mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-06 16:06:56 +00:00
09c138fb6b
* Fix handling of kyverno-policies version check when port in image tag Fixes #4031 Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Add release notes for chart Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Fix release notes and use splitList Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Signed-off-by: ShutingZhao <shuting@nirmata.com>
78 lines
2.7 KiB
Smarty
78 lines
2.7 KiB
Smarty
{{/* vim: set filetype=mustache: */}}
|
|
{{/* Expand the name of the chart. */}}
|
|
{{- define "kyverno-policies.name" -}}
|
|
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
|
{{- end -}}
|
|
|
|
{{/* Create chart name and version as used by the chart label. */}}
|
|
{{- define "kyverno-policies.chart" -}}
|
|
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
|
{{- end -}}
|
|
|
|
{{/* Helm required labels */}}
|
|
{{- define "kyverno-policies.labels" -}}
|
|
app.kubernetes.io/component: kyverno
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
app.kubernetes.io/name: {{ template "kyverno-policies.name" . }}
|
|
app.kubernetes.io/part-of: {{ template "kyverno-policies.name" . }}
|
|
app.kubernetes.io/version: "{{ .Chart.Version }}"
|
|
helm.sh/chart: {{ template "kyverno-policies.chart" . }}
|
|
{{- if .Values.customLabels }}
|
|
{{ toYaml .Values.customLabels }}
|
|
{{- end }}
|
|
{{- end -}}
|
|
|
|
{{/* Set if a baseline policy is managed */}}
|
|
{{- define "kyverno-policies.podSecurityBaseline" -}}
|
|
{{- if or (eq .Values.podSecurityStandard "baseline") (eq .Values.podSecurityStandard "restricted") }}
|
|
{{- true }}
|
|
{{- else if and (eq .Values.podSecurityStandard "custom") (has .name .Values.podSecurityPolicies) }}
|
|
{{- true }}
|
|
{{- else -}}
|
|
{{- false }}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/* Set if a restricted policy is managed */}}
|
|
{{- define "kyverno-policies.podSecurityRestricted" -}}
|
|
{{- if eq .Values.podSecurityStandard "restricted" }}
|
|
{{- true }}
|
|
{{- else if and (eq .Values.podSecurityStandard "custom") (has .name .Values.podSecurityPolicies) }}
|
|
{{- true }}
|
|
{{- else -}}
|
|
{{- false }}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/* Set if a other policies are managed */}}
|
|
{{- define "kyverno-policies.podSecurityOther" -}}
|
|
{{- if has .name .Values.includeOtherPolicies }}
|
|
{{- true }}
|
|
{{- else -}}
|
|
{{- false }}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/* Get deployed Kyverno version from Kubernetes */}}
|
|
{{- define "kyverno-policies.kyvernoVersion" -}}
|
|
{{- $version := "" -}}
|
|
{{- with (lookup "apps/v1" "Deployment" .Release.Namespace "kyverno") -}}
|
|
{{- with (first .spec.template.spec.containers) -}}
|
|
{{- $imageTag := (last (splitList ":" .image)) -}}
|
|
{{- $version = trimPrefix "v" $imageTag -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
{{ $version }}
|
|
{{- end -}}
|
|
|
|
{{/* Fail if deployed Kyverno does not match */}}
|
|
{{- define "kyverno-policies.supportedKyvernoCheck" -}}
|
|
{{- $supportedKyverno := index . "ver" -}}
|
|
{{- $top := index . "top" }}
|
|
{{- if (include "kyverno-policies.kyvernoVersion" $top) -}}
|
|
{{- if not ( semverCompare $supportedKyverno (include "kyverno-policies.kyvernoVersion" $top) ) -}}
|
|
{{- fail (printf "Kyverno version is too low, expected %s" $supportedKyverno) -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
{{- end -}}
|