Skip to content

Commit 94c762a

Browse files
vardhaman22vardhaman22
authored
Merge pull request #530 from vardhaman22/v1.1/add-validate-psp-install-template
[release/v1.1] added validate-psp-install and validate-install-crd templates
2 parents 91ebc51 + db210f6 commit 94c762a

File tree

5 files changed

+1620
-89
lines changed

5 files changed

+1620
-89
lines changed

chart/templates/validate-install-crd.yaml

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
2+
# {{- $found := dict -}}
3+
# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}}
4+
# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}}
5+
# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}}
6+
# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}}
7+
# {{- range .Capabilities.APIVersions -}}
8+
# {{- if hasKey $found (toString .) -}}
9+
# {{- set $found (toString .) true -}}
10+
# {{- end -}}
11+
# {{- end -}}
12+
# {{- range $_, $exists := $found -}}
13+
# {{- if (eq $exists false) -}}
14+
# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
15+
# {{- end -}}
16+
# {{- end -}}
17+
#{{- end -}}

chart/templates/validate-psp-install.yaml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
2+
#{{- if .Values.global.cattle.psp.enabled }}
3+
#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
4+
#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}}
5+
#{{- end }}
6+
#{{- end }}
7+
#{{- end }}

chart/values.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
image:
66
cisoperator:
77
repository: rancher/cis-operator
8-
tag: v1.1.1
8+
tag: v1.1.2
99
securityScan:
1010
repository: rancher/security-scan
1111
tag: v0.3.1

go.mod

Lines changed: 17 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -4,30 +4,37 @@ go 1.22.0
44

55
toolchain go1.22.10
66

7+
// pinned these to keep deps at v0.30.x only, kube-bench bump is causing these to get updated
8+
replace (
9+
k8s.io/api => k8s.io/api v0.30.7
10+
k8s.io/apimachinery => k8s.io/apimachinery v0.30.7
11+
k8s.io/client-go => k8s.io/client-go v0.30.7
12+
)
13+
714
require (
815
github.com/blang/semver v3.5.1+incompatible
916
github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.76.2
1017
github.com/prometheus-operator/prometheus-operator/pkg/client v0.76.2
1118
github.com/prometheus/client_golang v1.20.5
1219
github.com/rancher/kubernetes-provider-detector v0.1.5
1320
github.com/rancher/lasso v0.0.0-20240828170735-d79536cac289
14-
github.com/rancher/security-scan v0.3.0
21+
github.com/rancher/security-scan v0.3.1
1522
github.com/rancher/wrangler/v3 v3.0.0
1623
github.com/robfig/cron v1.2.0
1724
github.com/sirupsen/logrus v1.9.3
1825
github.com/urfave/cli v1.22.16
1926
golang.org/x/crypto/x509roots/fallback v0.0.0-20231030152948-74c2ba9521f1
20-
k8s.io/api v0.30.7
27+
k8s.io/api v0.31.2
2128
k8s.io/apiextensions-apiserver v0.30.7
22-
k8s.io/apimachinery v0.30.7
23-
k8s.io/client-go v0.30.7
29+
k8s.io/apimachinery v0.31.2
30+
k8s.io/client-go v0.31.2
2431
)
2532

2633
require (
27-
github.com/aquasecurity/kube-bench v0.9.1 // indirect
28-
github.com/aws/aws-sdk-go-v2 v1.31.0 // indirect
29-
github.com/aws/aws-sdk-go-v2/service/securityhub v1.53.3 // indirect
30-
github.com/aws/smithy-go v1.21.0 // indirect
34+
github.com/aquasecurity/kube-bench v0.9.2 // indirect
35+
github.com/aws/aws-sdk-go-v2 v1.32.4 // indirect
36+
github.com/aws/aws-sdk-go-v2/service/securityhub v1.54.6 // indirect
37+
github.com/aws/smithy-go v1.22.0 // indirect
3138
github.com/beorn7/perks v1.0.1 // indirect
3239
github.com/cespare/xxhash/v2 v2.3.0 // indirect
3340
github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect
@@ -41,7 +48,7 @@ require (
4148
github.com/go-openapi/jsonreference v0.21.0 // indirect
4249
github.com/go-openapi/swag v0.23.0 // indirect
4350
github.com/gogo/protobuf v1.3.2 // indirect
44-
github.com/golang/glog v1.2.2 // indirect
51+
github.com/golang/glog v1.2.3 // indirect
4552
github.com/golang/protobuf v1.5.4 // indirect
4653
github.com/google/gnostic-models v0.6.8 // indirect
4754
github.com/google/go-cmp v0.6.0 // indirect
@@ -79,7 +86,7 @@ require (
7986
golang.org/x/net v0.28.0 // indirect
8087
golang.org/x/oauth2 v0.22.0 // indirect
8188
golang.org/x/sync v0.8.0 // indirect
82-
golang.org/x/sys v0.24.0 // indirect
89+
golang.org/x/sys v0.25.0 // indirect
8390
golang.org/x/term v0.23.0 // indirect
8491
golang.org/x/text v0.17.0 // indirect
8592
golang.org/x/time v0.6.0 // indirect

0 commit comments

Comments
 (0)