diff --git a/README.md b/README.md index b8efa67..b57985b 100644 --- a/README.md +++ b/README.md @@ -19,8 +19,8 @@ Modern application security is embedded in the development workflow and follows * Reverse proxy functionality with request routing rules, TLS termination and remote IP extraction * Using native Envoy HTTP filters like Lua scripting, RBAC, ext_authz, JWT authentication * Content security filters for protecting against known attacks (OWASP Top 10) -* Access control to allow only authenticated users to access the protected services -* API security features like JSON parsing or OpenAPI specification enforcement +* Access control using OpenID Connect to allow only authenticated users to access the protected services +* API security features like JSON parsing, OpenAPI specification enforcement or GraphQL schema validation For a list of all features, view the **[comparison of the community and premium edition](https://docs.airlock.com/microgateway/latest/#data/1675772882054.html)**. ## Labs @@ -69,17 +69,17 @@ helm install cert-manager jetstack/cert-manager --version '1.15.1' -n cert-manag > **Note**: Certain environments such as OpenShift or GKE require non-default configurations when installing the CNI plugin. For the most common setups, values files are provided in the [chart folder](/deploy/charts/airlock-microgateway-cni). ```bash # Standard setup - helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.3.1' + helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.3.2' kubectl -n kube-system rollout status daemonset -l app.kubernetes.io/instance=airlock-microgateway-cni ``` ```bash # GKE setup - helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.3.1' -f https://raw.githubusercontent.com/airlock/microgateway/4.3.1/deploy/charts/airlock-microgateway-cni/gke-values.yaml + helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.3.2' -f https://raw.githubusercontent.com/airlock/microgateway/4.3.2/deploy/charts/airlock-microgateway-cni/gke-values.yaml kubectl -n kube-system rollout status daemonset -l app.kubernetes.io/instance=airlock-microgateway-cni ``` ```bash # OpenShift setup - helm install airlock-microgateway-cni -n openshift-operators oci://quay.io/airlockcharts/microgateway-cni --version '4.3.1' -f https://raw.githubusercontent.com/airlock/microgateway/4.3.1/deploy/charts/airlock-microgateway-cni/openshift-values.yaml + helm install airlock-microgateway-cni -n openshift-operators oci://quay.io/airlockcharts/microgateway-cni --version '4.3.2' -f https://raw.githubusercontent.com/airlock/microgateway/4.3.2/deploy/charts/airlock-microgateway-cni/openshift-values.yaml kubectl -n openshift-operators rollout status daemonset -l app.kubernetes.io/instance=airlock-microgateway-cni ``` **Important:** On OpenShift, all pods which should be protected by Airlock Microgateway must explicitly reference the Airlock Microgateway CNI NetworkAttachmentDefinition via the annotation `k8s.v1.cni.cncf.io/networks` (see [documentation](https://docs.airlock.com/microgateway/latest/#data/1658483168033.html) for details). @@ -87,15 +87,15 @@ helm install cert-manager jetstack/cert-manager --version '1.15.1' -n cert-manag 2. (Recommended) You can verify the correctness of the installation with `helm test`. ```bash # Standard and GKE setup - helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.1' + helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.2' helm test airlock-microgateway-cni -n kube-system --logs - helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.1' + helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.2' ``` ```bash # OpenShift setup - helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.1' + helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.2' helm test airlock-microgateway-cni -n openshift-operators --logs - helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.1' + helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.2' ``` Consult our [documentation](https://docs.airlock.com/microgateway/latest/#data/1699611533587.html) in case of any installation error. @@ -113,14 +113,14 @@ helm install cert-manager jetstack/cert-manager --version '1.15.1' -n cert-manag kubectl -n airlock-microgateway-system create secret generic airlock-microgateway-license --from-file=microgateway-license.txt # Install Operator (CRDs are included via the standard Helm 3 mechanism, i.e. Helm will handle initial installation but not upgrades) - helm install airlock-microgateway -n airlock-microgateway-system oci://quay.io/airlockcharts/microgateway --version '4.3.1' --wait + helm install airlock-microgateway -n airlock-microgateway-system oci://quay.io/airlockcharts/microgateway --version '4.3.2' --wait ``` 2. (Recommended) You can verify the correctness of the installation with `helm test`. ```bash - helm upgrade airlock-microgateway -n airlock-microgateway-system --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway --version '4.3.1' + helm upgrade airlock-microgateway -n airlock-microgateway-system --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway --version '4.3.2' helm test airlock-microgateway -n airlock-microgateway-system --logs - helm upgrade airlock-microgateway -n airlock-microgateway-system --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway --version '4.3.1' + helm upgrade airlock-microgateway -n