chore: Prepare v3.11.0-rc.1 release

Signed-off-by: Sertac Ozercan <[email protected]>

Makefile

@@ -10,7 +10,7 @@ DEV_TAG ?= dev
 USE_LOCAL_IMG ?= false
 ENABLE_GENERATOR_EXPANSION ?= false
 
-VERSION := v3.11.0-beta.0
+VERSION := v3.11.0-rc.1
 
 KIND_VERSION ?= 0.17.0
 # note: k8s version pinned since KIND image availability lags k8s releases

charts/gatekeeper/Chart.yaml

@@ -1,10 +1,11 @@
 apiVersion: v2
 description: A Helm chart for Gatekeeper
 name: gatekeeper
+icon: https://open-policy-agent.github.io/gatekeeper/website/img/logo.svg
 keywords:
   - open policy agent
-version: 3.11.0-beta.0
+version: 3.11.0-rc.1
 home: https://github.com/open-policy-agent/gatekeeper
 sources:
   - https://github.com/open-policy-agent/gatekeeper.git
-appVersion: v3.11.0-beta.0
+appVersion: v3.11.0-rc.1

charts/gatekeeper/README.md

@@ -67,7 +67,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi
 | postInstall.labelNamespace.enabled            | Add labels to the namespace during post install hooks                                                                                                                                                                                               | `true`                                                                    |
 | postInstall.labelNamespace.extraNamespaces    | The extra namespaces that need to have the label during post upgrade hooks                                                                                                                                                                                               | `[]`                                                                       |
 | postInstall.labelNamespace.image.repository   | Image with kubectl to label the namespace                                                                                                                                                                                                           | `openpolicyagent/gatekeeper-crds`                                         |
-| postInstall.labelNamespace.image.tag          | Image tag                                                                                                                                                                                                                                           | Current release version: `v3.11.0-beta.0`                                  |
+| postInstall.labelNamespace.image.tag          | Image tag                                                                                                                                                                                                                                           | Current release version: `v3.11.0-rc.1`                                  |
 | postInstall.labelNamespace.image.pullPolicy   | Image pullPolicy                                                                                                                                                                                                                                    | `IfNotPresent`                                                            |
 | postInstall.labelNamespace.image.pullSecrets  | Image pullSecrets                                                                                                                                                                                                                                   | `[]`                                                                      |
 | postInstall.labelNamespace.extraRules         | Extra rules for the gatekeeper-update-namespace-label Role                                                                                                                                                                                          | `[]`                                                                      |
@@ -87,7 +87,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi
 | postUpgrade.labelNamespace.enabled            | Add labels to the namespace during post upgrade hooks                                                                                                                                                                                               | `false`                                                                    |
 | postUpgrade.labelNamespace.extraNamespaces    | The extra namespaces that need to have the label during post upgrade hooks                                                                                                                                                                                               | `[]`                                                                       |
 | postUpgrade.labelNamespace.image.repository   | Image with kubectl to label the namespace                                                                                                                                                                                                           | `openpolicyagent/gatekeeper-crds`                                         |
-| postUpgrade.labelNamespace.image.tag          | Image tag                                                                                                                                                                                                                                           | Current release version: `v3.11.0-beta.0`                                  |
+| postUpgrade.labelNamespace.image.tag          | Image tag                                                                                                                                                                                                                                           | Current release version: `v3.11.0-rc.1`                                  |
 | postUpgrade.labelNamespace.image.pullPolicy   | Image pullPolicy                                                                                                                                                                                                                                    | `IfNotPresent`                                                            |
 | postUpgrade.labelNamespace.image.pullSecrets  | Image pullSecrets                                                                                                                                                                                                                                   | `[]`
 | postUpgrade.affinity                          | The affinity to use for pod scheduling in postUpgrade hook jobs                                                                                                                                                                                     | `{}`                                                                      |
@@ -97,7 +97,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi
 | postUpgrade.securityContext                   | Security context applied on the container                                                                                                                                                                                                           | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` |
 | preUninstall.deleteWebhooks.enabled           | Delete webhooks before gatekeeper itself is uninstalled                                                                                                                                                                                             | `false`                                                                   |
 | preUninstall.deleteWebhooks.image.repository  | Image with kubectl to delete the webhooks                                                                                                                                                                                                           | `openpolicyagent/gatekeeper-crds`                                         |
-| preUninstall.deleteWebhooks.image.tag         | Image tag                                                                                                                                                                                                                                           | Current release version: `v3.11.0-beta.0`                                  |
+| preUninstall.deleteWebhooks.image.tag         | Image tag                                                                                                                                                                                                                                           | Current release version: `v3.11.0-rc.1`                                  |
 | preUninstall.deleteWebhooks.image.pullPolicy  | Image pullPolicy                                                                                                                                                                                                                                    | `IfNotPresent`                                                            |
 | preUninstall.deleteWebhooks.image.pullSecrets | Image pullSecrets                                                                                                                                                                                                                                   | `[]`                                                                      |
 | preUninstall.deleteWebhooks.extraRules        | Extra rules for the gatekeeper-delete-webhook-configs Role                                                                                                                                                                                          | `[]`                                                                      |
@@ -129,7 +129,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi
 | validatingWebhookExemptNamespacesLabels       | Additional namespace labels that will be exempt from the validating webhook. Please note that anyone in the cluster capable to manage namespaces will be able to skip all Gatekeeper validation by setting one of these labels for their namespace. | `{}`                                                                      |
 | validatingWebhookCustomRules                  | Custom rules for selecting which API resources trigger the webhook. Mutually exclusive with `enableDeleteOperations`. NOTE: If you change this, ensure all your constraints are still being enforced.                                               | `{}`                                                                      |
 | enableDeleteOperations                        | Enable validating webhook for delete operations. Does not work with `validatingWebhookCustomRules`                                                                                                                                                  | `false`                                                                   |
-| enableExternalData                            | Enable external data (alpha feature)                                                                                                                                                                                                                | `false`                                                                   |
+| enableExternalData                            | Enable external data                                                                                                                                                                                                                | `true`                                                                   |
 | enableGeneratorResourceExpansion              | Enable generator resource expansion (alpha feature)                                                                                                                                                                                                                | `false`                                                                   |
 | enableTLSHealthcheck                          | Enable probing webhook API with certificate stored in certDir                                                                                                                                                                                       | `false`                                                                   |
 | maxServingThreads                             | Limit the number of concurrent calls the validation backend made by the validation webhook. -1 limits this value to GOMAXPROCS. Configuring this value may lower max RAM usage and limit CPU throttling, Tuning it can optimize serving capacity.  | `-1`                                                                      |
@@ -147,7 +147,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi
 | logLevel                                      | Minimum log level                                                                                                                                                                                                                                   | `INFO`                                                                    |
 | image.pullPolicy                              | The image pull policy                                                                                                                                                                                                                               | `IfNotPresent`                                                            |
 | image.repository                              | Image repository                                                                                                                                                                                                                                    | `openpolicyagent/gatekeeper`                                              |
-| image.release                                 | The image release tag to use                                                                                                                                                                                                                        | Current release version: `v3.11.0-beta.0`                                  |
+| image.release                                 | The image release tag to use                                                                                                                                                                                                                        | Current release version: `v3.11.0-rc.1`                                  |
 | image.pullSecrets                             | Specify an array of imagePullSecrets                                                                                                                                                                                                                | `[]`                                                                      |
 | resources                                     | The resource request/limits for the container image                                                                                                                                                                                                 | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi                            |
 | nodeSelector                                  | The node selector to use for pod scheduling                                                                                                                                                                                                         | `kubernetes.io/os: linux`                                                 |

charts/gatekeeper/crds/assign-customresourcedefinition.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.8.0
+    controller-gen.kubebuilder.io/version: v0.10.0
   labels:
     gatekeeper.sh/system: "yes"
   name: assign.mutations.gatekeeper.sh

charts/gatekeeper/crds/assignmetadata-customresourcedefinition.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.8.0
+    controller-gen.kubebuilder.io/version: v0.10.0
   labels:
     gatekeeper.sh/system: "yes"
   name: assignmetadata.mutations.gatekeeper.sh

charts/gatekeeper/crds/config-customresourcedefinition.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.8.0
+    controller-gen.kubebuilder.io/version: v0.10.0
   labels:
     gatekeeper.sh/system: "yes"
   name: configs.config.gatekeeper.sh

charts/gatekeeper/crds/constraintpodstatus-customresourcedefinition.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.8.0
+    controller-gen.kubebuilder.io/version: v0.10.0
   labels:
     gatekeeper.sh/system: "yes"
   name: constraintpodstatuses.status.gatekeeper.sh

charts/gatekeeper/crds/constrainttemplate-customresourcedefinition.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.8.0
+    controller-gen.kubebuilder.io/version: v0.10.0
   labels:
     gatekeeper.sh/system: "yes"
   name: constrainttemplates.templates.gatekeeper.sh

charts/gatekeeper/crds/constrainttemplatepodstatus-customresourcedefinition.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.8.0
+    controller-gen.kubebuilder.io/version: v0.10.0
   labels:
     gatekeeper.sh/system: "yes"
   name: constrainttemplatepodstatuses.status.gatekeeper.sh

charts/gatekeeper/crds/expansiontemplate-customresourcedefinition.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.8.0
+    controller-gen.kubebuilder.io/version: v0.10.0
   labels:
     gatekeeper.sh/system: "yes"
   name: expansiontemplate.expansion.gatekeeper.sh
@@ -71,9 +71,3 @@ spec:
         type: object
     served: true
     storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/gatekeeper/crds/modifyset-customresourcedefinition.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.8.0
+    controller-gen.kubebuilder.io/version: v0.10.0
   labels:
     gatekeeper.sh/system: "yes"
   name: modifyset.mutations.gatekeeper.sh
@@ -674,9 +674,3 @@ spec:
     storage: false
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/gatekeeper/crds/mutatorpodstatus-customresourcedefinition.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.8.0
+    controller-gen.kubebuilder.io/version: v0.10.0
   labels:
     gatekeeper.sh/system: "yes"
   name: mutatorpodstatuses.status.gatekeeper.sh