Merge branch 'renovate/ironbank' into 'main'

Update gatekeeper to v3.13.3, kubectl to v1.28.3, gluon to 0.4.3 See merge request !180

Merge branch 'renovate/ironbank' into 'main'
24c8a7ef · Brett Charrier · 1f2ca11b · 1633035c · 24c8a7ef · 24c8a7ef
Commit 24c8a7ef authored 1 year ago by Brett Charrier
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,13 @@
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

 ---
+## [3.13.3-bb.0] 2023-11-01
+### Changed
+- Updated registry1.dso.mil/ironbank/opensource/openpolicyagent/gatekeeper v3.13.2 -> v3.13.3
+- Updated ironbank/opensource/openpolicyagent/gatekeeper v3.13.2 -> v3.13.3
+- Updated gluon 0.4.1 -> 0.4.3
+- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.28.2 -> v1.28.3
+
 ## [3.13.2-bb.0] 2023-10-11
 ### Changed
 - Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl 1.27.6 -> 1.28.2

--- a/README.md
+++ b/README.md
 # gatekeeper

-![Version: 3.13.2-bb.0](https://img.shields.io/badge/Version-3.13.2--bb.0-informational?style=flat-square) ![AppVersion: v3.13.2](https://img.shields.io/badge/AppVersion-v3.13.2-informational?style=flat-square)
+![Version: 3.13.3-bb.0](https://img.shields.io/badge/Version-3.13.3--bb.0-informational?style=flat-square) ![AppVersion: v3.13.3](https://img.shields.io/badge/AppVersion-v3.13.3-informational?style=flat-square)

 A Helm chart for Gatekeeper

@@ -78,13 +78,13 @@ helm install gatekeeper chart/
 | auditEventsInvolvedNamespace | bool | `false` |  |
 | resourceQuota | bool | `true` |  |
 | image.repository | string | `"registry1.dso.mil/ironbank/opensource/openpolicyagent/gatekeeper"` |  |
-| image.release | string | `"v3.13.2"` |  |
+| image.release | string | `"v3.13.3"` |  |
 | image.pullPolicy | string | `"IfNotPresent"` |  |
 | image.pullSecrets[0].name | string | `"private-registry"` |  |
 | image.crdRepository | string | `"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl"` |  |
-| image.crdRelease | string | `"v1.28.2"` |  |
+| image.crdRelease | string | `"v1.28.3"` |  |
 | preInstall.crdRepository.image.repository | string | `"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl"` |  |
-| preInstall.crdRepository.image.tag | string | `"v1.28.2"` |  |
+| preInstall.crdRepository.image.tag | string | `"v1.28.3"` |  |
 | preInstall.securityContext.allowPrivilegeEscalation | bool | `false` |  |
 | preInstall.securityContext.capabilities.drop[0] | string | `"ALL"` |  |
 | preInstall.securityContext.readOnlyRootFilesystem | bool | `true` |  |
@@ -93,7 +93,7 @@ helm install gatekeeper chart/
 | preInstall.securityContext.runAsUser | int | `1000` |  |
 | postUpgrade.labelNamespace.enabled | bool | `false` |  |
 | postUpgrade.labelNamespace.image.repository | string | `"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl"` |  |
-| postUpgrade.labelNamespace.image.tag | string | `"v1.28.2"` |  |
+| postUpgrade.labelNamespace.image.tag | string | `"v1.28.3"` |  |
 | postUpgrade.labelNamespace.image.pullPolicy | string | `"IfNotPresent"` |  |
 | postUpgrade.labelNamespace.image.pullSecrets | list | `[]` |  |
 | postUpgrade.labelNamespace.extraNamespaces | list | `[]` |  |
@@ -113,7 +113,7 @@ helm install gatekeeper chart/
 | postInstall.labelNamespace.enabled | bool | `true` |  |
 | postInstall.labelNamespace.extraRules | list | `[]` |  |
 | postInstall.labelNamespace.image.repository | string | `"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl"` |  |
-| postInstall.labelNamespace.image.tag | string | `"v1.28.2"` |  |
+| postInstall.labelNamespace.image.tag | string | `"v1.28.3"` |  |
 | postInstall.labelNamespace.image.pullPolicy | string | `"IfNotPresent"` |  |
 | postInstall.labelNamespace.image.pullSecrets | list | `[]` |  |
 | postInstall.labelNamespace.extraNamespaces | list | `[]` |  |
@@ -141,7 +141,7 @@ helm install gatekeeper chart/
 | preUninstall.deleteWebhookConfigurations.extraRules | list | `[]` |  |
 | preUninstall.deleteWebhookConfigurations.enabled | bool | `false` |  |
 | preUninstall.deleteWebhookConfigurations.image.repository | string | `"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl"` |  |
-| preUninstall.deleteWebhookConfigurations.image.tag | string | `"v1.28.2"` |  |
+| preUninstall.deleteWebhookConfigurations.image.tag | string | `"v1.28.3"` |  |
 | preUninstall.deleteWebhookConfigurations.image.pullPolicy | string | `"IfNotPresent"` |  |
 | preUninstall.deleteWebhookConfigurations.image.pullSecrets | list | `[]` |  |
 | preUninstall.deleteWebhookConfigurations.priorityClassName | string | `""` |  |
@@ -156,11 +156,11 @@ helm install gatekeeper chart/
 | preUninstall.securityContext.runAsNonRoot | bool | `true` |  |
 | preUninstall.securityContext.runAsUser | int | `1000` |  |
 | image.repository | string | `"registry1.dso.mil/ironbank/opensource/openpolicyagent/gatekeeper"` |  |
-| image.release | string | `"v3.13.2"` |  |
+| image.release | string | `"v3.13.3"` |  |
 | image.pullPolicy | string | `"IfNotPresent"` |  |
 | image.pullSecrets[0].name | string | `"private-registry"` |  |
 | image.crdRepository | string | `"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl"` |  |
-| image.crdRelease | string | `"v1.28.2"` |  |
+| image.crdRelease | string | `"v1.28.3"` |  |
 | podAnnotations."container.seccomp.security.alpha.kubernetes.io/manager" | string | `"runtime/default"` |  |
 | auditPodAnnotations | object | `{}` |  |
 | podLabels | object | `{}` |  |
@@ -495,7 +495,7 @@ helm install gatekeeper chart/
 | networkPolicies.enabled | bool | `false` |  |
 | networkPolicies.controlPlaneCidr | string | `"0.0.0.0/0"` |  |
 | bbtests.enabled | bool | `true` |  |
-| bbtests.scripts.image | string | `"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.28.2"` |  |
+| bbtests.scripts.image | string | `"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.28.3"` |  |
 | bbtests.scripts.securityContext.allowPrivilegeEscalation | bool | `false` |  |
 | bbtests.scripts.securityContext.capabilities.drop[0] | string | `"ALL"` |  |
 | bbtests.scripts.securityContext.readOnlyRootFilesystem | bool | `true` |  |

