABLE_GENERATOR_EXPANSION ?= false -VERSION := v3.11.0-rc.1 +VERSION := v3.12.0-beta.0 KIND_VERSION ?= 0.17.0 # note: k8s version pinned since KIND image availability lags k8s releases diff --git a/charts/gatekeeper/Chart.yaml b/charts/gatekeeper/Chart.yaml index f33e07d0755..38a5497d03d 100644 --- a/charts/gatekeeper/Chart.yaml +++ b/charts/gatekeeper/Chart.yaml @@ -4,8 +4,8 @@ name: gatekeeper icon: https://open-policy-agent.github.io/gatekeeper/website/img/logo.svg keywords: - open policy agent -version: 3.11.0-rc.1 +version: 3.12.0-beta.0 home: https://github.com/open-policy-agent/gatekeeper sources: - https://github.com/open-policy-agent/gatekeeper.git -appVersion: v3.11.0-rc.1 +appVersion: v3.12.0-beta.0 diff --git a/charts/gatekeeper/README.md b/charts/gatekeeper/README.md index fa31410d3d7..4278419da1c 100644 --- a/charts/gatekeeper/README.md +++ b/charts/gatekeeper/README.md @@ -65,9 +65,10 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | Parameter | Description | Default | | :-------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------ | | postInstall.labelNamespace.enabled | Add labels to the namespace during post install hooks | `true` | -| postInstall.labelNamespace.extraNamespaces | The extra namespaces that need to have the label during post upgrade hooks | `[]` | +| postInstall.labelNamespace.extraNamespaces | The extra namespaces that need to have the label during post install hooks | `[]` | +| postInstall.labelNamespace.extraAnnotations | Extra annotations added to the post install Job | `{}` | | postInstall.labelNamespace.image.repository | Image with kubectl to label the namespace | `openpolicyagent/gatekeeper-crds` | -| postInstall.labelNamespace.image.tag | Image tag | Current release version: `v3.11.0-rc.1` | +| postInstall.labelNamespace.image.tag | Image tag | Current release version: `v3.12.0-beta.0` | | postInstall.labelNamespace.image.pullPolicy | Image pullPolicy | `IfNotPresent` | | postInstall.labelNamespace.image.pullSecrets | Image pullSecrets | `[]` | | postInstall.labelNamespace.extraRules | Extra rules for the gatekeeper-update-namespace-label Role | `[]` | @@ -86,8 +87,9 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | postInstall.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` | | postUpgrade.labelNamespace.enabled | Add labels to the namespace during post upgrade hooks | `false` | | postUpgrade.labelNamespace.extraNamespaces | The extra namespaces that need to have the label during post upgrade hooks | `[]` | +| postUpgrade.labelNamespace.extraAnnotations | Extra annotations added to the post upgrade Job | `{}` | | postUpgrade.labelNamespace.image.repository | Image with kubectl to label the namespace | `openpolicyagent/gatekeeper-crds` | -| postUpgrade.labelNamespace.image.tag | Image tag | Current release version: `v3.11.0-rc.1` | +| postUpgrade.labelNamespace.image.tag | Image tag | Current release version: `v3.12.0-beta.0` | | postUpgrade.labelNamespace.image.pullPolicy | Image pullPolicy | `IfNotPresent` | | postUpgrade.labelNamespace.image.pullSecrets | Image pullSecrets | `[]` | postUpgrade.affinity | The affinity to use for pod scheduling in postUpgrade hook jobs | `{}` | @@ -97,7 +99,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | postUpgrade.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` | | preUninstall.deleteWebhooks.enabled | Delete webhooks before gatekeeper itself is uninstalled | `false` | | preUninstall.deleteWebhooks.image.repository | Image with kubectl to delete the webhooks | `openpolicyagent/gatekeeper-crds` | -| preUninstall.deleteWebhooks.image.tag | Image tag | Current release version: `v3.11.0-rc.1` | +| preUninstall.deleteWebhooks.image.tag | Image tag | Current release version: `v3.12.0-beta.0` | | preUninstall.deleteWebhooks.image.pullPolicy | Image pullPolicy | `IfNotPresent` | | preUninstall.deleteWebhooks.image.pullSecrets | Image pullSecrets | `[]` | | preUninstall.deleteWebhooks.extraRules | Extra rules for the gatekeeper-delete-webhook-configs Role | `[]` | @@ -116,7 +118,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | crds.securityContext | Security context applied to the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 65532, "runAsNonRoot": true, "runAsUser": 65532 }` | | auditInterval | The frequency with which audit is run | `60` | | constraintViolationsLimit | The maximum # of audit violations reported on a constraint | `20` | -| auditFromCache | Take the roster of resources to audit from the OPA cache | `false` | +| auditFromCache | Take the roster of resources to audit from the audit cache | `false` | | auditChunkSize | Chunk size for listing cluster resources for audit (alpha feature) | `500` | | auditMatchKindOnly | Only check resources of the kinds specified in all constraints defined in the cluster. | `false` | | disableValidatingWebhook | Disable the validating webhook | `false` | @@ -147,7 +149,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | logLevel | Minimum log level | `INFO` | | image.pullPolicy | The image pull policy | `IfNotPresent` | | image.repository | Image repository | `openpolicyagent/gatekeeper` | -| image.release | The image release tag to use | Current release version: `v3.11.0-rc.1` | +| image.release | The image release tag to use | Current release version: `v3.12.0-beta.0` | | image.pullSecrets | Specify an array of imagePullSecrets | `[]` | | resources | The resource request/limits for the container image | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi | | nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` | @@ -159,6 +161,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | controllerManager.metricsPort | Metrics port for controller manager | `8888` | | controllerManager.readinessTimeout | Timeout in seconds for the controller manager's readiness probe | `1` | | controllerManager.livenessTimeout | Timeout in seconds for the controller manager's liveness probe | `1` | +| controllerManager.logLevel | The minimum log level for the controller manager, takes precedence over `logLevel` when specified | `null` | controllerManager.priorityClassName | Priority class name for controller manager | `system-cluster-critical` | | controllerManager.podSecurityContext | Security context on pod level for controller manager | {fsGroup: 999, suplementalGroups: [999]} | | controllerManager.exemptNamespaces | The exact namespaces to exempt by the admission webhook | `[]` | @@ -177,6 +180,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | audit.metricsPort | Metrics port for audit | `8888` | | audit.readinessTimeout | Timeout in seconds for audit's readiness probe | `1` | | audit.livenessTimeout | Timeout in seconds for the audit's liveness probe | `1` | +| audit.logLevel | The minimum log level for audit, takes precedence over `logLevel` when specified | `null` | replicas | The number of Gatekeeper replicas to deploy for the webhook | `3` | | podAnnotations | The annotations to add to the Gatekeeper pods | `container.seccomp.security.alpha.kubernetes.io/manager: runtime/default` | | podLabels | The labels to add to the Gatekeeper pods | `{}` | diff --git a/charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml b/charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml index e11ad748713..3409d2f588e 100644 --- a/charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml +++ b/charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml @@ -49,7 +49,7 @@ spec: {{- end }} args: - --audit-interval={{ .Values.auditInterval }} - - --log-level={{ .Values.logLevel }} + - --log-level={{ (.Values.audit.logLevel | empty | not) | ternary .Values.audit.logLevel .Values.logLevel }} - --constraint-violations-limit={{ .Values.constraintViolationsLimit }} - --audit-from-cache={{ .Values.auditFromCache }} - --audit-chunk-size={{ .Values.auditChunkSize }} diff --git a/charts/gatekeeper/templates/gatekeeper-controller-manager-deployment.yaml