airlock-microgateway-system --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway --version '4.3.2' ``` ### Upgrading CRDs @@ -128,7 +128,7 @@ helm install cert-manager jetstack/cert-manager --version '1.15.1' -n cert-manag The `helm install/upgrade` command currently does not support upgrading CRDs that already exist in the cluster. CRDs should instead be manually upgraded before upgrading the Operator itself via the following command: ```bash -kubectl apply -k https://github.com/airlock/microgateway/deploy/charts/airlock-microgateway/crds/?ref=4.3.1 --server-side --force-conflicts +kubectl apply -k https://github.com/airlock/microgateway/deploy/charts/airlock-microgateway/crds/?ref=4.3.2 --server-side --force-conflicts ``` **Note**: Certain GitOps solutions such as e.g. Argo CD or Flux CD have their own mechanisms for automatically upgrading CRDs included with Helm charts. diff --git a/deploy/charts/airlock-microgateway-cni/Chart.yaml b/deploy/charts/airlock-microgateway-cni/Chart.yaml index e174573..14d7f52 100644 --- a/deploy/charts/airlock-microgateway-cni/Chart.yaml +++ b/deploy/charts/airlock-microgateway-cni/Chart.yaml @@ -3,8 +3,8 @@ name: microgateway-cni description: A Helm chart for deploying the Airlock Microgateway CNI plugin type: application home: https://www.airlock.com/en/microgateway -version: "4.3.1" -appVersion: "4.3.1" +version: "4.3.2" +appVersion: "4.3.2" annotations: charts.openshift.io/name: Airlock Microgateway CNI artifacthub.io/category: security diff --git a/deploy/charts/airlock-microgateway-cni/README.md b/deploy/charts/airlock-microgateway-cni/README.md index 06e8e26..583f3ef 100644 --- a/deploy/charts/airlock-microgateway-cni/README.md +++ b/deploy/charts/airlock-microgateway-cni/README.md @@ -1,6 +1,6 @@ # Airlock Microgateway CNI -![Version: 4.3.1](https://img.shields.io/badge/Version-4.3.1-informational?style=flat-square) ![AppVersion: 4.3.1](https://img.shields.io/badge/AppVersion-4.3.1-informational?style=flat-square) +![Version: 4.3.2](https://img.shields.io/badge/Version-4.3.2-informational?style=flat-square) ![AppVersion: 4.3.2](https://img.shields.io/badge/AppVersion-4.3.2-informational?style=flat-square) *Airlock Microgateway is a Kubernetes native WAAP (Web Application and API Protection) solution to protect microservices.* @@ -13,15 +13,15 @@ Modern application security is embedded in the development workflow and follows DevSecOps paradigms. Airlock Microgateway is the perfect fit for these requirements. It is a lightweight alternative to the Airlock Gateway appliance, optimized for Kubernetes environments. Airlock Microgateway protects your applications and microservices with the tried-and-tested Airlock security features against attacks, while also providing a high degree of scalability. -__This Helm chart is part of Airlock Microgateway. See our [GitHub repo](https://github.com/airlock/microgateway/tree/4.3.1).__ +__This Helm chart is part of Airlock Microgateway. See our [GitHub repo](https://github.com/airlock/microgateway/tree/4.3.2).__ ### Features * Kubernetes native integration with its Operator, Custom Resource Definitions, hot-reload, automatic sidecar injection. * Reverse proxy functionality with request routing rules, TLS termination and remote IP extraction * Using native Envoy HTTP filters like Lua scripting, RBAC, ext_authz, JWT authentication * Content security filters for protecting against known attacks (OWASP Top 10) -* Access control to allow only authenticated users to access the protected services -* API security features like JSON parsing or OpenAPI specification enforcement +* Access control using OpenID Connect to allow only authenticated users to access the protected services +* API security features like JSON parsing, OpenAPI specification enforcement or GraphQL schema validation For a list of all features, view the **[comparison of the community and premium edition](https://docs.airlock.com/microgateway/latest/#data/1675772882054.html)**. @@ -47,17 +47,17 @@ The instructions below provide a quick start guide. Detailed information are pro > **Note**: Certain environments such as OpenShift or GKE require non-default configurations when installing the CNI plugin. For the most common setups, values files are provided in the [chart folder](/deploy/charts/airlock-microgateway-cni). ```bash # Standard setup - helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.3.1' + helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.3.2' kubectl -n kube-system rollout status daemonset -l app.kubernetes.io/instance=airlock-microgateway-cni ``` ```bash # GKE setup - helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.3.1' -f https://raw.githubusercontent.com/airlock/microgateway/4.3.1/deploy/charts/airlock-microgateway-cni/gke-values.yaml + helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.3.2' -f https://raw.githubusercontent.com/airlock/microgateway/4.3.2/deploy/charts/airlock-microgateway-cni/gke-values.yaml kubectl -n kube-system rollout status daemonset -l app.kubernetes.io/instance=airlock-microgateway-cni ``` ```bash # OpenShift setup - helm install airlock-microgateway-cni -n openshift-operators oci://quay.io/airlockcharts/microgateway-cni --version '4.3.1' -f https://raw.githubusercontent.com/airlock/microgateway/4.3.1/deploy/charts/airlock-microgateway-cni/openshift-values.yaml + helm install airlock-microgateway-cni -n openshift-operators oci://quay.io/airlockcharts/microgateway-cni --version '4.3.2' -f https://raw.githubusercontent.com/airlock/microgateway/4.3.2/deploy/charts/airlock-microgateway-cni/openshift-values.yaml kubectl -n openshift-operators rollout status daemonset -l app.kubernetes.io/instance=airlock-microgateway-cni ``` **Important:** On OpenShift, all pods which should be protected by Airlock Microgateway must explicitly reference the Airlock Microgateway CNI NetworkAttachmentDefinition via the annotation `k8s.v1.cni.cncf.io/networks` (see [documentation](https://docs.airlock.com/microgateway/latest/#data/1658483168033.html) for details). @@ -65,15 +65,15 @@ The instructions below provide a quick start guide. Detailed information are pro 2. (Recommended) You can verify the correctness of the installation with `helm test`. ```bash # Standard and GKE setup - helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.1' + helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.2' helm test airlock-microgateway-cni -n kube-system --logs - helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.1' + helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.2' ``` ```bash # OpenShift setup - helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.1' + helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.2' helm test airlock-microgateway-cni -n openshift-operators --logs - helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.1' + helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.2' ``` Consult our [documentation](https://docs.airlock.com/microgateway/latest/#data/1699611533587.html) in case of any installation error. @@ -98,10 +98,10 @@ For the community edition, check our **[Airlock community forum](https://forum.a | config.installMode | string | `"chained"` | Whether to install the CNI plugin as a `chained` plugin (default, required with most interface CNI providers), as a `standalone` plugin (required for use with Multus CNI, e.g. on OpenShift) or in `manual` mode, where no CNI network configuration is written. | | config.logLevel | string | `"info"` | Log level for the CNI installer and plugin. | | fullnameOverride | string | `""` | Allows overriding the name to use as full name of resources. | -| image.digest | string | `"sha256:bdd216c8a8c56a0eee0134f67772cbd75358640a0685cf5d71add653abb2c53b"` | SHA256 image digest to pull (in the format "sha256:7144f7bab3d4c2648d7e59409f15ec52a18006a128c733fcff20d3a4a54ba44a"). Overrides tag when specified. | +| image.digest | string | `"sha256:ed5ec546a65f0ae0bc3e058aafc1d2aa4848996b9f415fe6232486934443b460"` | SHA256 image digest to pull (in the format "sha256:7144f7bab3d4c2648d7e59409f15ec52a18006a128c733fcff20d3a4a54ba44a"). Overrides tag when specified. | | image.pullPolicy | string | `"IfNotPresent"` | Pull policy for this image. | | image.repository | string | `"quay.io/airlock/microgateway-cni"` | Image repository from which to pull the Airlock Microgateway CNI image. | -| image.tag | string | `"4.3.1"` | Image tag to pull. | +| image.tag | string | `"4.3.2"` | Image tag to pull. | | imagePullSecrets | list | `[]` | ImagePullSecrets to use when pulling images. | | multusNetworkAttachmentDefinition.create | bool | `false` | Whether a NetworkAttachmentDefinition CR should be created, which can be used for applying the CNI plugin to Pods. | | multusNetworkAttachmentDefinition.namespace | string | `"default"` | Namespace in which the NetworkAttachmentDefinition is deployed. Note: If namespace is set to a custom value, referencing the created NetworkAttachmentDefinition from other namespaces may not work if Multus namespace isolation is enabled. https://github.com/k8snetworkplumbingwg/multus-cni/blob/v4.0.2/docs/configuration.md#namespace-isolation | diff --git a/deploy/charts/airlock-microgateway-cni/templates/NOTES.txt b/deploy/charts/airlock-microgateway-cni/templates/NOTES.txt index e8aa458..bb94ff5 100644 --- a/deploy/charts/airlock-microgateway-cni/templates/NOTES.txt +++ b/deploy/charts/airlock-microgateway-cni/templates/NOTES.txt @@ -1,3 +1,15 @@ Thank you for installing Airlock Microgateway CNI. -For further information, please visit our documentation at https://docs.airlock.com/microgateway/{{ include "airlock-microgateway-cni.docsVersion" .}}. +Please ensure that the helm values'.config.cniNetDir' and '.config.cniBinDir' are configured for your Kubernetes distribution. +For further information, consider our manual https://docs.airlock.com/microgateway/{{ include "airlock-microgateway-cni.docsVersion" . }}. +The chapter 'Setup > Installation' describes how to set those settings correctly. + +Further information: +* Documentation: https://docs.airlock.com/microgateway/{{ include "airlock-microgateway-cni.docsVersion" . }} +* Airlock Microgateway Labs: https://play.instruqt.com/airlock/invite/hyi9fy4b4jzc?icp_referrer=helm + +Next steps: +* Install Airlock Microgateway (if not done already) + https://artifacthub.io/packages/helm/airlock-microgateway/microgateway + +Your release version is {{ .Chart.Version }}. \ No newline at end of file diff --git a/deploy/charts/airlock-microgateway-cni/tests/notes_test.yaml b/deploy/charts/airlock-microgateway-cni/tests/notes_test.yaml index ec69445..77e1b61 100644 --- a/deploy/charts/airlock-microgateway-cni/tests/notes_test.yaml +++ b/deploy/charts/airlock-microgateway-cni/tests/notes_test.yaml @@ -7,7 +7,7 @@ tests: appVersion: dev asserts: &latestDoc - matchRegexRaw: - pattern: ".