Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jigar fips helm chart #483

Open
wants to merge 14 commits into
base: fips-helm-charts
Choose a base branch
from
Open

Jigar fips helm chart #483

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
e1cf4d7
fips image version pointed to the correct tag
jigar-joshi-nirmata Dec 23, 2024
8cdd84d
app version corrected in the charts
jigar-joshi-nirmata Dec 23, 2024
9f0555e
replacing the rc3 with rc2 and rechecking
jigar-joshi-nirmata Dec 23, 2024
4d2b2ea
upgrading rc2 to rc3
jigar-joshi-nirmata Dec 24, 2024
5af1526
updating the app version to non-rootuser-fix to test the non user fix
jigar-joshi-nirmata Dec 24, 2024
2ebf66c
using runAsNonRoot=true for all cases including fips
jigar-joshi-nirmata Dec 24, 2024
0eaeabe
charts will now explicitly set the runAsUser to a 1001 (appuser)
jigar-joshi-nirmata Dec 25, 2024
4377982
fixing the yaml issue due to removal of end statement
jigar-joshi-nirmata Dec 25, 2024
3d9ee72
indentation fix for the admission controller yaml
jigar-joshi-nirmata Dec 25, 2024
efba578
end statement added back in the admission controller
jigar-joshi-nirmata Dec 25, 2024
1180f61
fips values check added to support the non fips build
jigar-joshi-nirmata Dec 26, 2024
0edc990
fips values check added to support the non fips build in the backgrou…
jigar-joshi-nirmata Dec 26, 2024
bd70c87
fips values check added to support the non fips build in the cleanup …
jigar-joshi-nirmata Dec 26, 2024
befb590
fips values check added to support the non fips build in the reports …
jigar-joshi-nirmata Dec 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion charts/nirmata/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v2
type: application
name: kyverno
version: 3.2.9-rc2
appVersion: v1.12.6-n4k.nirmata.3-rc1
appVersion: non-rootuser-fix
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jigar-joshi-nirmata can you pls revert it back to previous tag, this will not affect the FIPS images tag

icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png
description: Kubernetes Native Policy Management
keywords:
Expand Down
2 changes: 1 addition & 1 deletion charts/nirmata/templates/_helpers/_image.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
{{- $fipsEnabled := .fipsEnabled -}}
{{- if $imageRegistry -}}
{{- if $fipsEnabled -}}
{{- print $imageRegistry "/" (required "An image repository is required" .image.repository) "-fips:fips-support-1-12" -}}
{{- print $imageRegistry "/" (required "An image repository is required" .image.repository) "-fips:non-rootuser-fix" -}}
{{- else -}}
{{- print $imageRegistry "/" (required "An image repository is required" .image.repository) ":" $tag -}}
{{- end -}}
Expand Down
16 changes: 10 additions & 6 deletions charts/nirmata/templates/admission-controller/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,9 +103,11 @@ spec:
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{ if not .Values.fipsEnabled }}
runAsNonRoot: true
{{- end }}
{{ if .Values.fipsEnabled }}
runAsUser: 1001
runAsGroup: 1001
{{- end }}
runAsNonRoot: true
env:
- name: KYVERNO_SERVICEACCOUNT_NAME
value: {{ template "kyverno.admission-controller.serviceAccountName" . }}
Expand Down Expand Up @@ -198,9 +200,11 @@ spec:
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{ if not .Values.fipsEnabled }}
runAsNonRoot: true
{{- end }}
{{ if .Values.fipsEnabled }}
runAsUser: 1001
runAsGroup: 1001
{{- end }}
runAsNonRoot: true
ports:
- containerPort: 9443
name: https
Expand Down
2 changes: 1 addition & 1 deletion charts/nirmata/templates/background-controller/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
{{- $fipsEnabled := .fipsEnabled -}}
{{- if $imageRegistry -}}
{{- if $fipsEnabled -}}
{{ .image.registry }}/{{ required "An image repository is required" .image.repository }}-fips:fips-support-1-12
{{ .image.registry }}/{{ required "An image repository is required" .image.repository }}-fips:non-rootuser-fix
{{- else -}}
{{ $imageRegistry }}/{{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }}
{{- end -}}
Expand Down
8 changes: 5 additions & 3 deletions charts/nirmata/templates/background-controller/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -164,9 +164,11 @@ spec:
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{ if not .Values.fipsEnabled }}
runAsNonRoot: true
{{- end }}
{{ if .Values.fipsEnabled }}
runAsUser: 1001
runAsGroup: 1001
{{- end }}
runAsNonRoot: true
{{- if or .Values.backgroundController.caCertificates.data .Values.global.caCertificates.data .Values.backgroundController.caCertificates.volume .Values.global.caCertificates.volume }}
volumeMounts:
- name: ca-certificates
Expand Down
2 changes: 1 addition & 1 deletion charts/nirmata/templates/cleanup-controller/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
{{- $fipsEnabled := .fipsEnabled -}}
{{- if $imageRegistry -}}
{{- if $fipsEnabled -}}
{{ .image.registry }}/{{ required "An image repository is required" .image.repository }}-fips:fips-support-1-12
{{ .image.registry }}/{{ required "An image repository is required" .image.repository }}-fips:non-rootuser-fix
{{- else -}}
{{ $imageRegistry }}/{{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }}
{{- end -}}
Expand Down
8 changes: 5 additions & 3 deletions charts/nirmata/templates/cleanup-controller/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -169,9 +169,11 @@ spec:
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{ if not .Values.fipsEnabled }}
runAsNonRoot: true
{{- end }}
{{ if .Values.fipsEnabled }}
runAsUser: 1001
runAsGroup: 1001
{{- end }}
runAsNonRoot: true
{{- with .Values.cleanupController.startupProbe }}
startupProbe:
{{- tpl (toYaml .) $ | nindent 12 }}
Expand Down
2 changes: 1 addition & 1 deletion charts/nirmata/templates/reports-controller/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
{{- $fipsEnabled := .fipsEnabled -}}
{{- if $imageRegistry -}}
{{- if $fipsEnabled -}}
{{ .image.registry }}/{{ required "An image repository is required" .image.repository }}-fips:fips-support-1-12
{{ .image.registry }}/{{ required "An image repository is required" .image.repository }}-fips:non-rootuser-fix
{{- else -}}
{{ $imageRegistry }}/{{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }}
{{- end -}}
Expand Down
8 changes: 5 additions & 3 deletions charts/nirmata/templates/reports-controller/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -174,9 +174,11 @@ spec:
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{ if not .Values.fipsEnabled }}
runAsNonRoot: true
{{- end }}
{{ if .Values.fipsEnabled }}
runAsUser: 1001
runAsGroup: 1001
{{- end }}
runAsNonRoot: true
volumeMounts:
- mountPath: {{ .Values.reportsController.tufRootMountPath }}
name: sigstore
Expand Down
Loading