b/charts/gatekeeper/templates/gatekeeper-controller-manager-deployment.yaml index 0ac934b00cf..ebb1d2559e9 100644 --- a/charts/gatekeeper/templates/gatekeeper-controller-manager-deployment.yaml +++ b/charts/gatekeeper/templates/gatekeeper-controller-manager-deployment.yaml @@ -54,7 +54,7 @@ spec: - --logtostderr - --log-denies={{ .Values.logDenies }} - --emit-admission-events={{ .Values.emitAdmissionEvents }} - - --log-level={{ .Values.logLevel }} + - --log-level={{ (.Values.controllerManager.logLevel | empty | not) | ternary .Values.controllerManager.logLevel .Values.logLevel }} - --exempt-namespace={{ .Release.Namespace }} - --operation=webhook - --enable-external-data={{ .Values.enableExternalData }} diff --git a/charts/gatekeeper/templates/namespace-post-install.yaml b/charts/gatekeeper/templates/namespace-post-install.yaml index 4f3a9920cbe..4f84b52b409 100644 --- a/charts/gatekeeper/templates/namespace-post-install.yaml +++ b/charts/gatekeeper/templates/namespace-post-install.yaml @@ -13,6 +13,9 @@ metadata: "helm.sh/hook": post-install "helm.sh/hook-weight": "-5" "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation + {{- if .Values.postInstall.labelNamespace.extraAnnotations }} + {{- toYaml .Values.postInstall.labelNamespace.extraAnnotations | trim | nindent 4 }} + {{- end }} spec: template: metadata: diff --git a/charts/gatekeeper/templates/namespace-post-upgrade.yaml b/charts/gatekeeper/templates/namespace-post-upgrade.yaml index 28d223bf452..43a1dadd9fa 100644 --- a/charts/gatekeeper/templates/namespace-post-upgrade.yaml +++ b/charts/gatekeeper/templates/namespace-post-upgrade.yaml @@ -13,6 +13,9 @@ metadata: "helm.sh/hook": post-upgrade "helm.sh/hook-weight": "-5" "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation + {{- if .Values.postUpgrade.labelNamespace.extraAnnotations }} + {{- toYaml .Values.postUpgrade.labelNamespace.extraAnnotations | trim | nindent 4 }} + {{- end }} spec: template: metadata: diff --git a/charts/gatekeeper/values.yaml b/charts/gatekeeper/values.yaml index 4f792f95597..823dc06f364 100644 --- a/charts/gatekeeper/values.yaml +++ b/charts/gatekeeper/values.yaml @@ -38,7 +38,7 @@ postUpgrade: enabled: false image: repository: openpolicyagent/gatekeeper-crds - tag: v3.11.0-rc.1 + tag: v3.12.0-beta.0 pullPolicy: IfNotPresent pullSecrets: [] extraNamespaces: [] @@ -48,6 +48,7 @@ postUpgrade: "pod-security.kubernetes.io/warn-version=latest", "pod-security.kubernetes.io/enforce=restricted", "pod-security.kubernetes.io/enforce-version=v1.24"] + extraAnnotations: {} affinity: {} tolerations: [] nodeSelector: {kubernetes.io/os: linux} @@ -67,7 +68,7 @@ postInstall: extraRules: [] image: repository: openpolicyagent/gatekeeper-crds - tag: v3.11.0-rc.1 + tag: v3.12.0-beta.0 pullPolicy: IfNotPresent pullSecrets: [] extraNamespaces: [] @@ -77,6 +78,7 @@ postInstall: "pod-security.kubernetes.io/warn-version=latest", "pod-security.kubernetes.io/enforce=restricted", "pod-security.kubernetes.io/enforce-version=v1.24"] + extraAnnotations: {} probeWebhook: enabled: true image: @@ -105,7 +107,7 @@ preUninstall: enabled: false image: repository: openpolicyagent/gatekeeper-crds - tag: v3.11.0-rc.1 + tag: v3.12.0-beta.0 pullPolicy: IfNotPresent pullSecrets: [] affinity: {} @@ -124,7 +126,7 @@ preUninstall: image: repository: openpolicyagent/gatekeeper crdRepository: openpolicyagent/gatekeeper-crds - release: v3.11.0-rc.1 + release: v3.12.0-beta.0 pullPolicy: IfNotPresent pullSecrets: [] podAnnotations: {} diff --git a/cmd/build/helmify/static/Chart.yaml b/cmd/build/helmify/static/Chart.yaml index f33e07d0755..38a5497d03d 100644 --- a/cmd/build/helmify/static/Chart.yaml +++ b/cmd/build/helmify/static/Chart.yaml @@ -4,8 +4,8 @@ name: gatekeeper icon: https://open-policy-agent.github.io/gatekeeper/website/img/logo.svg keywords: - open policy agent -version: 3.11.0-rc.1 +version: 3.12.0-beta.0 home: https://github.com/open-policy-agent/gatekeeper