*please visit our documentation at https://docs.airlock.com/microgateway/latest\\..*" + pattern: ".*Documentation: https://docs.airlock.com/microgateway/latest.*" - it: prerelease chart should describe latest doc links chart: appVersion: 4.2.0-ci @@ -17,4 +17,4 @@ tests: appVersion: 4.2.4 asserts: - matchRegexRaw: - pattern: ".*please visit our documentation at https://docs.airlock.com/microgateway/4.2\\..*" + pattern: ".*Documentation: https://docs.airlock.com/microgateway/4.2.*" diff --git a/deploy/charts/airlock-microgateway-cni/values.yaml b/deploy/charts/airlock-microgateway-cni/values.yaml index 8f51813..5aa03a4 100644 --- a/deploy/charts/airlock-microgateway-cni/values.yaml +++ b/deploy/charts/airlock-microgateway-cni/values.yaml @@ -15,10 +15,10 @@ image: # -- Image repository from which to pull the Airlock Microgateway CNI image. repository: "quay.io/airlock/microgateway-cni" # -- Image tag to pull. - tag: "4.3.1" + tag: "4.3.2" # -- SHA256 image digest to pull (in the format "sha256:7144f7bab3d4c2648d7e59409f15ec52a18006a128c733fcff20d3a4a54ba44a"). # Overrides tag when specified. - digest: "sha256:bdd216c8a8c56a0eee0134f67772cbd75358640a0685cf5d71add653abb2c53b" + digest: "sha256:ed5ec546a65f0ae0bc3e058aafc1d2aa4848996b9f415fe6232486934443b460" # -- Pull policy for this image. pullPolicy: IfNotPresent # -- Annotations to add to all Pods. diff --git a/deploy/charts/airlock-microgateway/Chart.yaml b/deploy/charts/airlock-microgateway/Chart.yaml index da2de40..94c3484 100644 --- a/deploy/charts/airlock-microgateway/Chart.yaml +++ b/deploy/charts/airlock-microgateway/Chart.yaml @@ -3,8 +3,8 @@ name: microgateway description: A Helm chart for deploying the Airlock Microgateway type: application home: https://www.airlock.com/en/microgateway -version: "4.3.1" -appVersion: "4.3.1" +version: "4.3.2" +appVersion: "4.3.2" annotations: charts.openshift.io/name: Airlock Microgateway artifacthub.io/category: security diff --git a/deploy/charts/airlock-microgateway/README.md b/deploy/charts/airlock-microgateway/README.md index f9a4c34..ddb2627 100644 --- a/deploy/charts/airlock-microgateway/README.md +++ b/deploy/charts/airlock-microgateway/README.md @@ -1,6 +1,6 @@ # Airlock Microgateway -![Version: 4.3.1](https://img.shields.io/badge/Version-4.3.1-informational?style=flat-square) ![AppVersion: 4.3.1](https://img.shields.io/badge/AppVersion-4.3.1-informational?style=flat-square) +![Version: 4.3.2](https://img.shields.io/badge/Version-4.3.2-informational?style=flat-square) ![AppVersion: 4.3.2](https://img.shields.io/badge/AppVersion-4.3.2-informational?style=flat-square) *Airlock Microgateway is a Kubernetes native WAAP (Web Application and API Protection) solution to protect microservices.* @@ -13,15 +13,15 @@ Modern application security is embedded in the development workflow and follows DevSecOps paradigms. Airlock Microgateway is the perfect fit for these requirements. It is a lightweight alternative to the Airlock Gateway appliance, optimized for Kubernetes environments. Airlock Microgateway protects your applications and microservices with the tried-and-tested Airlock security features against attacks, while also providing a high degree of scalability. -__This Helm chart is part of Airlock Microgateway. See our [GitHub repo](https://github.com/airlock/microgateway/tree/4.3.1).__ +__This Helm chart is part of Airlock Microgateway. See our [GitHub repo](https://github.com/airlock/microgateway/tree/4.3.2).__ ### Features * Kubernetes native integration with its Operator, Custom Resource Definitions, hot-reload, automatic sidecar injection. * Reverse proxy functionality with request routing rules, TLS termination and remote IP extraction * Using native Envoy HTTP filters like Lua scripting, RBAC, ext_authz, JWT authentication * Content security filters for protecting against known attacks (OWASP Top 10) -* Access control to allow only authenticated users to access the protected services -* API security features like JSON parsing or OpenAPI specification enforcement +* Access control using OpenID Connect to allow only authenticated users to access the protected services +* API security features like JSON parsing, OpenAPI specification enforcement or GraphQL schema validation For a list of all features, view the **[comparison of the community and premium edition](https://docs.airlock.com/microgateway/latest/#data/1675772882054.html)**. @@ -73,14 +73,14 @@ helm install cert-manager jetstack/cert-manager --version '1.15.1' -n cert-manag kubectl -n airlock-microgateway-system create secret generic airlock-microgateway-license --from-file=microgateway-license.txt # Install Operator (CRDs are included via the standard Helm 3 mechanism, i.e. Helm will handle initial installation but not upgrades) - helm install airlock-microgateway -n airlock-microgateway-system oci://quay.io/airlockcharts/microgateway --version '4.3.1' --wait + helm install airlock-microgateway -n airlock-microgateway-system oci://quay.io/airlockcharts/microgateway --version '4.3.2' --wait ``` 2. (Recommended) You can verify the correctness of the installation with `helm test`. ```bash - helm upgrade airlock-microgateway -n