kubewarden-controller/charts/hauler_manifest.yaml at d9ff0a5081039ae0cdd8a12b6259575703b032ed · viccuad/kubewarden-controller · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# This is a base file to be used to import all the required resources to run
# Kubewarden in airgap environment into Hauler.
#
# To sync this file with Hauler and load everything into its storage, you can
# run:
# hauler store sync --filename hauler_manifest.yaml
apiVersion: content.hauler.cattle.io/v1
kind: Images
metadata:
  name: kubewarden-container-images
  annotations:
    hauler.dev/certificate-oidc-issuer: https://token.actions.githubusercontent.com
spec:
  images:
    - name: ghcr.io/kubewarden/audit-scanner:v1.33.1
      certificate-identity-regexp: https://github.com/kubewarden/kubewarden-controller/.github/workflows/release.yml@refs/tags/v1.33.1
    - name: ghcr.io/kubewarden/kubewarden-controller:v1.33.1
      certificate-identity-regexp: https://github.com/kubewarden/kubewarden-controller/.github/workflows/release.yml@refs/tags/v1.33.1
    - name: ghcr.io/kubewarden/policy-server:v1.33.1
      certificate-identity-regexp: https://github.com/kubewarden/kubewarden-controller/.github/workflows/release.yml@refs/tags/v1.33.1
---
# The policies are in a separated definition just to allow a better keyless validation
# without the need to duplicate configuration
apiVersion: content.hauler.cattle.io/v1
kind: Images
metadata:
  name: kubewarden-policies
  annotations:
    hauler.dev/certificate-oidc-issuer: https://token.actions.githubusercontent.com
    hauler.dev/certificate-identity-regexp: https://github.com/kubewarden/policies/.github/workflows/release.yml@refs/tags/.*
spec:
  images:
    - name: ghcr.io/kubewarden/policies/allow-privilege-escalation-psp:v1.0.10
    - name: ghcr.io/kubewarden/policies/capabilities-psp:v1.0.10
    - name: ghcr.io/kubewarden/policies/host-namespaces-psp:v1.1.8
    - name: ghcr.io/kubewarden/policies/hostpaths-psp:v1.1.7
    - name: ghcr.io/kubewarden/policies/pod-privileged:v1.0.10
    - name: ghcr.io/kubewarden/policies/user-group-psp:v1.1.5
---
# The policy reporter and kuberlr images are defined in the dedicated manifest section because
# the container images are not signed. Therefore, this difference is very clear
# to future readers.
apiVersion: content.hauler.cattle.io/v1
kind: Images
metadata:
  name: kubewarden-not-signed-images
spec:
  images:
    - name: ghcr.io/kyverno/policy-reporter-ui:2.5.1
    - name: ghcr.io/kyverno/policy-reporter:3.7.3
    - name: ghcr.io/rancher/kuberlr-kubectl:v8.0.0
---
apiVersion: content.hauler.cattle.io/v1
kind: Charts
metadata:
  name: kubewarden-helm-charts
spec:
  charts:
    - name: kubewarden-crds
      repoURL: https://charts.kubewarden.io
      version: 1.25.1
    - name: kubewarden-controller
      repoURL: https://charts.kubewarden.io
      version: 5.11.1
    - name: kubewarden-defaults
      repoURL: https://charts.kubewarden.io
      version: 3.11.1
    - name: policy-reporter
      version: 3.7.3
      repoURL: https://kyverno.github.io/policy-reporter
    - name: openreports
      version: 0.2.1
      repoURL: https://openreports.github.io/reports-api