Merge pull request #890 from falcorocks/feat-timeout-values

feat: add webhook timeout values

Author: bobcallaway

charts/policy-controller/Chart.yaml

@@ -8,8 +8,8 @@ sources:
 type: application
 
 name: policy-controller
-version: 0.8.1
-appVersion: 0.11.0
+version: 0.9.0
+appVersion: 0.12.0
 
 maintainers:
   - name: dlorenc
@@ -19,4 +19,4 @@ annotations:
   artifacthub.io/license: Apache-2.0
   artifacthub.io/images: |
     - name: policy-controller
-      image: ghcr.io/sigstore/policy-controller/policy-controller:v0.11.0@sha256:f3b57d4c906fcbd7229c3069c055ce2b2862e01106c2b85df1322f1e3a232829
+      image: ghcr.io/sigstore/policy-controller/policy-controller:v0.12.0@sha256:6b51f336dec9e9adff29606855dbd2c7910c5eb80d6579795a29cb3844428efc

charts/policy-controller/README.md

@@ -2,7 +2,7 @@
 
 <!-- This README.md is generated. Please edit README.md.gotmpl -->
 
-![Version: 0.8.1](https://img.shields.io/badge/Version-0.8.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.11.0](https://img.shields.io/badge/AppVersion-0.11.0-informational?style=flat-square)
+![Version: 0.9.0](https://img.shields.io/badge/Version-0.9.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.12.0](https://img.shields.io/badge/AppVersion-0.12.0-informational?style=flat-square)
 
 The Helm chart for Policy  Controller
 
@@ -154,6 +154,7 @@ helm uninstall [RELEASE_NAME]
 | commonTolerations | list | `[]` |  |
 | cosign.cosignPub | string | `""` |  |
 | cosign.webhookName | string | `"policy.sigstore.dev"` |  |
+| cosign.webhookTimeoutSeconds | object | `{}` |  |
 | imagePullSecrets | list | `[]` |  |
 | installCRDs | bool | `true` |  |
 | leasescleanup.image.pullPolicy | string | `"IfNotPresent"` |  |
@@ -169,7 +170,7 @@ helm uninstall [RELEASE_NAME]
 | webhook.failurePolicy | string | `"Fail"` |  |
 | webhook.image.pullPolicy | string | `"IfNotPresent"` |  |
 | webhook.image.repository | string | `"ghcr.io/sigstore/policy-controller/policy-controller"` |  |
-| webhook.image.version | string | `"sha256:f3b57d4c906fcbd7229c3069c055ce2b2862e01106c2b85df1322f1e3a232829"` |  |
+| webhook.image.version | string | `"sha256:6b51f336dec9e9adff29606855dbd2c7910c5eb80d6579795a29cb3844428efc"` |  |
 | webhook.name | string | `"webhook"` |  |
 | webhook.namespaceSelector.matchExpressions[0].key | string | `"policy.sigstore.dev/include"` |  |
 | webhook.namespaceSelector.matchExpressions[0].operator | string | `"In"` |  |
@@ -200,3 +201,4 @@ helm uninstall [RELEASE_NAME]
 | webhook.volumes | list | `[]` |  |
 | webhook.webhookNames.defaulting | string | `"defaulting.clusterimagepolicy.sigstore.dev"` |  |
 | webhook.webhookNames.validating | string | `"validating.clusterimagepolicy.sigstore.dev"` |  |
+| webhook.webhookTimeoutSeconds | object | `{}` |  |

charts/policy-controller/templates/webhook/policy_webhook_configurations.yaml

@@ -28,6 +28,11 @@ webhooks:
     matchPolicy: Equivalent
     name: {{ required "A valid webhook.webhookNames.defaulting is required" .Values.webhook.webhookNames.defaulting }}
     sideEffects: None
+    {{- if .Values.webhook.webhookTimeoutSeconds }}
+    {{- if .Values.webhook.webhookTimeoutSeconds.defaulting }}
+    timeoutSeconds: {{ .Values.webhook.webhookTimeoutSeconds.defaulting }}
+    {{- end }}
+    {{- end }}
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
@@ -44,3 +49,8 @@ webhooks:
     matchPolicy: Equivalent
     name: {{ required "A valid webhook.webhookNames.validating is required" .Values.webhook.webhookNames.validating }}
     sideEffects: None
+    {{- if .Values.webhook.webhookTimeoutSeconds }}
+    {{- if .Values.webhook.webhookTimeoutSeconds.validating }}
+    timeoutSeconds: {{ .Values.webhook.webhookTimeoutSeconds.validating }}
+    {{- end }}
+    {{- end }}