airlock-microgateway-system --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway --version '4.3.1' + helm upgrade airlock-microgateway -n airlock-microgateway-system --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway --version '4.3.2' helm test airlock-microgateway -n airlock-microgateway-system --logs - helm upgrade airlock-microgateway -n airlock-microgateway-system --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway --version '4.3.1' + helm upgrade airlock-microgateway -n airlock-microgateway-system --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway --version '4.3.2' ``` ### Upgrading CRDs @@ -88,7 +88,7 @@ helm install cert-manager jetstack/cert-manager --version '1.15.1' -n cert-manag The `helm install/upgrade` command currently does not support upgrading CRDs that already exist in the cluster. CRDs should instead be manually upgraded before upgrading the Operator itself via the following command: ```bash -kubectl apply -k https://github.com/airlock/microgateway/deploy/charts/airlock-microgateway/crds/?ref=4.3.1 --server-side --force-conflicts +kubectl apply -k https://github.com/airlock/microgateway/deploy/charts/airlock-microgateway/crds/?ref=4.3.2 --server-side --force-conflicts ``` **Note**: Certain GitOps solutions such as e.g. Argo CD or Flux CD have their own mechanisms for automatically upgrading CRDs included with Helm charts. @@ -116,10 +116,10 @@ For the community edition, check our **[Airlock community forum](https://forum.a | dashboards.instances.blockMetrics.create | bool | `true` | Whether to create the block metrics dashboard. | | dashboards.instances.license.create | bool | `true` | Whether to create the license dashboard. | | dashboards.instances.overview.create | bool | `true` | Whether to create the overview dashboard. | -| engine.image.digest | string | `"sha256:6be782cc3f3206bfa61f462812d2a495e114ae13c59a7cdaed7ca406d5bc1b01"` | SHA256 image digest to pull (in the format "sha256:a3051f42d3013813b05f7513bb86ed6a3209cb3003f1bb2f7b72df249aa544d3"). Overrides tag when specified. | +| engine.image.digest | string | `"sha256:8d42759d999e6b69efa9ef1ecfdc84dc1f8f6f1ca822c8d2d3ef8ff1e335b9c9"` | SHA256 image digest to pull (in the format "sha256:a3051f42d3013813b05f7513bb86ed6a3209cb3003f1bb2f7b72df249aa544d3"). Overrides tag when specified. | | engine.image.pullPolicy | string | `"IfNotPresent"` | Pull policy for this image. | | engine.image.repository | string | `"quay.io/airlock/microgateway-engine"` | Image repository from which to pull the Airlock Microgateway Engine image. | -| engine.image.tag | string | `"4.3.1"` | Image tag to pull. | +| engine.image.tag | string | `"4.3.2"` | Image tag to pull. | | engine.resources | object | `{}` | Resource restrictions to apply to the Airlock Microgateway Engine container. | | engine.sidecar.podMonitor.create | bool | `false` | Whether to create a PodMonitor resource for monitoring. | | engine.sidecar.podMonitor.labels | object | `{}` | Labels to add to the PodMonitor. | @@ -127,16 +127,16 @@ For the community edition, check our **[Airlock community forum](https://forum.a | imagePullSecrets | list | `[]` | ImagePullSecrets to use when pulling images. | | license.secretName | string | `"airlock-microgateway-license"` | Name of the secret containing the "microgateway-license.txt" key. | | nameOverride | string | `""` | Allows overriding the name to use instead of "microgateway". | -| networkValidator.image.digest | string | `"sha256:6626ab44066867687baa7bfcabedafce5adc50446be1207c90c3b211bd922f84"` | SHA256 image digest to pull (in the format "sha256:6626ab44066867687baa7bfcabedafce5adc50446be1207c90c3b211bd922f84"). Overrides tag when specified. | +| networkValidator.image.digest | string | `"sha256:d1c484f4b9ea6218e2b1925f6b08d54dd352c7aaf653977bbbbeeb21eb3e19dd"` | SHA256 image digest to pull (in the format "sha256:d1c484f4b9ea6218e2b1925f6b08d54dd352c7aaf653977bbbbeeb21eb3e19dd"). Overrides tag when specified. | | networkValidator.image.pullPolicy | string | `"IfNotPresent"` | Pull policy for this image. | | networkValidator.image.repository | string | `"cgr.dev/chainguard/netcat"` | Image repository from which to pull the netcat image for the Airlock Microgateway Network Validator init-container. | | networkValidator.image.tag | string | `""` | Image tag to pull. | | operator.affinity | object | `{}` | Custom affinity to apply to the operator Deployment. Used to influence the scheduling. | | operator.config.logLevel | string | `"info"` | Operator application log level. | -| operator.image.digest | string | `"sha256:84b6eb914103d4c62024d9f761b7dd4371ea3ba8996fb04095d87ebfaf3db2bb"` | SHA256 image digest to pull (in the format "sha256:c79ee3f85862fb386e9dd62b901b607161d27807f512d7fbdece05e9ee3d7c63"). Overrides tag when specified. | +| operator.image.digest | string | `"sha256:d22f2ca35603b805caa67dd07aba524c3e4d68c3b59f7ddfc0e22e7fc09a200c"` | SHA256 image digest to pull (in the format "sha256:c79ee3f85862fb386e9dd62b901b607161d27807f512d7fbdece05e9ee3d7c63"). Overrides tag when specified. | | operator.image.pullPolicy | string | `"IfNotPresent"` | Pull policy for this image. | | operator.image.repository | string | `"quay.io/airlock/microgateway-operator"` | Image repository from which to pull the Airlock Microgateway Operator image. | -| operator.image.tag | string | `"4.3.1"` | Image tag to pull. | +| operator.image.tag | string | `"4.3.2"` | Image tag to pull. | | operator.nodeSelector | object | `{}` | Custom nodeSelector to apply to the operator Deployment in order to constrain its Pods to certain nodes. | | operator.podAnnotations | object | `{}` | Annotations to add to all Pods. | | operator.podLabels | object | `{}` | Labels to add to all Pods. | @@ -154,10 +154,10 @@ For the community edition, check our **[Airlock community forum](https://forum.a | operator.updateStrategy | object | `{"type":"RollingUpdate"}` | Specifies the operator update strategy. | | operator.watchNamespaceSelector | object | `{}` | Allows to dynamically select watch namespaces of the operator and the scope of the webhooks based on a Namespace label selector. It is able to detect and reconcile resources in all namespaces that match the label selector automatically, even for new namespaces, without restarting the operator. This facilitates a dynamic `MultiNamespace` installation mode, but still requires cluster-scoped permissions (i.e., ClusterRoles and ClusterRoleBindings). An `AllNamespaces` installation or the usage of the `watchNamespaces` requires the `watchNamespaceSelector` to be empty. Please note that this feature requires a Premium license. | | operator.watchNamespaces | list | `[]` | Allows to restrict the operator to specific namespaces, depending on your needs. For a `OwnNamespace` or `SingleNamespace` installation the list may only contain one namespace (e.g., `watchNamespaces: ["airlock-microgateway-system"]`). In case of the `OwnNamespace` installation mode the specified namespace should be equal to the installation namespace. For a static `MultiNamespace` installation, the complete list of namespaces must be provided in the `watchNamespaces`. An `AllNamespaces` installation or the usage of the `watchNamespaceSelector` requires the `watchNamespaces` to be empty. Regardless of the installation modes supported by `watchNamespaces`, RBAC is created only namespace-scoped (using Roles and RoleBindings) in the respective namespaces. Please note that this feature requires a Premium license. | -| sessionAgent.image.digest | string | `"sha256:d62bdb16c74d340a81791be1696d620950d8232437676910bb6e5548411f2afd"` | SHA256 image digest to pull (in the format "sha256:a3051f42d3013813b05f7513bb86ed6a3209cb3003f1bb2f7b72df249aa544d3"). Overrides tag when specified. | +| sessionAgent.image.digest | string | `"sha256:d487f4099c267310debffe5d5cac168deeddf6082dafbee352550f2792b9609c"` | SHA256 image digest to pull (in the format "sha256:a3051f42d3013813b05f7513bb86ed6a3209cb3003f1bb2f7b72df249aa544d3"). Overrides tag when specified. | | sessionAgent.image.pullPolicy | string | `"IfNotPresent"` | Pull policy for this image. | | sessionAgent.image.repository | string | `"quay.io/airlock/microgateway-session-agent"` | Image repository from which to pull the Airlock Microgateway Session Agent image. | -| sessionAgent.image.tag | string | `"4.3.1"` | Image tag to pull. | +| sessionAgent.image.tag | string | `"4.3.2"` | Image tag to pull. | | sessionAgent.resources | object | `{}` | Resource restrictions to apply to the Airlock Microgateway Session Agent container. | | tests.enabled | bool | `false` | Whether additional resources required for running `helm test` should be created (e.g. Roles and ServiceAccounts). If set to false, `helm test` will not run any tests. | diff --git a/deploy/charts/airlock-microgateway/crds/accesscontrols.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/accesscontrols.microgateway.airlock.com.yaml index bdca25f..056dd32 100644 --- a/deploy/charts/airlock-microgateway/crds/accesscontrols.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/accesscontrols.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.1 + app.kubernetes.io/version: 4.3.2 name: accesscontrols.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/contentsecurities.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/contentsecurities.microgateway.airlock.com.yaml index 0172657..6d6092e 100644 --- a/deploy/charts/airlock-microgateway/crds/contentsecurities.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/contentsecurities.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.1 + app.kubernetes.io/version: 4.3.2 name: contentsecurities.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/denyrules.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/denyrules.microgateway.airlock.com.yaml index 6a73d53..e54df2e 100644 --- a/deploy/charts/airlock-microgateway/crds/denyrules.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/denyrules.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.1 + app.kubernetes.io/version: 4.3.2 name: denyrules.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/envoyclusters.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/envoyclusters.microgateway.airlock.com.yaml index 8d2c6ef..f5f2572 100644 --- a/deploy/charts/airlock-microgateway/crds/envoyclusters.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/envoyclusters.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.1 + app.kubernetes.io/version: 4.3.2 name: envoyclusters.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/envoyconfigurations.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/envoyconfigurations.microgateway.airlock.com.yaml index 38f381b..9a26a34 100644 --- a/deploy/charts/airlock-microgateway/crds/envoyconfigurations.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/envoyconfigurations.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.1 + app.kubernetes.io/version: 4.3.2 name: envoyconfigurations.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/envoyhttpfilters.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/envoyhttpfilters.microgateway.airlock.com.yaml index e0b7bb9..0b963ee 100644 --- a/deploy/charts/airlock-microgateway/crds/envoyhttpfilters.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/envoyhttpfilters.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.1 + app.kubernetes.io/version: 4.3.2 name: envoyhttpfilters.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/graphqls.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/graphqls.microgateway.airlock.com.yaml index 43a8b6f..5029d7e 100644 --- a/deploy/charts/airlock-microgateway/crds/graphqls.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/graphqls.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.1 + app.kubernetes.io/version: 4.3.2 name: graphqls.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/headerrewrites.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/headerrewrites.microgateway.airlock.com.yaml index 0916edd..166db49 100644 --- a/deploy/charts/airlock-microgateway/crds/headerrewrites.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/headerrewrites.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.1 + app.kubernetes.io/version: 4.3.2 name: headerrewrites.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/identitypropagations.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/identitypropagations.microgateway.airlock.com.yaml index 7cf5a5c..e01a242 100644 --- a/deploy/charts/airlock-microgateway/crds/identitypropagations.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/identitypropagations.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.1 + app.kubernetes.io/version: 4.3.2 name: identitypropagations.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/limits.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/limits.microgateway.airlock.com.yaml index 894573d..4dad85a 100644 --- a/deploy/charts/airlock-microgateway/crds/limits.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/limits.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.1 + app.kubernetes.io/version: 4.3.2 name: limits.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/oidcproviders.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/oidcproviders.microgateway.airlock.com.yaml index eba2dbf..7d2ef8e 100644 --- a/deploy/charts/airlock-microgateway/crds/oidcproviders.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/oidcproviders.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.1 + app.kubernetes.io/version: 4.3.2 name: oidcproviders.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/oidcrelyingparties.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/oidcrelyingparties.microgateway.airlock.com.yaml index 863f039..b1cba83 100644 --- a/deploy/charts/airlock-microgateway/crds/oidcrelyingparties.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/oidcrelyingparties.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.1 + app.kubernetes.io/version: 4.3.2 name: oidcrelyingparties.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/openapis.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/openapis.microgateway.airlock.com.yaml index 5f16d29..7ba7160 100644 --- a/deploy/charts/airlock-microgateway/crds/openapis.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/openapis.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.1 + app.kubernetes.io/version: 4.3.2 name: openapis.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/parsers.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/parsers.microgateway.airlock.com.yaml index 61e46f6..b3d51ef 100644 --- a/deploy/charts/airlock-microgateway/crds/parsers.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/parsers.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.1 + app.kubernetes.io/version: 4.3.2 name: parsers.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/redisproviders.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/redisproviders.microgateway.airlock.com.yaml index d7d37a5..32a23cb 100644 --- a/deploy/charts/airlock-microgateway/crds/redisproviders.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/redisproviders.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.1 + app.kubernetes.io/version: 4.3.2 name: redisproviders.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/sessionhandlings.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/sessionhandlings.microgateway.airlock.com.yaml index c4b51ef..da22e63 100644 --- a/deploy/charts/airlock-microgateway/crds/sessionhandlings.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/sessionhandlings.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.1 + app.kubernetes.io/version: 4.3.2 name: sessionhandlings.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/sidecargateways.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/sidecargateways.microgateway.airlock.com.yaml index 9639c94..c9ec220 100644 --- a/deploy/charts/airlock-microgateway/crds/sidecargateways.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/sidecargateways.