Update admission controller chart to v0.3.0 with support for v0.3.0 (#…

…149) * Update admission controller chart to v0.3.0 with support for v0.3.0 of the controller Signed-off-by: Zach Hill <[email protected]> * Fix bracket formatting to pass ci lint Signed-off-by: Zach Hill <[email protected]>
anchore · Jun 9, 2021 · d56cf1e · d56cf1e
1 parent e2f7ea0
commit d56cf1e
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 15 deletions.
diff --git a/stable/anchore-admission-controller/Chart.yaml b/stable/anchore-admission-controller/Chart.yaml
@@ -1,8 +1,8 @@
 name: anchore-admission-controller
 description: A kubernetes admission controller for validating and mutating webhooks that operates against Anchore Engine to make access decisions and annotations
 apiVersion: v1
-appVersion: 0.2.2
-version: 0.2.11
+appVersion: 0.3.0
+version: 0.3.0
 home: https://github.com/anchore/kubernetes-admission-controller
 maintainers:
   - name: zhill

diff --git a/stable/anchore-admission-controller/templates/webhook.yaml b/stable/anchore-admission-controller/templates/webhook.yaml
@@ -15,14 +15,7 @@ webhooks:
     caBundle: {{ . | b64enc }}
     {{- end }}
   rules:
-  - operations:
-    - CREATE
-    apiGroups:
-    - ""
-    apiVersions:
-    - "*"
-    resources:
-    - pods
+    {{- toYaml .Values.apiService.webhook.rules | nindent 4}}
   failurePolicy: {{ .Values.apiService.webhook.failurePolicy }}
   namespaceSelector: {{- toYaml .Values.apiService.namespaceSelector | nindent 4 }}
 {{- end }}
diff --git a/stable/anchore-admission-controller/values.yaml b/stable/anchore-admission-controller/values.yaml
@@ -3,9 +3,9 @@
 # Declare variables to be passed into your templates.
 
 replicaCount: 1
-logVerbosity: 6
+logVerbosity: 3
 
-image: "anchore/kubernetes-admission-controller:v0.2.2"
+image: "anchore/kubernetes-admission-controller:v0.3.0"
 imagePullPolicy: IfNotPresent
 
 service:
@@ -18,6 +18,23 @@ apiService:
   webhook:
     enabled: true
     failurePolicy: Ignore
+    rules:
+      - operations:
+          - CREATE
+        apiGroups:
+          - ""
+          - apps
+          - batch
+        apiVersions:
+          - "*"
+        resources:
+          - pods
+          - deployments
+          - replicasets
+          - statefulsets
+          - jobs
+          - cronjobs
+          - daemonsets
     # caBundle value can be obtained with: kubectl config view --raw --minify --flatten -o jsonpath='{.clusters[].cluster.certificate-authority-data}'
     # caBundle:
   group: admission.anchore.io
@@ -55,7 +72,7 @@ resources: {}
   #  memory: 128Mi
   # requests:
   #  cpu: 100m
-  #  memory: 128Mi
+#  memory: 128Mi
 
 ## Node labels for pod assignment
 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
@@ -78,11 +95,11 @@ credentials: {}
   # - username: user1
   #   password: password1
   # - username: user2
-  #   password: password2
+#   password: password2
 
 # Settings related to init-ca pod
 initCa:
   # Define custom environment variables to pass to init-ca pod
   extraEnv: []
     # - name: FOO
-    # value: "bar"
+  # value: "bar"