Skip to content

Commit

Permalink
Merge pull request #530 from vardhaman22/v1.1/add-validate-psp-instal…
Browse files Browse the repository at this point in the history 
…l-template

[release/v1.1] added validate-psp-install and validate-install-crd templates
  • Loading branch information
@vardhaman22
vardhaman22 authored Dec 4, 2024
2 parents 91ebc51 + db210f6 commit 94c762a
Show file tree
Hide file tree
Showing 5 changed files with 1,620 additions and 89 deletions.
17 changes: 17 additions & 0 deletions chart/templates/validate-install-crd.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
# {{- $found := dict -}}
# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}}
# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}}
# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}}
# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}}
# {{- range .Capabilities.APIVersions -}}
# {{- if hasKey $found (toString .) -}}
# {{- set $found (toString .) true -}}
# {{- end -}}
# {{- end -}}
# {{- range $_, $exists := $found -}}
# {{- if (eq $exists false) -}}
# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
# {{- end -}}
# {{- end -}}
#{{- end -}}
7 changes: 7 additions & 0 deletions chart/templates/validate-psp-install.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
#{{- if .Values.global.cattle.psp.enabled }}
#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}}
#{{- end }}
#{{- end }}
#{{- end }}
2 changes: 1 addition & 1 deletion chart/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
image:
cisoperator:
repository: rancher/cis-operator
tag: v1.1.1
tag: v1.1.2
securityScan:
repository: rancher/security-scan
tag: v0.3.1
Expand Down
27 changes: 17 additions & 10 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,30 +4,37 @@ go 1.22.0

toolchain go1.22.10

// pinned these to keep deps at v0.30.x only, kube-bench bump is causing these to get updated
replace (
k8s.io/api => k8s.io/api v0.30.7
k8s.io/apimachinery => k8s.io/apimachinery v0.30.7
k8s.io/client-go => k8s.io/client-go v0.30.7
)

require (
github.com/blang/semver v3.5.1+incompatible
github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.76.2
github.com/prometheus-operator/prometheus-operator/pkg/client v0.76.2
github.com/prometheus/client_golang v1.20.5
github.com/rancher/kubernetes-provider-detector v0.1.5
github.com/rancher/lasso v0.0.0-20240828170735-d79536cac289
github.com/rancher/security-scan v0.3.0
github.com/rancher/security-scan v0.3.1
github.com/rancher/wrangler/v3 v3.0.0
github.com/robfig/cron v1.2.0
github.com/sirupsen/logrus v1.9.3
github.com/urfave/cli v1.22.16
golang.org/x/crypto/x509roots/fallback v0.0.0-20231030152948-74c2ba9521f1
k8s.io/api v0.30.7
k8s.io/api v0.31.2
k8s.io/apiextensions-apiserver v0.30.7
k8s.io/apimachinery v0.30.7
k8s.io/client-go v0.30.7
k8s.io/apimachinery v0.31.2
k8s.io/client-go v0.31.2
)

require (
github.com/aquasecurity/kube-bench v0.9.1 // indirect
github.com/aws/aws-sdk-go-v2 v1.31.0 // indirect
github.com/aws/aws-sdk-go-v2/service/securityhub v1.53.3 // indirect
github.com/aws/smithy-go v1.21.0 // indirect
github.com/aquasecurity/kube-bench v0.9.2 // indirect
github.com/aws/aws-sdk-go-v2 v1.32.4 // indirect
github.com/aws/aws-sdk-go-v2/service/securityhub v1.54.6 // indirect
github.com/aws/smithy-go v1.22.0 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/cespare/xxhash/v2 v2.3.0 // indirect
github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect
Expand All @@ -41,7 +48,7 @@ require (
github.com/go-openapi/jsonreference v0.21.0 // indirect
github.com/go-openapi/swag v0.23.0 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/glog v1.2.2 // indirect
github.com/golang/glog v1.2.3 // indirect
github.com/golang/protobuf v1.5.4 // indirect
github.com/google/gnostic-models v0.6.8 // indirect
github.com/google/go-cmp v0.6.0 // indirect
Expand Down Expand Up @@ -79,7 +86,7 @@ require (
golang.org/x/net v0.28.0 // indirect
golang.org/x/oauth2 v0.22.0 // indirect
golang.org/x/sync v0.8.0 // indirect
golang.org/x/sys v0.24.0 // indirect
golang.org/x/sys v0.25.0 // indirect
golang.org/x/term v0.23.0 // indirect
golang.org/x/text v0.17.0 // indirect
golang.org/x/time v0.6.0 // indirect
Expand Down
Loading

0 comments on commit 94c762a

Please sign in to comment.