--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -3,24 +3,24 @@ description: A Helm chart for Gatekeeper
 name: gatekeeper
 keywords:
  - open policy agent
-version: 3.13.2-bb.0
+version: 3.13.3-bb.0
 home: https://github.com/open-policy-agent/gatekeeper
 sources:
  - https://github.com/open-policy-agent/gatekeeper.git
-appVersion: v3.13.2
+appVersion: v3.13.3
 dependencies:
  - name: gluon
-    version: 0.4.1
+    version: 0.4.3
    repository: oci://registry1.dso.mil/bigbang 
 annotations:
  bigbang.dev/applicationVersions: |
-    - Gatekeeper: v3.13.2
+    - Gatekeeper: v3.13.3
  # kubectl and base images below are conditionally used 
  # dependent on your configuration of bbtests, postInstall, probeWebhook, preUninstall values
  helm.sh/images: |
    - name: gatekeeper
-      image: registry1.dso.mil/ironbank/opensource/openpolicyagent/gatekeeper:v3.13.2
+      image: registry1.dso.mil/ironbank/opensource/openpolicyagent/gatekeeper:v3.13.3
    - name: kubectl
-      image: registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.28.2
+      image: registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.28.3
    - name: base
      image: registry1.dso.mil/ironbank/big-bang/base:2.0.0
--- a/chart/Kptfile
+++ b/chart/Kptfile
@@ -5,7 +5,7 @@ metadata:
 upstream:
  type: git
  git:
-    commit: 2741a8ed67284347991c9da59c292d711e1523dd
+    commit: 71a3f00fc5a50ae9de9fe16741f88482d1843cc4
    repo: https://github.com/open-policy-agent/gatekeeper
    directory: /charts/gatekeeper
-    ref: v3.13.2
+    ref: v3.13.3
--- a/chart/README.md
+++ b/chart/README.md
@@ -74,7 +74,7 @@ information._
 | postInstall.labelNamespace.extraNamespaces                 | The extra namespaces that need to have the label during post install hooks                                                                                                                                                                                                                     | `[]`                                                                                                                                                                  |
 | postInstall.labelNamespace.extraAnnotations                | Extra annotations added to the post install Job                                                                                                                                                                                                                                                | `{}`                                                                                                                                                                  |
 | postInstall.labelNamespace.image.repository                | Image with kubectl to label the namespace                                                                                                                                                                                                                                                      | `openpolicyagent/gatekeeper-crds`                                                                                                                                     |
-| postInstall.labelNamespace.image.tag                       | Image tag                                                                                                                                                                                                                                                                                      | Current release version: `v3.13.2`                                                                                                                             |
+| postInstall.labelNamespace.image.tag                       | Image tag                                                                                                                                                                                                                                                                                      | Current release version: `v3.13.3`                                                                                                                             |
 | postInstall.labelNamespace.image.pullPolicy                | Image pullPolicy                                                                                                                                                                                                                                                                               | `IfNotPresent`                                                                                                                                                        |
 | postInstall.labelNamespace.image.pullSecrets               | Image pullSecrets                                                                                                                                                                                                                                                                              | `[]`                                                                                                                                                                  |
 | postInstall.labelNamespace.extraRules                      | Extra rules for the gatekeeper-update-namespace-label Role                                                                                                                                                                                                                                     | `[]`                                                                                                                                                                  |
@@ -97,7 +97,7 @@ information._
 | postUpgrade.labelNamespace.extraNamespaces                 | The extra namespaces that need to have the label during post upgrade hooks                                                                                                                                                                                                                     | `[]`                                                                                                                                                                  |
 | postUpgrade.labelNamespace.extraAnnotations                | Extra annotations added to the post upgrade Job                                                                                                                                                                                                                                                | `{}`                                                                                                                                                                  |
 | postUpgrade.labelNamespace.image.repository                | Image with kubectl to label the namespace                                                                                                                                                                                                                                                      | `openpolicyagent/gatekeeper-crds`                                                                                                                                     |
-| postUpgrade.labelNamespace.image.tag                       | Image tag                                                                                                                                                                                                                                                                                      | Current release version: `v3.13.2`                                                                                                                             |
+| postUpgrade.labelNamespace.image.tag                       | Image tag                                                                                                                                                                                                                                                                                      | Current release version: `v3.13.3`                                                                                                                             |
 | postUpgrade.labelNamespace.image.pullPolicy                | Image pullPolicy                                                                                                                                                                                                                                                                               | `IfNotPresent`                                                                                                                                                        |
 | postUpgrade.labelNamespace.image.pullSecrets               | Image pullSecrets                                                                                                                                                                                                                                                                              | `[]`                                                                                                                                                                  |
 | postUpgrade.labelNamespace.priorityClassName               | Priority class name for gatekeeper-update-namespace-label-post-upgrade Job                                                                                                                                                                                                                     | ``                                                                                                                                                                    |
@@ -107,10 +107,10 @@ information._
 | postUpgrade.resources                                      | The resource request/limits for the container image in postUpgrade hook jobs                                                                                                                                                                                                                   | `{}`                                                                                                                                                                  |
 | postUpgrade.securityContext                                | Security context applied on the container                                                                                                                                                                                                                                                      | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }`    |
 | preInstall.crdRepository.image.repository                  | Image with kubectl to update the CRDs. If not set, the `image.crdRepository` is used instead.                                                                                                                                                                                                  | `null`                                                                                                                                                                |
-| preInstall.crdRepository.image.tag                         | Image tag                                                                                                                                                                                                                                                                                      | Current release version: `v3.13.2`                                                                                                                             |
+| preInstall.crdRepository.image.tag                         | Image tag                                                                                                                                                                                                                                                                                      | Current release version: `v3.13.3`                                                                                                                             |
 | preUninstall.deleteWebhookConfigurations.enabled           | Delete webhooks before gatekeeper itself is uninstalled                                                                                                                                                                                                                                        | `false`                                                                                                                                                               |
 | preUninstall.deleteWebhookConfigurations.image.repository  | Image with kubectl to delete the webhooks                                                                                                                                                                                                                                                      | `openpolicyagent/gatekeeper-crds`                                                                                                                                     |
-| preUninstall.deleteWebhookConfigurations.image.tag         | Image tag                                                                                                                                                                                                                                                                                      | Current release version: `v3.13.2`                                                                                                                             |
+| preUninstall.deleteWebhookConfigurations.image.tag         | Image tag                                                                                                                                                                                                                                                                                      | Current release version: `v3.13.3`                                                                                                                             |
 | preUninstall.deleteWebhookConfigurations.image.pullPolicy  | Image pullPolicy                                                                                                                                                                                                                                                                               | `IfNotPresent`                                                                                                                                                        |
 | preUninstall.deleteWebhookConfigurations.image.pullSecrets | Image pullSecrets                                                                                                                                                                                                                                                                              | `[]`                                                                                                                                                                  |
 | preUninstall.deleteWebhookConfigurations.extraRules        | Extra rules for the gatekeeper-delete-webhook-configs Role                                                                                                                                                                                                                                     | `[]`                                                                                                                                                                  |
@@ -168,7 +168,7 @@ information._
 | logLevel                                                   | Minimum log level                                                                                                                                                                                                                                                                              | `INFO`                                                                                                                                                                |
 | image.pullPolicy                                           | The image pull policy                                                                                                                                                                                                                                                                          | `IfNotPresent`                                                                                                                                                        |
 | image.repository                                           | Image repository                                                                                                                                                                                                                                                                               | `openpolicyagent/gatekeeper`                                                                                                                                          |
-| image.release                                              | The image release tag to use                                                                                                                                                                                                                                                                   | Current release version: `v3.13.2`                                                                                                                             |
+| image.release                                              | The image release tag to use                                                                                                                                                                                                                                                                   | Current release version: `v3.13.3`                                                                                                                             |
 | image.pullSecrets                                          | Specify an array of imagePullSecrets                                                                                                                                                                                                                                                           | `[]`                                                                                                                                                                  |
 | resources                                                  | The resource request/limits for the container image                                                                                                                                                                                                                                            | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi                                                                                                                        |
 | nodeSelector                                               | The node selector to use for pod scheduling                                                                                                                                                                                                                                                    | `kubernetes.io/os: linux`                                                                                                                                             |

--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -45,17 +45,17 @@ auditEventsInvolvedNamespace: false
 resourceQuota: true
 image:
  repository: registry1.dso.mil/ironbank/opensource/openpolicyagent/gatekeeper
-  release: v3.13.2
+  release: v3.13.3
  pullPolicy: IfNotPresent
  pullSecrets:
    - name: private-registry
  crdRepository: registry1.dso.mil/ironbank/opensource/kubernetes/kubectl
-  crdRelease: v1.28.2
+  crdRelease: v1.28.3
 preInstall:
  crdRepository:
    image:
      repository: registry1.dso.mil/ironbank/opensource/kubernetes/kubectl
-      tag: v1.28.2
+      tag: v1.28.3
  securityContext:
    allowPrivilegeEscalation: false
    capabilities:
@@ -70,7 +70,7 @@ postUpgrade:
    enabled: false
    image:
      repository: registry1.dso.mil/ironbank/opensource/kubernetes/kubectl
-      tag: v1.28.2
+      tag: v1.28.3
      pullPolicy: IfNotPresent
      pullSecrets: []
    extraNamespaces: []
@@ -96,7 +96,7 @@ postInstall:
    extraRules: []
    image:
      repository: registry1.dso.mil/ironbank/opensource/kubernetes/kubectl
-      tag: v1.28.2
+      tag: v1.28.3
      pullPolicy: IfNotPresent
      pullSecrets: []
    extraNamespaces: []
@@ -132,7 +132,7 @@ preUninstall:
    enabled: false
    image:
      repository: registry1.dso.mil/ironbank/opensource/kubernetes/kubectl
-      tag: v1.28.2
+      tag: v1.28.3
      pullPolicy: IfNotPresent
      pullSecrets: []
    priorityClassName: ""
@@ -151,12 +151,12 @@ preUninstall:
    runAsUser: 1000
 image:
  repository: registry1.dso.mil/ironbank/opensource/openpolicyagent/gatekeeper
-  release: v3.13.2
+  release: v3.13.3
  pullPolicy: IfNotPresent
  pullSecrets:
    - name: private-registry
  crdRepository: registry1.dso.mil/ironbank/opensource/kubernetes/kubectl
-  crdRelease: v1.28.2
+  crdRelease: v1.28.3
 podAnnotations:
  {container.seccomp.security.alpha.kubernetes.io/manager: runtime/default}
 auditPodAnnotations: {}
@@ -682,7 +682,7 @@ networkPolicies:
 bbtests:
  enabled: true
  scripts:
-    image: registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.28.2
+    image: registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.28.3
    securityContext:
      allowPrivilegeEscalation: false
      capabilities: