1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-05 07:26:55 +00:00

fix(chart): global image registry bug in 3.3.3 (#11604)

Signed-off-by: Patrik Votoček <patrik@votocek.cz>
This commit is contained in:
Patrik Votoček 2024-11-26 14:17:50 +01:00 committed by GitHub
parent 1dddc9b4c8
commit 17b6ab0d10
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 30 additions and 16 deletions

View file

@ -35,6 +35,8 @@ annotations:
artifacthub.io/changes: | artifacthub.io/changes: |
- kind: fixed - kind: fixed
description: fix validation error in validate.yaml description: fix validation error in validate.yaml
- kind: fixed
description: fixed global image registry config by introducing *.image.defaultRegistry.
dependencies: dependencies:
- name: grafana - name: grafana
version: v0.0.0 version: v0.0.0

View file

@ -264,7 +264,8 @@ The chart values are organised per component.
| crds.customLabels | object | `{}` | Additional CRDs labels | | crds.customLabels | object | `{}` | Additional CRDs labels |
| crds.migration.enabled | bool | `true` | Enable CRDs migration using helm post upgrade hook | | crds.migration.enabled | bool | `true` | Enable CRDs migration using helm post upgrade hook |
| crds.migration.resources | list | `["cleanuppolicies.kyverno.io","clustercleanuppolicies.kyverno.io","clusterpolicies.kyverno.io","globalcontextentries.kyverno.io","policies.kyverno.io","policyexceptions.kyverno.io","updaterequests.kyverno.io"]` | Resources to migrate | | crds.migration.resources | list | `["cleanuppolicies.kyverno.io","clustercleanuppolicies.kyverno.io","clusterpolicies.kyverno.io","globalcontextentries.kyverno.io","policies.kyverno.io","policyexceptions.kyverno.io","updaterequests.kyverno.io"]` | Resources to migrate |
| crds.migration.image.registry | string | `"ghcr.io"` | Image registry | | crds.migration.image.registry | string | `nil` | Image registry |
| crds.migration.image.defaultRegistry | string | `"ghcr.io"` | |
| crds.migration.image.repository | string | `"kyverno/kyverno-cli"` | Image repository | | crds.migration.image.repository | string | `"kyverno/kyverno-cli"` | Image repository |
| crds.migration.image.tag | string | `nil` | Image tag Defaults to appVersion in Chart.yaml if omitted | | crds.migration.image.tag | string | `nil` | Image tag Defaults to appVersion in Chart.yaml if omitted |
| crds.migration.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | | crds.migration.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
@ -404,7 +405,8 @@ The chart values are organised per component.
| admissionController.caCertificates.data | string | `nil` | CA certificates to use with Kyverno deployments This value is expected to be one large string of CA certificates | | admissionController.caCertificates.data | string | `nil` | CA certificates to use with Kyverno deployments This value is expected to be one large string of CA certificates |
| admissionController.caCertificates.volume | object | `{}` | Volume to be mounted for CA certificates Not used when `.Values.admissionController.caCertificates.data` is defined | | admissionController.caCertificates.volume | object | `{}` | Volume to be mounted for CA certificates Not used when `.Values.admissionController.caCertificates.data` is defined |
| admissionController.imagePullSecrets | list | `[]` | Image pull secrets | | admissionController.imagePullSecrets | list | `[]` | Image pull secrets |
| admissionController.initContainer.image.registry | string | `"ghcr.io"` | Image registry | | admissionController.initContainer.image.registry | string | `nil` | Image registry |
| admissionController.initContainer.image.defaultRegistry | string | `"ghcr.io"` | |
| admissionController.initContainer.image.repository | string | `"kyverno/kyvernopre"` | Image repository | | admissionController.initContainer.image.repository | string | `"kyverno/kyvernopre"` | Image repository |
| admissionController.initContainer.image.tag | string | `nil` | Image tag If missing, defaults to image.tag | | admissionController.initContainer.image.tag | string | `nil` | Image tag If missing, defaults to image.tag |
| admissionController.initContainer.image.pullPolicy | string | `nil` | Image pull policy If missing, defaults to image.pullPolicy | | admissionController.initContainer.image.pullPolicy | string | `nil` | Image pull policy If missing, defaults to image.pullPolicy |
@ -413,7 +415,8 @@ The chart values are organised per component.
| admissionController.initContainer.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Container security context | | admissionController.initContainer.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Container security context |
| admissionController.initContainer.extraArgs | object | `{}` | Additional container args. | | admissionController.initContainer.extraArgs | object | `{}` | Additional container args. |
| admissionController.initContainer.extraEnvVars | list | `[]` | Additional container environment variables. | | admissionController.initContainer.extraEnvVars | list | `[]` | Additional container environment variables. |
| admissionController.container.image.registry | string | `"ghcr.io"` | Image registry | | admissionController.container.image.registry | string | `nil` | Image registry |
| admissionController.container.image.defaultRegistry | string | `"ghcr.io"` | |
| admissionController.container.image.repository | string | `"kyverno/kyverno"` | Image repository | | admissionController.container.image.repository | string | `"kyverno/kyverno"` | Image repository |
| admissionController.container.image.tag | string | `nil` | Image tag Defaults to appVersion in Chart.yaml if omitted | | admissionController.container.image.tag | string | `nil` | Image tag Defaults to appVersion in Chart.yaml if omitted |
| admissionController.container.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | | admissionController.container.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
@ -471,7 +474,8 @@ The chart values are organised per component.
| backgroundController.rbac.serviceAccount.annotations | object | `{}` | Annotations for the ServiceAccount | | backgroundController.rbac.serviceAccount.annotations | object | `{}` | Annotations for the ServiceAccount |
| backgroundController.rbac.coreClusterRole.extraResources | list | See [values.yaml](values.yaml) | Extra resource permissions to add in the core cluster role. This was introduced to avoid breaking change in the chart but should ideally be moved in `clusterRole.extraResources`. | | backgroundController.rbac.coreClusterRole.extraResources | list | See [values.yaml](values.yaml) | Extra resource permissions to add in the core cluster role. This was introduced to avoid breaking change in the chart but should ideally be moved in `clusterRole.extraResources`. |
| backgroundController.rbac.clusterRole.extraResources | list | `[]` | Extra resource permissions to add in the cluster role | | backgroundController.rbac.clusterRole.extraResources | list | `[]` | Extra resource permissions to add in the cluster role |
| backgroundController.image.registry | string | `"ghcr.io"` | Image registry | | backgroundController.image.registry | string | `nil` | Image registry |
| backgroundController.image.defaultRegistry | string | `"ghcr.io"` | |
| backgroundController.image.repository | string | `"kyverno/background-controller"` | Image repository | | backgroundController.image.repository | string | `"kyverno/background-controller"` | Image repository |
| backgroundController.image.tag | string | `nil` | Image tag Defaults to appVersion in Chart.yaml if omitted | | backgroundController.image.tag | string | `nil` | Image tag Defaults to appVersion in Chart.yaml if omitted |
| backgroundController.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | | backgroundController.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
@ -546,7 +550,8 @@ The chart values are organised per component.
| cleanupController.rbac.serviceAccount.annotations | object | `{}` | Annotations for the ServiceAccount | | cleanupController.rbac.serviceAccount.annotations | object | `{}` | Annotations for the ServiceAccount |
| cleanupController.rbac.clusterRole.extraResources | list | `[]` | Extra resource permissions to add in the cluster role | | cleanupController.rbac.clusterRole.extraResources | list | `[]` | Extra resource permissions to add in the cluster role |
| cleanupController.createSelfSignedCert | bool | `false` | Create self-signed certificates at deployment time. The certificates won't be automatically renewed if this is set to `true`. | | cleanupController.createSelfSignedCert | bool | `false` | Create self-signed certificates at deployment time. The certificates won't be automatically renewed if this is set to `true`. |
| cleanupController.image.registry | string | `"ghcr.io"` | Image registry | | cleanupController.image.registry | string | `nil` | Image registry |
| cleanupController.image.defaultRegistry | string | `"ghcr.io"` | |
| cleanupController.image.repository | string | `"kyverno/cleanup-controller"` | Image repository | | cleanupController.image.repository | string | `"kyverno/cleanup-controller"` | Image repository |
| cleanupController.image.tag | string | `nil` | Image tag Defaults to appVersion in Chart.yaml if omitted | | cleanupController.image.tag | string | `nil` | Image tag Defaults to appVersion in Chart.yaml if omitted |
| cleanupController.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | | cleanupController.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
@ -629,7 +634,8 @@ The chart values are organised per component.
| reportsController.rbac.serviceAccount.annotations | object | `{}` | Annotations for the ServiceAccount | | reportsController.rbac.serviceAccount.annotations | object | `{}` | Annotations for the ServiceAccount |
| reportsController.rbac.coreClusterRole.extraResources | list | See [values.yaml](values.yaml) | Extra resource permissions to add in the core cluster role. This was introduced to avoid breaking change in the chart but should ideally be moved in `clusterRole.extraResources`. | | reportsController.rbac.coreClusterRole.extraResources | list | See [values.yaml](values.yaml) | Extra resource permissions to add in the core cluster role. This was introduced to avoid breaking change in the chart but should ideally be moved in `clusterRole.extraResources`. |
| reportsController.rbac.clusterRole.extraResources | list | `[]` | Extra resource permissions to add in the cluster role | | reportsController.rbac.clusterRole.extraResources | list | `[]` | Extra resource permissions to add in the cluster role |
| reportsController.image.registry | string | `"ghcr.io"` | Image registry | | reportsController.image.registry | string | `nil` | Image registry |
| reportsController.image.defaultRegistry | string | `"ghcr.io"` | |
| reportsController.image.repository | string | `"kyverno/reports-controller"` | Image repository | | reportsController.image.repository | string | `"kyverno/reports-controller"` | Image repository |
| reportsController.image.tag | string | `nil` | Image tag Defaults to appVersion in Chart.yaml if omitted | | reportsController.image.tag | string | `nil` | Image tag Defaults to appVersion in Chart.yaml if omitted |
| reportsController.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | | reportsController.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |

View file

@ -5,7 +5,7 @@
{{- if not (typeIs "string" $tag) -}} {{- if not (typeIs "string" $tag) -}}
{{ fail "Image tags must be strings." }} {{ fail "Image tags must be strings." }}
{{- end -}} {{- end -}}
{{- $imageRegistry := default .globalRegistry .image.registry -}} {{- $imageRegistry := default (default .image.defaultRegistry .globalRegistry) .image.registry -}}
{{- if $imageRegistry -}} {{- if $imageRegistry -}}
{{- print $imageRegistry "/" (required "An image repository is required" .image.repository) ":" $tag -}} {{- print $imageRegistry "/" (required "An image repository is required" .image.repository) ":" $tag -}}
{{- else -}} {{- else -}}

View file

@ -19,7 +19,7 @@
{{- end -}} {{- end -}}
{{- define "kyverno.background-controller.image" -}} {{- define "kyverno.background-controller.image" -}}
{{- $imageRegistry := default .image.registry .globalRegistry -}} {{- $imageRegistry := default (default .image.defaultRegistry .globalRegistry) .image.registry -}}
{{- if $imageRegistry -}} {{- if $imageRegistry -}}
{{ $imageRegistry }}/{{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }} {{ $imageRegistry }}/{{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }}
{{- else -}} {{- else -}}

View file

@ -19,7 +19,7 @@
{{- end -}} {{- end -}}
{{- define "kyverno.cleanup-controller.image" -}} {{- define "kyverno.cleanup-controller.image" -}}
{{- $imageRegistry := default .image.registry .globalRegistry -}} {{- $imageRegistry := default (default .image.defaultRegistry .globalRegistry) .image.registry -}}
{{- if $imageRegistry -}} {{- if $imageRegistry -}}
{{ $imageRegistry }}/{{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }} {{ $imageRegistry }}/{{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }}
{{- else -}} {{- else -}}

View file

@ -19,7 +19,7 @@
{{- end -}} {{- end -}}
{{- define "kyverno.reports-controller.image" -}} {{- define "kyverno.reports-controller.image" -}}
{{- $imageRegistry := default .image.registry .globalRegistry -}} {{- $imageRegistry := default (default .image.defaultRegistry .globalRegistry) .image.registry -}}
{{- if $imageRegistry -}} {{- if $imageRegistry -}}
{{ $imageRegistry }}/{{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }} {{ $imageRegistry }}/{{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }}
{{- else -}} {{- else -}}

View file

@ -118,7 +118,8 @@ crds:
image: image:
# -- (string) Image registry # -- (string) Image registry
registry: ghcr.io registry: ~
defaultRegistry: ghcr.io
# -- (string) Image repository # -- (string) Image repository
repository: kyverno/kyverno-cli repository: kyverno/kyverno-cli
# -- (string) Image tag # -- (string) Image tag
@ -957,7 +958,8 @@ admissionController:
image: image:
# -- Image registry # -- Image registry
registry: ghcr.io registry: ~
defaultRegistry: ghcr.io
# -- Image repository # -- Image repository
repository: kyverno/kyvernopre repository: kyverno/kyvernopre
# -- (string) Image tag # -- (string) Image tag
@ -1003,7 +1005,8 @@ admissionController:
image: image:
# -- Image registry # -- Image registry
registry: ghcr.io registry: ~
defaultRegistry: ghcr.io
# -- Image repository # -- Image repository
repository: kyverno/kyverno repository: kyverno/kyverno
# -- (string) Image tag # -- (string) Image tag
@ -1220,7 +1223,8 @@ backgroundController:
image: image:
# -- Image registry # -- Image registry
registry: ghcr.io registry: ~
defaultRegistry: ghcr.io
# -- Image repository # -- Image repository
repository: kyverno/background-controller repository: kyverno/background-controller
# -- Image tag # -- Image tag
@ -1486,7 +1490,8 @@ cleanupController:
image: image:
# -- Image registry # -- Image registry
registry: ghcr.io registry: ~
defaultRegistry: ghcr.io
# -- Image repository # -- Image repository
repository: kyverno/cleanup-controller repository: kyverno/cleanup-controller
# -- (string) Image tag # -- (string) Image tag
@ -1802,7 +1807,8 @@ reportsController:
image: image:
# -- Image registry # -- Image registry
registry: ghcr.io registry: ~
defaultRegistry: ghcr.io
# -- Image repository # -- Image repository
repository: kyverno/reports-controller repository: kyverno/reports-controller
# -- (string) Image tag # -- (string) Image tag