sources: - https://github.com/open-policy-agent/gatekeeper.git -appVersion: v3.11.0-rc.1 +appVersion: v3.12.0-beta.0 diff --git a/cmd/build/helmify/static/README.md b/cmd/build/helmify/static/README.md index 4a68c90b481..4278419da1c 100644 --- a/cmd/build/helmify/static/README.md +++ b/cmd/build/helmify/static/README.md @@ -68,7 +68,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | postInstall.labelNamespace.extraNamespaces | The extra namespaces that need to have the label during post install hooks | `[]` | | postInstall.labelNamespace.extraAnnotations | Extra annotations added to the post install Job | `{}` | | postInstall.labelNamespace.image.repository | Image with kubectl to label the namespace | `openpolicyagent/gatekeeper-crds` | -| postInstall.labelNamespace.image.tag | Image tag | Current release version: `v3.11.0-rc.1` | +| postInstall.labelNamespace.image.tag | Image tag | Current release version: `v3.12.0-beta.0` | | postInstall.labelNamespace.image.pullPolicy | Image pullPolicy | `IfNotPresent` | | postInstall.labelNamespace.image.pullSecrets | Image pullSecrets | `[]` | | postInstall.labelNamespace.extraRules | Extra rules for the gatekeeper-update-namespace-label Role | `[]` | @@ -89,7 +89,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | postUpgrade.labelNamespace.extraNamespaces | The extra namespaces that need to have the label during post upgrade hooks | `[]` | | postUpgrade.labelNamespace.extraAnnotations | Extra annotations added to the post upgrade Job | `{}` | | postUpgrade.labelNamespace.image.repository | Image with kubectl to label the namespace | `openpolicyagent/gatekeeper-crds` | -| postUpgrade.labelNamespace.image.tag | Image tag | Current release version: `v3.11.0-rc.1` | +| postUpgrade.labelNamespace.image.tag | Image tag | Current release version: `v3.12.0-beta.0` | | postUpgrade.labelNamespace.image.pullPolicy | Image pullPolicy | `IfNotPresent` | | postUpgrade.labelNamespace.image.pullSecrets | Image pullSecrets | `[]` | postUpgrade.affinity | The affinity to use for pod scheduling in postUpgrade hook jobs | `{}` | @@ -99,7 +99,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | postUpgrade.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` | | preUninstall.deleteWebhooks.enabled | Delete webhooks before gatekeeper itself is uninstalled | `false` | | preUninstall.deleteWebhooks.image.repository | Image with kubectl to delete the webhooks | `openpolicyagent/gatekeeper-crds` | -| preUninstall.deleteWebhooks.image.tag | Image tag | Current release version: `v3.11.0-rc.1` | +| preUninstall.deleteWebhooks.image.tag | Image tag | Current release version: `v3.12.0-beta.0` | | preUninstall.deleteWebhooks.image.pullPolicy | Image pullPolicy | `IfNotPresent` | | preUninstall.deleteWebhooks.image.pullSecrets | Image pullSecrets | `[]` | | preUninstall.deleteWebhooks.extraRules | Extra rules for the gatekeeper-delete-webhook-configs Role | `[]` | @@ -149,7 +149,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | logLevel | Minimum log level | `INFO` | | image.pullPolicy | The image pull policy | `IfNotPresent` | | image.repository | Image repository | `openpolicyagent/gatekeeper` | -| image.release | The image release tag to use | Current release version: `v3.11.0-rc.1` | +| image.release | The image release tag to use | Current release version: `v3.12.0-beta.0` | | image.pullSecrets | Specify an array of imagePullSecrets | `[]` | | resources | The resource request/limits for the container image | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi | | nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` | diff --git a/cmd/build/helmify/static/values.yaml b/cmd/build/helmify/static/values.yaml index c52d7d1e4c0..823dc06f364 100644 --- a/cmd/build/helmify/static/values.yaml +++ b/cmd/build/helmify/static/values.yaml @@ -38,7 +38,7 @@ postUpgrade: enabled: false image: repository: openpolicyagent/gatekeeper-crds - tag: v3.11.0-rc.1 + tag: v3.12.0-beta.0 pullPolicy: IfNotPresent pullSecrets: [] extraNamespaces: [] @@ -68,7 +68,7 @@ postInstall: extraRules: [] image: repository: openpolicyagent/gatekeeper-crds - tag: v3.11.0-rc.1 + tag: v3.12.0-beta.0 pullPolicy: IfNotPresent pullSecrets: [] extraNamespaces: [] @@ -107,7 +107,7 @@ preUninstall: enabled: false image: repository: openpolicyagent/gatekeeper-crds - tag: v3.11.0-rc.1 + tag: v3.12.0-beta.0 pullPolicy: IfNotPresent pullSecrets: [] affinity: {} @@ -126,7 +126,7 @@ preUninstall: image: repository: openpolicyagent/gatekeeper crdRepository: openpolicyagent/gatekeeper-crds - release: v3.11.0-rc.1 + release: v3.12.0-beta.0 pullPolicy: IfNotPresent pullSecrets: [] podAnnotations: {} diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 18f11c0ccf0..5eeeee9022c 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -56,7 +56,7 @@ spec: - "--operation=webhook" - "--operation=mutation-webhook" - "--disable-opa-builtin={http.send}" - image: openpolicyagent/gatekeeper:v3.11.0-rc.1 + image: openpolicyagent/gatekeeper:v3.12.0-beta.0 imagePullPolicy: Always name: manager ports: @@ -148,7 +148,7 @@ spec: - --disable-cert-rotation command: - /manager - image: openpolicyagent/gatekeeper:v3.11.0-rc.1 + image: openpolicyagent/gatekeeper:v3.12.0-beta.0 env: # used by Gatekeeper - name: POD_NAMESPACE diff --git a/deploy/gatekeeper.yaml b/deploy/gatekeeper.yaml index 3ecd842fedc..5b7d55b4d62 100644 --- a/deploy/gatekeeper.yaml +++ b/deploy/gatekeeper.yaml @@ -3189,7 +3189,7 @@ spec: fieldPath: metadata.namespace - name: CONTAINER_NAME value: manager - image: openpolicyagent/gatekeeper:v3.11.0-rc.1 + image: openpolicyagent/gatekeeper:v3.12.0-beta.0 imagePullPolicy: Always livenessProbe: httpGet: @@ -3306,7 +3306,7 @@ spec: fieldPath: metadata.namespace - name: CONTAINER_NAME value: manager - image: openpolicyagent/gatekeeper:v3.11.0-rc.1 + image: openpolicyagent/gatekeeper:v3.12.0-beta.0 imagePullPolicy: Always livenessProbe: httpGet: diff --git a/manifest_staging/charts/gatekeeper/Chart.yaml b/manifest_staging/charts/gatekeeper/Chart.yaml index f33e07d0755..38a5497d03d 100644 --- a/manifest_staging/charts/gatekeeper/Chart.yaml +++ b/manifest_staging/charts/gatekeeper/Chart.yaml @@ -4,8 +4,8 @@ name: gatekeeper icon: https://open-policy-agent.github.io/gatekeeper/website/img/logo.svg keywords: - open policy agent -version: 3.11.0-rc.1 +version: 3.12.0-beta.0 home: https://github.com/open-policy-agent/gatekeeper sources: - https://github.com/open-policy-agent/gatekeeper.git -appVersion: v3.11.0-rc.1 +appVersion: v3.12.0-beta.0 diff --git a/manifest_staging/charts/gatekeeper/README.md b/manifest_staging/charts/gatekeeper/README.md index 4a68c90b481..4278419da1c 100644 --- a/manifest_staging/charts/gatekeeper/README.md +++ b/manifest_staging/charts/gatekeeper/README.md @@ -68,7 +68,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | postInstall.labelNamespace.extraNamespaces | The extra namespaces that need to have the label during post install hooks | `[]` | | postInstall.labelNamespace.extraAnnotations | Extra annotations added to the post install Job | `{}` | | postInstall.labelNamespace.image.repository | Image with kubectl to label the namespace | `openpolicyagent/gatekeeper-crds` | -| postInstall.labelNamespace.image.tag | Image tag | Current release version: `v3.11.0-rc.1` | +| postInstall.labelNamespace.image.tag | Image tag | Current release version: `v3.12.0-beta.0` | | postInstall.labelNamespace.image.pullPolicy | Image pullPolicy | `IfNotPresent` | | postInstall.labelNamespace.image.pullSecrets | Image pullSecrets | `[]` | | postInstall.labelNamespace.extraRules | Extra rules for the gatekeeper-update-namespace-label Role | `[]` | @@ -89,7 +89,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | postUpgrade.labelNamespace.extraNamespaces | The extra namespaces that need to have the label during post upgrade hooks | `[]` | | postUpgrade.labelNamespace.extraAnnotations | Extra annotations added to the post upgrade Job | `{}` | | postUpgrade.labelNamespace.image.repository | Image with kubectl to label the namespace | `openpolicyagent/gatekeeper-crds` | -| postUpgrade.labelNamespace.image.tag | Image tag | Current release version: `v3.11.0-rc.1` | +| postUpgrade.labelNamespace.image.tag | Image tag | Current release version: `v3.12.0-beta.0` | | postUpgrade.labelNamespace.image.pullPolicy | Image pullPolicy | `IfNotPresent` | | postUpgrade.labelNamespace.image.pullSecrets | Image pullSecrets | `[]` | postUpgrade.affinity | The affinity to use for pod scheduling in postUpgrade hook jobs | `{}` | @@ -99,7 +99,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | postUpgrade.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` | | preUninstall.deleteWebhooks.enabled | Delete webhooks before gatekeeper itself is uninstalled | `false` | | preUninstall.deleteWebhooks.image.repository | Image with kubectl to delete the webhooks | `openpolicyagent/gatekeeper-crds` | -| preUninstall.deleteWebhooks.image.tag | Image tag | Current release version: `v3.11.0-rc.1` | +| preUninstall.deleteWebhooks.image.tag | Image tag | Current release version: `v3.12.0-beta.0` | | preUninstall.deleteWebhooks.image.pullPolicy | Image pullPolicy | `IfNotPresent` | | preUninstall.deleteWebhooks.image.pullSecrets | Image pullSecrets | `[]` | | preUninstall.deleteWebhooks.extraRules | Extra rules for the gatekeeper-delete-webhook-configs Role | `[]` | @@ -149,7 +149,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | logLevel | Minimum log level | `INFO` | | image.pullPolicy | The image pull policy | `IfNotPresent` | | image.repository | Image repository | `openpolicyagent/gatekeeper` | -| image.release | The image release tag to use | Current release version: `v3.11.0-rc.1` | +| image.release | The image release tag to use | Current release version: `v3.12.0-beta.0` | | image.pullSecrets | Specify an array of imagePullSecrets | `[]` | | resources | The resource request/limits for the container image | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi | | nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` | diff --git a/manifest_staging/charts/gatekeeper/values.yaml b/manifest_staging/charts/gatekeeper/values.yaml index c52d7d1e4c0..823dc06f364 100644 --- a/manifest_staging/charts/gatekeeper/values.yaml +++ b/manifest_staging/charts/gatekeeper/values.yaml @@ -38,7 +38,7 @@ postUpgrade: enabled: false image: repository: openpolicyagent/gatekeeper-crds - tag: v3.11.0-rc.1 + tag: v3.12.0-beta.0 pullPolicy: IfNotPresent pullSecrets: [] extraNamespaces: [] @@ -68,7 +68,7 @@ postInstall: extraRules: [] image: repository: openpolicyagent/gatekeeper-crds - tag: v3.11.0-rc.1 + tag: v3.12.0-beta.0 pullPolicy: IfNotPresent pullSecrets: [] extraNamespaces: [] @@ -107,7 +107,7 @@ preUninstall: enabled: false image: repository: openpolicyagent/gatekeeper-crds - tag: v3.11.0-rc.1 + tag: v3.12.0-beta.0 pullPolicy: IfNotPresent pullSecrets: [] affinity: {} @@ -126,7 +126,7 @@ preUninstall: image: repository: openpolicyagent/gatekeeper crdRepository: openpolicyagent/gatekeeper-crds - release: v3.11.0-rc.1 + release: v3.12.0-beta.0 pullPolicy: IfNotPresent pullSecrets: [] podAnnotations: {} diff --git a/manifest_staging/deploy/gatekeeper.yaml b/manifest_staging/deploy/gatekeeper.yaml index 3ecd842fedc..5b7d55b4d62 100644 --- a/manifest_staging/deploy/gatekeeper.yaml +++ b/manifest_staging/deploy/gatekeeper.yaml @@ -3189,7 +3189,7 @@ spec: fieldPath: metadata.namespace - name: CONTAINER_NAME value: manager - image: openpolicyagent/gatekeeper:v3.11.0-rc.1 + image: openpolicyagent/gatekeeper:v3.12.0-beta.0 imagePullPolicy: Always livenessProbe: httpGet: @@ -3306,7 +3306,7 @@ spec: fieldPath: metadata.namespace - name: CONTAINER_NAME value: manager - image: openpolicyagent/gatekeeper:v3.11.0-rc.1 + image: openpolicyagent/gatekeeper:v3.12.0-beta.0 imagePullPolicy: Always livenessProbe: httpGet: