Core Package Update

e33dddf3 · Branden Cobb · b8775155 · b8775155 · b8775155 · b8775155
Commit e33dddf3 authored Apr 12, 2021 by Branden Cobb
9 changed files
--- a/deploy/configs/kustomization.yaml
+++ b/deploy/configs/kustomization.yaml
-commonAnnotations:
-  argocd.argoproj.io/sync-wave: "1"
-resources:
- configs.yaml
--- a/deploy/constraints/core/all_ns_must_have_owner.yaml
+++ b/deploy/constraints/core/all_ns_must_have_owner.yaml
-apiVersion: constraints.gatekeeper.sh/v1beta1
-kind: K8sRequiredLabels
-metadata:
-  name: all-must-have-owner
-spec:
-  enforcementAction: dryrun
-  match:
-    kinds:
-    - apiGroups: [""]
-      kinds: ["Namespace"]
-  parameters:
-    message: "All namespaces must have an `owner` label"
-    labels:
-    - key: owner
-      allowedRegex: "^[a-zA-Z]+$"
--- a/deploy/constraints/core/kustomization.yaml
+++ b/deploy/constraints/core/kustomization.yaml
-commonLabels:
-  owner: p1
-  policy-type: core
-commonAnnotations:
-  argocd.argoproj.io/sync-wave: "2"
-  argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-resources:
- all_ns_must_have_owner.yaml
-patches:
- target:
-    group: constraints.gatekeeper.sh
-    version: v1beta1
-  patch: |-
-    apiVersion: constraints.gatekeeper.sh/v1beta1
-    kind: K8sRequiredLabels
-    metadata:
-      name: all
-    spec:
-      parameters:
-        exemptNamespaces:
-          - istio-system
-          - monitoring
-          - elastic-system
-          - logging
-          - gatekeeper-system
--- a/deploy/contraint-templates/core/k8srequiredlabels_template.yaml
+++ b/deploy/contraint-templates/core/k8srequiredlabels_template.yaml
-apiVersion: templates.gatekeeper.sh/v1beta1
-kind: ConstraintTemplate
-metadata:
-  name: k8srequiredlabels
-spec:
-  crd:
-    spec:
-      names:
-        kind: K8sRequiredLabels
-      validation:
-        # Schema for the `parameters` field
-        openAPIV3Schema:
-          properties:
-            labels:
-              type: array
-              items: string
-  targets:
-  - target: admission.k8s.gatekeeper.sh
-    rego: |-
-      package k8srequiredlabels
-      violation[{"msg": msg, "details": {"missing_labels": missing}}] {
-        provided := {label | input.review.object.metadata.labels[label]}
-        required := {label | label := input.parameters.labels[_]}
-        missing := required - provided
-        count(missing) > 0
-        msg := sprintf("you must provide labels: %v", [missing])
-      }
--- a/deploy/contraint-templates/core/kustomization.yaml
+++ b/deploy/contraint-templates/core/kustomization.yaml
-commonLabels:
-  owner: p1
-  policy-type: core
-commonAnnotations:
-  argocd.argoproj.io/sync-wave: "1"
-resources:
- k8srequiredlabels_template.yaml
--- a/deploy/kustomization.yaml
+++ b/deploy/kustomization.yaml
-namespace: gatekeeper-system
-resources:
- opa-gatekeeper
-# Global configs for gatekeeper
- configs
-# Core constraint templates
- contraint-templates/core
-
-# Core constraints
-# - constraints/core
--- a/deploy/opa-gatekeeper/gatekeeper.yaml
+++ b/deploy/opa-gatekeeper/gatekeeper.yaml
--- a/deploy/opa-gatekeeper/kustomization.yaml
+++ b/deploy/opa-gatekeeper/kustomization.yaml
-commonLabels:
-  owner: p1
-resources:
- gatekeeper.yaml
--- a/tests/test-values.yml
+++ b/tests/test-values.yml
 createNamespace: false
-imagePullSecrets:
- name: private-registry-mil
+image:
+  pullSecrets:
+  - name: private-registry-mil