Merge pull request #553 from hectorj2f/unify_policy_controllers

Unify policy controllers

charts/policy-controller/Chart.yaml

@@ -8,8 +8,8 @@ sources:
 type: application
 
 name: policy-controller
-version: 0.5.9
-appVersion: 0.7.0
+version: 0.6.0
+appVersion: 0.8.0
 
 maintainers:
   - name: dlorenc
@@ -19,6 +19,4 @@ annotations:
   artifacthub.io/license: Apache-2.0
   artifacthub.io/images: |
     - name: policy-controller
-      image: ghcr.io/sigstore/policy-controller/policy-controller:v0.7.0@sha256:947693aa3a536992bc89f3c7ded8a7707b26cd4518972f293edd3e57e112438e
-    - name: policywebhook
-      image: ghcr.io/sigstore/policy-controller/policy-webhook:v0.7.0@sha256:3a3581032ff69991ddd9f19faf8acd059c8fb0ba8d3b0164a13b99a096880c84
+      image: ghcr.io/sigstore/policy-controller/policy-controller:v0.8.0@sha256:e91bcd954394b414d3b80adfc2cefdae84dd7985fb938a895471eb34aac57744

charts/policy-controller/README.md

@@ -27,40 +27,15 @@ The Helm chart for Policy  Controller
 | cosign.webhookName | string | `"policy.sigstore.dev"` |  |
 | imagePullSecrets | list | `[]` |  |
 | installCRDs | bool | `true` |  |
-| policywebhook.configData | object | `{}` | Set the data of the `policy-config-controller` configmap |
-| policywebhook.env | object | `{}` |  |
-| policywebhook.extraArgs | object | `{}` |  |
-| policywebhook.image.pullPolicy | string | `"IfNotPresent"` |  |
-| policywebhook.image.repository | string | `"ghcr.io/sigstore/policy-controller/policy-webhook"` |  |
-| policywebhook.image.version | string | `"sha256:3a3581032ff69991ddd9f19faf8acd059c8fb0ba8d3b0164a13b99a096880c84"` | `"v0.7.0"` |
-| policywebhook.podSecurityContext.allowPrivilegeEscalation | bool | `false` |  |
-| policywebhook.podSecurityContext.capabilities.drop[0] | string | `"ALL"` |  |
-| policywebhook.podSecurityContext.enabled | bool | `true` |  |
-| policywebhook.podSecurityContext.readOnlyRootFilesystem | bool | `true` |  |
-| policywebhook.podSecurityContext.runAsNonRoot | bool | `true` |  |
-| policywebhook.replicaCount | int | `1` |  |
-| policywebhook.resources.limits.cpu | string | `"100m"` |  |
-| policywebhook.resources.limits.memory | string | `"256Mi"` |  |
-| policywebhook.resources.requests.cpu | string | `"100m"` |  |
-| policywebhook.resources.requests.memory | string | `"128Mi"` |  |
-| policywebhook.securityContext.enabled | bool | `false` |  |
-| policywebhook.securityContext.runAsUser | int | `65532` |  |
-| policywebhook.service.annotations | object | `{}` |  |
-| policywebhook.service.port | int | `443` |  |
-| policywebhook.service.type | string | `"ClusterIP"` |  |
-| policywebhook.serviceAccount.annotations | object | `{}` |  |
-| policywebhook.serviceAccount.create | bool | `true` |  |
-| policywebhook.serviceAccount.name | string | `""` |  |
-| policywebhook.volumeMounts | list | `[]` |  |
-| policywebhook.volumes | list | `[]` |  |
-| policywebhook.webhookNames.defaulting | string | `"defaulting.clusterimagepolicy.sigstore.dev"` |  |
-| policywebhook.webhookNames.validating | string | `"validating.clusterimagepolicy.sigstore.dev"` |  |
+| webhook.configData | object | `{}` | Set the data of the `policy-config-controller` configmap |
+| webhook.webhookNames.defaulting | string | `"defaulting.clusterimagepolicy.sigstore.dev"` |  |
+| webhook.webhookNames.validating | string | `"validating.clusterimagepolicy.sigstore.dev"` |  |
 | serviceMonitor.enabled | bool | `false` |  |
 | webhook.env | object | `{}` |  |
 | webhook.extraArgs | object | `{}` |  |
 | webhook.image.pullPolicy | string | `"IfNotPresent"` |  |
 | webhook.image.repository | string | `"ghcr.io/sigstore/policy-controller/policy-controller"` |  |
-| webhook.image.version | string | `"sha256:947693aa3a536992bc89f3c7ded8a7707b26cd4518972f293edd3e57e112438e"` | `"v0.7.0"` |
+| webhook.image.version | string | `"sha256:e91bcd954394b414d3b80adfc2cefdae84dd7985fb938a895471eb34aac57744"` | `"v0.8.0"` |
 | webhook.name | string | `"webhook"` |  |
 | webhook.failurePolicy | string | `"Fail"` |  |
 | webhook.namespaceSelector.matchExpressions[0].key | string | `"policy.sigstore.dev/include"` |  |

charts/policy-controller/templates/_helpers.tpl

@@ -50,17 +50,6 @@ app.kubernetes.io/name: {{ include "policy-controller.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
-{{/*
-Create the name of the service account to use for policy-controller
-*/}}
-{{- define "policywebhook.serviceAccountName" -}}
-{{- if .Values.policywebhook.serviceAccount.create }}
-{{- default ( print (include "policy-controller.fullname" .) "-policy-webhook" ) .Values.policywebhook.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.policywebhook.serviceAccount.name }}
-{{- end }}
-{{- end }}
-
 {{/*
 Create the name of the service account to use for webhook
 */}}
@@ -127,16 +116,6 @@ Create the image path for the passed in image field
 {{- end -}}
 {{- end -}}
 
-{{/*
-Create the image path for the passed in policy-webhook image field
-*/}}
-{{- define "policywebhook.image" -}}
-{{- if eq (substr 0 7 .version) "sha256:" -}}
-{{- printf "%s@%s" .repository .version -}}
-{{- else -}}
-{{- printf "%s:%s" .repository .version -}}
-{{- end -}}
-{{- end -}}
 
 {{/*
 Create the image path for the passed in leases-cleanup image field

charts/policy-controller/templates/crds/clusterimagepolicy.yaml

@@ -22,7 +22,7 @@ spec:
       conversionReviewVersions: ["v1beta1", "v1alpha1"]
       clientConfig:
         service:
-          name: policy-webhook
+          name: webhook
           namespace: {{ .Release.Namespace }}
   group: policy.sigstore.dev
   names: