Skip to content

Commit 8a05812

Browse files
jvanzjvanz
committed
Do not add default registry when policy module is a http URL.
Updates the recommended policies templates to add the default registry only when the policy module is not a http URL. Thus, the module URL to use is the module defined in the values file. Otherwise, the policy module URL is built based on the `defaultSystemRegistry` and the policy module as it before Signed-off-by: José Guilherme Vanz <[email protected]>
1 parent a985d71 commit 8a05812

7 files changed

+20
-6
lines changed

charts/kubewarden-defaults/templates/_helpers.tpl

+8
Original file line numberDiff line numberDiff line change
@@ -68,3 +68,11 @@ namespaceSelector:
6868
{{- "" -}}
6969
{{- end -}}
7070
{{- end -}}
71+
72+
{{- define "policy-module" -}}
73+
{{- if or (not .registry) (hasPrefix "http" .module) -}}
74+
{{- printf "%s" .module -}}
75+
{{- else -}}
76+
{{- printf "%s/%s" .registry .module -}}
77+
{{- end -}}
78+
{{- end }}

charts/kubewarden-defaults/templates/allow-privileged-escalation-policy.yaml

+2-1
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,8 @@ metadata:
1010
name: {{ $.Values.recommendedPolicies.allowPrivilegeEscalationPolicy.name }}
1111
spec:
1212
mode: {{ $.Values.recommendedPolicies.defaultPolicyMode }}
13-
module: '{{ template "system_default_registry" . }}{{ $.Values.recommendedPolicies.allowPrivilegeEscalationPolicy.module }}'
13+
{{ $scope := dict "module" $.Values.recommendedPolicies.allowPrivilegeEscalationPolicy.module "registry" $.Values.common.cattle.systemDefaultRegistry }}
14+
module: {{ template "policy-module" $scope }}
1415
{{ include "policy-namespace-selector" . | indent 2}}
1516
rules:
1617
- apiGroups: [""]

charts/kubewarden-defaults/templates/capabilities-policy.yaml

+2-1
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,8 @@ metadata:
1010
name: {{ $.Values.recommendedPolicies.capabilitiesPolicy.name }}
1111
spec:
1212
mode: {{ $.Values.recommendedPolicies.defaultPolicyMode }}
13-
module: '{{ template "system_default_registry" . }}{{ $.Values.recommendedPolicies.capabilitiesPolicy.module }}'
13+
{{ $scope := dict "module" $.Values.recommendedPolicies.capabilitiesPolicy.module "registry" $.Values.common.cattle.systemDefaultRegistry }}
14+
module: {{ template "policy-module" $scope }}
1415
{{ include "policy-namespace-selector" . | indent 2}}
1516
rules:
1617
- apiGroups: [""]

charts/kubewarden-defaults/templates/host-namespace-policy.yaml

+2-1
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,8 @@ metadata:
1010
name: {{ $.Values.recommendedPolicies.hostNamespacePolicy.name }}
1111
spec:
1212
mode: {{ $.Values.recommendedPolicies.defaultPolicyMode }}
13-
module: '{{ template "system_default_registry" . }}{{ $.Values.recommendedPolicies.hostNamespacePolicy.module }}'
13+
{{ $scope := dict "module" $.Values.recommendedPolicies.hostNamespacePolicy.module "registry" $.Values.common.cattle.systemDefaultRegistry }}
14+
module: {{ template "policy-module" $scope }}
1415
{{ include "policy-namespace-selector" . | indent 2}}
1516
rules:
1617
- apiGroups: [""]

charts/kubewarden-defaults/templates/host-path-policy.yaml

+2-1
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,8 @@ metadata:
1010
name: {{ $.Values.recommendedPolicies.hostPathsPolicy.name }}
1111
spec:
1212
mode: {{ $.Values.recommendedPolicies.defaultPolicyMode }}
13-
module: '{{ template "system_default_registry" . }}{{ $.Values.recommendedPolicies.hostPathsPolicy.module }}'
13+
{{ $scope := dict "module" $.Values.recommendedPolicies.hostPathsPolicy.module "registry" $.Values.common.cattle.systemDefaultRegistry }}
14+
module: {{ template "policy-module" $scope }}
1415
{{ include "policy-namespace-selector" . | indent 2}}
1516
rules:
1617
- apiGroups: [""]

charts/kubewarden-defaults/templates/pod-privileged-policy.yaml

+2-1
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,8 @@ metadata:
1010
name: {{ $.Values.recommendedPolicies.podPrivilegedPolicy.name }}
1111
spec:
1212
mode: {{ $.Values.recommendedPolicies.defaultPolicyMode }}
13-
module: '{{ template "system_default_registry" . }}{{ $.Values.recommendedPolicies.podPrivilegedPolicy.module }}'
13+
{{ $scope := dict "module" $.Values.recommendedPolicies.podPrivilegedPolicy.module "registry" $.Values.common.cattle.systemDefaultRegistry }}
14+
module: {{ template "policy-module" $scope }}
1415
{{ include "policy-namespace-selector" . | indent 2}}
1516
rules:
1617
- apiGroups: [""]

charts/kubewarden-defaults/templates/user-group-policy.yaml

+2-1
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,8 @@ metadata:
1010
name: {{ $.Values.recommendedPolicies.userGroupPolicy.name }}
1111
spec:
1212
mode: {{ $.Values.recommendedPolicies.defaultPolicyMode }}
13-
module: '{{ template "system_default_registry" . }}{{ $.Values.recommendedPolicies.userGroupPolicy.module }}'
13+
{{ $scope := dict "module" $.Values.recommendedPolicies.userGroupPolicy.module "registry" $.Values.common.cattle.systemDefaultRegistry }}
14+
module: {{ template "policy-module" $scope }}
1415
{{ include "policy-namespace-selector" . | indent 2}}
1516
rules:
1617
- apiGroups: [""]

0 commit comments

Comments
 (0)