From d56cf1e5600d869894dcd6fccc482cebf1e54120 Mon Sep 17 00:00:00 2001 From: Zach Hill Date: Wed, 9 Jun 2021 15:24:02 -0700 Subject: [PATCH] Update admission controller chart to v0.3.0 with support for v0.3.0 (#149) * Update admission controller chart to v0.3.0 with support for v0.3.0 of the controller Signed-off-by: Zach Hill * Fix bracket formatting to pass ci lint Signed-off-by: Zach Hill --- .../anchore-admission-controller/Chart.yaml | 4 +-- .../templates/webhook.yaml | 9 +------ .../anchore-admission-controller/values.yaml | 27 +++++++++++++++---- 3 files changed, 25 insertions(+), 15 deletions(-) diff --git a/stable/anchore-admission-controller/Chart.yaml b/stable/anchore-admission-controller/Chart.yaml index 47319747..e34e37a7 100644 --- a/stable/anchore-admission-controller/Chart.yaml +++ b/stable/anchore-admission-controller/Chart.yaml @@ -1,8 +1,8 @@ name: anchore-admission-controller description: A kubernetes admission controller for validating and mutating webhooks that operates against Anchore Engine to make access decisions and annotations apiVersion: v1 -appVersion: 0.2.2 -version: 0.2.11 +appVersion: 0.3.0 +version: 0.3.0 home: https://github.com/anchore/kubernetes-admission-controller maintainers: - name: zhill diff --git a/stable/anchore-admission-controller/templates/webhook.yaml b/stable/anchore-admission-controller/templates/webhook.yaml index dee1eaaf..3e6cbbcb 100644 --- a/stable/anchore-admission-controller/templates/webhook.yaml +++ b/stable/anchore-admission-controller/templates/webhook.yaml @@ -15,14 +15,7 @@ webhooks: caBundle: {{ . | b64enc }} {{- end }} rules: - - operations: - - CREATE - apiGroups: - - "" - apiVersions: - - "*" - resources: - - pods + {{- toYaml .Values.apiService.webhook.rules | nindent 4}} failurePolicy: {{ .Values.apiService.webhook.failurePolicy }} namespaceSelector: {{- toYaml .Values.apiService.namespaceSelector | nindent 4 }} {{- end }} diff --git a/stable/anchore-admission-controller/values.yaml b/stable/anchore-admission-controller/values.yaml index aee4901d..ade29bd8 100644 --- a/stable/anchore-admission-controller/values.yaml +++ b/stable/anchore-admission-controller/values.yaml @@ -3,9 +3,9 @@ # Declare variables to be passed into your templates. replicaCount: 1 -logVerbosity: 6 +logVerbosity: 3 -image: "anchore/kubernetes-admission-controller:v0.2.2" +image: "anchore/kubernetes-admission-controller:v0.3.0" imagePullPolicy: IfNotPresent service: @@ -18,6 +18,23 @@ apiService: webhook: enabled: true failurePolicy: Ignore + rules: + - operations: + - CREATE + apiGroups: + - "" + - apps + - batch + apiVersions: + - "*" + resources: + - pods + - deployments + - replicasets + - statefulsets + - jobs + - cronjobs + - daemonsets # caBundle value can be obtained with: kubectl config view --raw --minify --flatten -o jsonpath='{.clusters[].cluster.certificate-authority-data}' # caBundle: group: admission.anchore.io @@ -55,7 +72,7 @@ resources: {} # memory: 128Mi # requests: # cpu: 100m - # memory: 128Mi +# memory: 128Mi ## Node labels for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector @@ -78,11 +95,11 @@ credentials: {} # - username: user1 # password: password1 # - username: user2 - # password: password2 +# password: password2 # Settings related to init-ca pod initCa: # Define custom environment variables to pass to init-ca pod extraEnv: [] # - name: FOO - # value: "bar" + # value: "bar"