* fix: do not apply job-patch psp on Kubernetes 1.25 and newer
Signed-off-by: wilmarguida <w.denouden@guida.nl>
* fix: bump kubernetes version for helm chart CI to 1.25.0
Signed-off-by: wilmarguida <w.denouden@guida.nl>
Signed-off-by: wilmarguida <w.denouden@guida.nl>
* Make securityContext in admission-webhook more configurable e.g. to set seccompProfiles
Signed-off-by: Oliver Michels <oliver.michels@aldi-sued.com>
* Make securityContext in admission-webhook more configurable e.g. to set seccompProfiles
Signed-off-by: Oliver Michels <oliver.michels@aldi-sued.com>
* Make securityContext in admission-webhook more configurable e.g. to set seccompProfiles
Signed-off-by: Oliver Michels <oliver.michels@aldi-sued.com>
* Make securityContext in admission-webhook more configurable e.g. to set seccompProfiles
Signed-off-by: Oliver Michels <oliver.michels@aldi-sued.com>
Signed-off-by: Oliver Michels <oliver.michels@aldi-sued.com>
* support extraEnvs for job resources in helm chart
Signed-off-by: Li, Eric <Xiannan.li@fmr.com>
* Update helm doc
* Update helm doc
* Updated helm doc - add controller.admissionWebhooks.extraEnvs
* Added some test data for webhook controller.admissionWebhooks.extraEnvs
* added new line at the end of deployment-webhook-extraEnvs-values.yaml
* Fixed helm chart test issue
* added fsGroup to admission createSecret and patchWebhook job
* added fsGroup to admission createSecret and patchWebhook job
* modified helm/README.md to add value for fsGroup
* fixed patch job values ordering
* remove manually edited README for replacement with helm-docs generated version
* re-adding charts/README.md generated by helm-docs
* allow set annotations for admission Jobs
Signed-off-by: Alex Co <tuanclq@gmail.com>
* Bump chart version & update CHANGELOG
Signed-off-by: Alex Co <tuanclq@gmail.com>
* Bump chart version again
Signed-off-by: Alex Co <tuanclq@gmail.com>
* Add example
Signed-off-by: Alex Co <tuanclq@gmail.com>
* Add labels to RBAC resources
* Add labels to all resources
* Fix labels indentaton in patch jobs
* Add controller and default backend labels to pods
Signed-off-by: Muhammad Hamza Zaib <hamzazaib3202@gmail.com>
* Bump chart version and update changelog
Signed-off-by: Muhammad Hamza Zaib <hamzazaib3202@gmail.com>
* helm: add feature to configure request and limit for container in createSecret and patchWebhook job
Signed-off-by: Bhumij Gupta <bhumijgupta@gmail.com>
* Remove empty line in helm template
Signed-off-by: Bhumij Gupta <bhumijgupta@gmail.com>
* Add test for admission webhook job container resources
Signed-off-by: Bhumij Gupta <bhumijgupta@gmail.com>
* Add new line character at the end of charts ci file
Signed-off-by: Bhumij Gupta <bhumijgupta@gmail.com>
When deploying the controller to a custom namespace, users have to
overwrite the namespace attribute as well as the hardcoded namespace
values in a number of args for the Deployment and the admission
controller Jobs.
Instead, this commit, uses the namespace name from the DownwardAPI,
and allows users to simply change the namespace attribute without
having to worry about the container args.
The digest uniquely identifies a specific version of the image, so it is
never updated by Kubernetes unless you change the digest value. This is
desirable for security to gain confidence that no unvetted changes are
pulled to a deployment.
