From de600d3504c1430eeceedda13b856b003739fd47 Mon Sep 17 00:00:00 2001 From: Adam Martin <42001113+amartin120@users.noreply.github.com> Date: Mon, 23 Sep 2024 09:56:21 -0400 Subject: [PATCH] updates for rancher 2.9.2 (#226) Signed-off-by: Adam Martin --- README.md | 2 +- charts/rancher/Chart.yaml | 6 ++-- charts/rancher/templates/_helpers.tpl | 25 -------------- .../post-delete-hook-cluster-role.yaml | 8 ----- .../templates/post-delete-hook-psp.yaml | 34 ------------------- charts/rancher/values.yaml | 9 +---- 6 files changed, 5 insertions(+), 79 deletions(-) delete mode 100644 charts/rancher/templates/post-delete-hook-psp.yaml diff --git a/README.md b/README.md index d01abd8..262ecb3 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ NAME CHART VERSION APP VERSION DESCRIPTION carbide-charts/airgapped-docs 0.1.51 0.1.6 Rancher Government Airgapped Docs carbide-charts/heimdall2 0.1.45 0.1.1 Rancher Government Heimdall2 Tool -carbide-charts/rancher 2.9.1 v2.9.1 Install Rancher Server to manage Kubernetes... +carbide-charts/rancher 2.9.2 v2.9.2 Install Rancher Server to manage Kubernetes... carbide-charts/stigatron 0.2.5 0.2.2 Rancher Government Stigatron Extension carbide-charts/stigatron-ui 0.2.3 0.2.0 Rancher Government Stigatron UI Extension ``` diff --git a/charts/rancher/Chart.yaml b/charts/rancher/Chart.yaml index d069caa..1235019 100644 --- a/charts/rancher/Chart.yaml +++ b/charts/rancher/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 name: rancher description: Install Rancher Server to manage Kubernetes clusters across providers -version: 2.8.8 -appVersion: v2.8.8 -kubeVersion: < 1.29.0-0 +version: 2.9.2 +appVersion: v2.9.2 +kubeVersion: < 1.31.0-0 home: https://rancher.com icon: https://github.com/rancher/ui/blob/master/public/assets/images/logos/welcome-cow.svg keywords: diff --git a/charts/rancher/templates/_helpers.tpl b/charts/rancher/templates/_helpers.tpl index 91e37cf..969e08c 100644 --- a/charts/rancher/templates/_helpers.tpl +++ b/charts/rancher/templates/_helpers.tpl @@ -73,29 +73,4 @@ add below linux tolerations to workloads could be scheduled to those linux nodes {{- printf "%s/" .Values.systemDefaultRegistry -}} {{- end -}} {{- end -}} -{{- end -}} - -{{/* -Define the chosen value for PSPs. If this value is "", then the user did not set the value. This will -result in psps on <=1.24 and no psps on >=1.25. If the value is true/false, then the user specifically -chose an option, and that option will be used. If it is set otherwise, then we fail so the user can correct -the invalid value. -*/}} - -{{- define "rancher.chart_psp_enabled" -}} -{{- if kindIs "bool" .Values.global.cattle.psp.enabled -}} -{{ .Values.global.cattle.psp.enabled }} -{{- else if empty .Values.global.cattle.psp.enabled -}} - {{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} - {{- if (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") -}} -true - {{- else -}} -false - {{- end -}} - {{- else -}} -true - {{- end -}} -{{- else -}} -{{- fail "Invalid value for .Values.global.cattle.psp.enabled - must be a bool of true, false, or \"\"" -}} -{{- end -}} {{- end -}} \ No newline at end of file diff --git a/charts/rancher/templates/post-delete-hook-cluster-role.yaml b/charts/rancher/templates/post-delete-hook-cluster-role.yaml index 174c1d3..4f8b5db 100644 --- a/charts/rancher/templates/post-delete-hook-cluster-role.yaml +++ b/charts/rancher/templates/post-delete-hook-cluster-role.yaml @@ -30,14 +30,6 @@ rules: - apiGroups: [ "admissionregistration.k8s.io" ] resources: [ "validatingwebhookconfigurations", "mutatingwebhookconfigurations" ] verbs: [ "get", "list", "delete" ] - - apiGroups: [ "policy" ] - resources: [ "podsecuritypolicies" ] - verbs: ["delete", "create" ] -{{- if eq (include "rancher.chart_psp_enabled" . ) "true" }} - - apiGroups: [ "policy" ] - resources: [ "podsecuritypolicies" ] - verbs: [ "use"] -{{- end }} - apiGroups: [ "networking.k8s.io" ] resources: [ "ingresses" ] verbs: [ "delete" ] diff --git a/charts/rancher/templates/post-delete-hook-psp.yaml b/charts/rancher/templates/post-delete-hook-psp.yaml deleted file mode 100644 index baa70b0..0000000 --- a/charts/rancher/templates/post-delete-hook-psp.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if eq (include "rancher.chart_psp_enabled" . ) "true" -}} - apiVersion: policy/v1beta1 - kind: PodSecurityPolicy - metadata: - name: {{ include "rancher.fullname" . }}-post-delete - labels: {{ include "rancher.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": post-delete - "helm.sh/hook-weight": "1" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed - spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' - - 'configMap' - {{- end }} \ No newline at end of file diff --git a/charts/rancher/values.yaml b/charts/rancher/values.yaml index 9d5a15a..f658a28 100644 --- a/charts/rancher/values.yaml +++ b/charts/rancher/values.yaml @@ -163,7 +163,7 @@ postDelete: enabled: true image: repository: rancher/shell - tag: v0.1.26 + tag: v0.2.1 namespaceList: - cattle-fleet-system - cattle-system @@ -190,13 +190,6 @@ readinessProbe: periodSeconds: 30 failureThreshold: 5 -global: - cattle: - psp: - # will default to true on 1.24 and below, and false for 1.25 and above - # can be changed manually to true or false to bypass version checks and force that option - enabled: "" - # helm values to use when installing the rancher-webhook chart. # helm values set here will override all other global values used when installing the webhook such as priorityClassName and systemRegistry settings. webhook: ""