Skip to content

Commit

Permalink
Possibility to configure single whitelist entries via dedicated overr…
Browse files Browse the repository at this point in the history
…ide (#150)

* Possibility to add sible whitelist entries via dedicated override

* refactor conditional sub-charts
  • Loading branch information
kwiatekus authored Dec 16, 2023
1 parent 04c95c6 commit e9a4c85
Show file tree
Hide file tree
Showing 6 changed files with 46 additions and 9 deletions.
5 changes: 5 additions & 0 deletions charts/warden/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,3 +23,8 @@ version: 0.0.6
# It is recommended to use it with quotes.
appVersion: "0.0.6"

dependencies:
- name: warden-admission
condition: admission.enabled
- name: warden-operator
condition: operator.enabled
1 change: 0 additions & 1 deletion charts/warden/charts/admission/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -61,4 +61,3 @@ spec:
- name: notary-tmp
emptyDir: {}
priorityClassName: {{ .Values.global.wardenPriorityClassName }}

2 changes: 1 addition & 1 deletion charts/warden/charts/admission/templates/webhook.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ webhooks:
matchPolicy: Exact
timeoutSeconds: 15
admissionReviewVersions: [ "v1beta1", "v1" ]
name: validation.webhook.serverless.kyma-project.io
name: validation.webhook.warden.kyma-project.io
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
Expand Down
28 changes: 27 additions & 1 deletion charts/warden/templates/configmap.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,33 @@
{{- $allowedRegistries := .Values.global.config.data.notary.allowedRegistries }}
{{- if and .Values.global.config.data.notary.additionalAllowedRegistries .Values.global.config.data.notary.defaultAllowedRegistries -}}
{{- $allowedRegistries = join ", " (concat .Values.global.config.data.notary.defaultAllowedRegistries .Values.global.config.data.notary.additionalAllowedRegistries | uniq ) }}
{{- else if .Values.global.config.data.notary.defaultAllowedRegistries -}}
{{- $allowedRegistries = join ", " .Values.global.config.data.notary.defaultAllowedRegistries }}
{{- end -}}

apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Values.global.config.configmapName }}
namespace: {{ .Release.Namespace }}
data:
{{ .Values.global.config.filename }}: {{ tpl ( toYaml .Values.global.config.data ) . | quote }}
config.yaml: |-
admission:
port: {{ .Values.global.config.data.admission.port }}
secretName: {{ .Chart.Name }}-admission-cert
serviceName: {{ .Chart.Name }}-admission
strictMode: {{ .Values.global.config.data.admission.strictMode }}
systemNamespace: '{{ .Release.Namespace }}'
timeout: {{ .Values.global.config.data.admission.timeout }}
logging:
format: {{ .Values.global.config.data.logging.format }}
level: {{ .Values.global.config.data.logging.level }}
notary:
URL: {{ .Values.global.config.data.notary.URL }}
timeout: {{ .Values.global.config.data.notary.timeout }}
allowedRegistries: {{ $allowedRegistries }}
operator:
healthProbeBindAddress: {{ .Values.global.config.data.operator.healthProbeBindAddress }}
metricsBindAddress: {{ .Values.global.config.data.operator.metricsBindAddress }}
leaderElect: {{ .Values.global.config.data.operator.leaderElect }}
podReconcilerRequeueAfter: {{ .Values.global.config.data.operator.podReconcilerRequeueAfter }}
2 changes: 1 addition & 1 deletion charts/warden/templates/priorityclass.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,4 @@ metadata:
name: {{ .Values.global.wardenPriorityClassName }}
value: {{ .Values.global.wardenPriorityClassValue }}
globalDefault: false
description: "Scheduling priority of warden workloads. By default, warden workloads should not be blocked by unschedulable user workloads."
description: "Scheduling priority of warden workloads. By default, warden workloads should not be blocked by unschedulable user workloads."
17 changes: 12 additions & 5 deletions charts/warden/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,12 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""

admission:
enabled: true

operator:
enabled: true

#Service configuration
global:
name: warden
Expand Down Expand Up @@ -39,14 +45,15 @@ global:
configmapName: warden-config
data:
notary:
URL: "https://signing-dev.repositories.cloud.sap"
URL: "https://signing.repositories.cloud.sap"
timeout: 30s
# list of comma-separated registries addresses
# deprecated (still used by legacy installation mode via reconciler)
allowedRegistries: ""
# list of registries addresses commonly allowed across all environments
defaultAllowedRegistries: []
# list of registries exceptionally allowed ( overidable ) per environment
additionalAllowedRegistries: []
admission:
systemNamespace: "{{ .Release.Namespace }}"
serviceName: "{{ .Chart.Name }}-admission"
secretName: "{{ .Chart.Name }}-admission-cert"
timeout: 10s
port: 8443
strictMode: false
Expand Down

0 comments on commit e9a4c85

Please sign in to comment.