charts/policy-controller/templates/webhook/webhook_mutating.yaml

@@ -14,3 +14,8 @@ webhooks:
   failurePolicy: {{ .Values.webhook.failurePolicy }}
   sideEffects: None
   reinvocationPolicy: IfNeeded
+  {{- if .Values.cosign.webhookTimeoutSeconds }}
+  {{- if .Values.cosign.webhookTimeoutSeconds.mutating }}
+  timeoutSeconds: {{ .Values.cosign.webhookTimeoutSeconds.mutating }}
+  {{- end }}
+  {{- end }}

charts/policy-controller/templates/webhook/webhook_validating.yaml

@@ -13,3 +13,8 @@ webhooks:
       namespace: {{ .Release.Namespace }}
   failurePolicy: {{ .Values.webhook.failurePolicy }}
   sideEffects: None
+  {{- if .Values.cosign.webhookTimeoutSeconds }}
+  {{- if .Values.cosign.webhookTimeoutSeconds.validating }}
+  timeoutSeconds: {{ .Values.cosign.webhookTimeoutSeconds.validating }}
+  {{- end }}
+  {{- end}}

charts/policy-controller/values.schema.json

@@ -40,6 +40,24 @@
           "required": [],
           "title": "webhookName",
           "type": "string"
+        },
+        "webhookTimeoutSeconds": {
+          "additionalProperties": false,
+          "properties": {
+            "mutating": {
+              "required": [],
+              "title": "mutating",
+              "type": "integer"
+            },
+            "validating": {
+              "required": [],
+              "title": "validating",
+              "type": "integer"
+            }
+          },
+          "required": [],
+          "title": "webhookTimeoutSeconds",
+          "type": "object"
         }
       },
       "required": [
@@ -188,8 +206,8 @@
               "type": "string"
             },
             "version": {
-              "default": "sha256:f291fce5b9c1a69ba54990eda7e0fe4114043b1afefb0f4ee3e6f84ec9ef1605",
-              "description": "crane digest ghcr.io/sigstore/policy-controller/policy-controller:v0.8.2",
+              "default": "sha256:6b51f336dec9e9adff29606855dbd2c7910c5eb80d6579795a29cb3844428efc",
+              "description": "crane digest ghcr.io/sigstore/policy-controller/policy-controller:v0.12.0",
               "required": [],
               "title": "version",
               "type": "string"
@@ -547,6 +565,26 @@
           ],
           "title": "webhookNames",
           "type": "object"
+        },
+        "webhookTimeoutSeconds": {
+          "additionalProperties": false,
+          "properties": {
+            "defaulting": {
+              "default": 10,
+              "required": [],
+              "title": "defaulting",
+              "type": "integer"
+            },
+            "validating": {
+              "default": 10,
+              "required": [],
+              "title": "validating",
+              "type": "integer"
+            }
+          },
+          "required": [],
+          "title": "webhookTimeoutSeconds",
+          "type": "object"
         }
       },
       "required": [

charts/policy-controller/values.yaml

@@ -2,6 +2,9 @@ cosign:
   # add the values in base64 encoded
   cosignPub: ""
   webhookName: "policy.sigstore.dev"
+  webhookTimeoutSeconds: {}
+    # mutating: 10
+    # validating: 10
 
 installCRDs: true
 
@@ -16,8 +19,8 @@ webhook:
   name: webhook
   image:
     repository: ghcr.io/sigstore/policy-controller/policy-controller
-    # crane digest ghcr.io/sigstore/policy-controller/policy-controller:v0.11.0
-    version: sha256:f3b57d4c906fcbd7229c3069c055ce2b2862e01106c2b85df1322f1e3a232829
+    # crane digest ghcr.io/sigstore/policy-controller/policy-controller:v0.12.0
+    version: sha256:6b51f336dec9e9adff29606855dbd2c7910c5eb80d6579795a29cb3844428efc
     pullPolicy: IfNotPresent
   env: {}
   extraArgs: {}
@@ -70,6 +73,9 @@ webhook:
   webhookNames:
     defaulting: "defaulting.clusterimagepolicy.sigstore.dev"
     validating: "validating.clusterimagepolicy.sigstore.dev"
+  webhookTimeoutSeconds: {}
+    # defaulting: 10
+    # validating: 10
 
 leasescleanup:
   image: