Skip to content

Commit

Permalink
feat: Add controllerManager tlsMinVersion option to values (#2289)
Browse files Browse the repository at this point in the history 
* feat: Add cm extraArgs option to values

Signed-off-by: Grace Do <xgrace@gmail.com>

* Revert "feat: Add cm extraArgs option to values"

This reverts commit 7257903.

Signed-off-by: Grace Do <xgrace@gmail.com>

* feat: Add cm tls-min-version flag

Signed-off-by: Grace Do <xgrace@gmail.com>

* chore: Update README

Co-authored-by: Sertaç Özercan <852750+sozercan@users.noreply.github.com>
Signed-off-by: Grace Do <xgrace@gmail.com>

* chore: make manifests

Signed-off-by: Grace Do <xgrace@gmail.com>

Signed-off-by: Grace Do <xgrace@gmail.com>
Co-authored-by: Sertaç Özercan <852750+sozercan@users.noreply.github.com>
Co-authored-by: Rita Zhang <rita.z.zhang@gmail.com>
  • Loading branch information
@gracedo @sozercan @ritazh
3 people committed Sep 28, 2022
1 parent ef443f0 commit 3fde9bd
Show file tree
Hide file tree
Showing 6 changed files with 6 additions and 0 deletions.
1 change: 1 addition & 0 deletions cmd/build/helmify/kustomize-for-helm.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,7 @@ spec:
- --mutation-annotations={{ .Values.mutationAnnotations }}
- --disable-cert-rotation={{ .Values.controllerManager.disableCertRotation }}
- --max-serving-threads={{ .Values.maxServingThreads }}
- --tls-min-version={{ .Values.controllerManager.tlsMinVersion }}
- HELMSUBST_METRICS_BACKEND_ARG
- HELMSUBST_TLS_HEALTHCHECK_ENABLED_ARG
- HELMSUBST_MUTATION_ENABLED_ARG
Expand Down
1 change: 1 addition & 0 deletions cmd/build/helmify/static/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -166,6 +166,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi
| controllerManager.hostNetwork | Enables controllerManager to be deployed on hostNetwork | `false` |
| controllerManager.dnsPolicy | Set the dnsPolicy for controllerManager pods | `ClusterFirst` |
| controllerManager.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` |
| controllerManager.tlsMinVersion | Set the minimum supported TLS version for validating and mutating webhook servers | `1.3` |
| controllerManager.extraRules | Extra rules for the gatekeeper-manager-role Role | `[]` |
| audit.priorityClassName | Priority class name for audit controller | `system-cluster-critical` |
| audit.podSecurityContext | Security context for audit on pod level | {fsGroup: 999, suplementalGroups: [999]} |
Expand Down
1 change: 1 addition & 0 deletions cmd/build/helmify/static/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,7 @@ controllerManager:
livenessTimeout: 1
priorityClassName: system-cluster-critical
disableCertRotation: false
tlsMinVersion: 1.3
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
Expand Down
1 change: 1 addition & 0 deletions manifest_staging/charts/gatekeeper/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -166,6 +166,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi
| controllerManager.hostNetwork | Enables controllerManager to be deployed on hostNetwork | `false` |
| controllerManager.dnsPolicy | Set the dnsPolicy for controllerManager pods | `ClusterFirst` |
| controllerManager.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` |
| controllerManager.tlsMinVersion | Set the minimum supported TLS version for validating and mutating webhook servers | `1.3` |
| controllerManager.extraRules | Extra rules for the gatekeeper-manager-role Role | `[]` |
| audit.priorityClassName | Priority class name for audit controller | `system-cluster-critical` |
| audit.podSecurityContext | Security context for audit on pod level | {fsGroup: 999, suplementalGroups: [999]} |
Expand Down
1 change: 1 addition & 0 deletions manifest_staging/charts/gatekeeper/templates/gatekeeper-controller-manager-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,7 @@ spec:
- --mutation-annotations={{ .Values.mutationAnnotations }}
- --disable-cert-rotation={{ .Values.controllerManager.disableCertRotation }}
- --max-serving-threads={{ .Values.maxServingThreads }}
- --tls-min-version={{ .Values.controllerManager.tlsMinVersion }}

{{- range .Values.metricsBackends}}
- --metrics-backend={{ . }}
Expand Down
1 change: 1 addition & 0 deletions manifest_staging/charts/gatekeeper/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,7 @@ controllerManager:
livenessTimeout: 1
priorityClassName: system-cluster-critical
disableCertRotation: false
tlsMinVersion: 1.3
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
Expand Down

0 comments on commit 3fde9bd

Please sign in to comment.