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.1 + app.kubernetes.io/version: 4.3.2 name: sidecargateways.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/telemetries.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/telemetries.microgateway.airlock.com.yaml index 8f911d3..47d03cd 100644 --- a/deploy/charts/airlock-microgateway/crds/telemetries.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/telemetries.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.1 + app.kubernetes.io/version: 4.3.2 name: telemetries.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/templates/NOTES.txt b/deploy/charts/airlock-microgateway/templates/NOTES.txt index e38e3ca..6e5ce21 100644 --- a/deploy/charts/airlock-microgateway/templates/NOTES.txt +++ b/deploy/charts/airlock-microgateway/templates/NOTES.txt @@ -1,11 +1,22 @@ Thank you for installing Airlock Microgateway. -If you have not already done so, make sure that Airlock Microgateway CNI is also installed on the cluster. -For further information, please visit our documentation at https://docs.airlock.com/microgateway/{{ include "airlock-microgateway.docsVersion" .}}. -Detailed CRD API reference documentation is also available at https://docs.airlock.com/microgateway/{{ include "airlock-microgateway.docsVersion" .}}/api/crds. -{{ if .Values.crds.skipVersionCheck }} -- CRD version check skipped -{{- else }} +Please ensure the following prerequisites are fulfilled: +* Cert-Manager is installed. + https://cert-manager.io/docs/installation/helm/ +* Airlock Microgateway CNI is also installed on the cluster. + https://artifacthub.io/packages/helm/airlock-microgateway-cni/microgateway-cni +* A valid Airlock Microgateway license is deployed in the Kubernetes secret 'airlock-microgateway-license'. + * Get a free Community license: https://airlock.com/en/microgateway-community + * Order a Premium license: https://airlock.com/en/microgateway-premium + +Further information: +* Documentation: https://docs.airlock.com/microgateway/{{ include "airlock-microgateway.docsVersion" . }} +* CRD API reference documentation: https://docs.airlock.com/microgateway/{{ include "airlock-microgateway.docsVersion" . }}/api/crds +* Airlock Microgateway Labs: https://play.instruqt.com/airlock/invite/hyi9fy4b4jzc?icp_referrer=helm +{{- if .Values.crds.skipVersionCheck }} + +Warning: CRD version check skipped +{{- else -}} {{- $outdatedCRDs := (include "airlock-microgateway.outdatedCRDs" .) -}} {{- if $outdatedCRDs -}} {{- fail (printf ` @@ -20,9 +31,9 @@ If you are not using the helm install/upgrade command and instead rely on some o -}} {{- end -}} {{- end -}} -{{- if .Values.tests.enabled }} +{{- if .Values.tests.enabled -}} {{- if .Values.operator.watchNamespaces -}} - {{- if not (has .Release.Namespace .Values.operator.watchNamespaces) }} + {{- if not (has .Release.Namespace .Values.operator.watchNamespaces) -}} {{- fail (printf ` To execute 'helm test', it is necessary that the release namespace '%s' is part of the operator's watch scope. Either disable the tests or ensure that the release namespace is added to watch namspace list ('operator.watchNamespaces') in the helm values. @@ -31,4 +42,6 @@ To execute 'helm test', it is necessary that the release namespace '%s' is part -}} {{- end -}} {{- end -}} -{{- end }} \ No newline at end of file +{{- end }} + +Your release version is {{ .Chart.Version }}. \ No newline at end of file diff --git a/deploy/charts/airlock-microgateway/tests/notes_test.yaml b/deploy/charts/airlock-microgateway/tests/notes_test.yaml index bcb220d..f40eefe 100644 --- a/deploy/charts/airlock-microgateway/tests/notes_test.yaml +++ b/deploy/charts/airlock-microgateway/tests/notes_test.yaml @@ -7,9 +7,9 @@ tests: appVersion: dev asserts: &latestDoc - matchRegexRaw: - pattern: ".*please visit our documentation at https://docs.airlock.com/microgateway/latest\\..*" + pattern: ".*Documentation: https://docs.airlock.com/microgateway/latest.*" - matchRegexRaw: - pattern: ".*API reference documentation is also available at https://docs.airlock.com/microgateway/latest/api/crds\\..*" + pattern: ".*CRD API reference documentation: https://docs.airlock.com/microgateway/latest/api/crds.*" - it: prerelease chart should describe latest doc links chart: appVersion: 4.2.0-ci @@ -19,9 +19,9 @@ tests: appVersion: 4.2.4 asserts: - matchRegexRaw: - pattern: ".*please visit our documentation at https://docs.airlock.com/microgateway/4.2\\..*" + pattern: ".*Documentation: https://docs.airlock.com/microgateway/4.2.*" - matchRegexRaw: - pattern: ".*API reference documentation is also available at https://docs.airlock.com/microgateway/4.2/api/crds\\..*" + pattern: ".*CRD API reference documentation: https://docs.airlock.com/microgateway/4.2/api/crds.*" - it: should fail if tests are enabled and release namespace is not part of the watch namespaces release: name: myoperator diff --git a/deploy/charts/airlock-microgateway/values.yaml b/deploy/charts/airlock-microgateway/values.yaml index 120df19..36f513b 100644 --- a/deploy/charts/airlock-microgateway/values.yaml +++ b/deploy/charts/airlock-microgateway/values.yaml @@ -26,10 +26,10 @@ operator: # -- Image repository from which to pull the Airlock Microgateway Operator image. repository: "quay.io/airlock/microgateway-operator" # -- Image tag to pull. - tag: "4.3.1" + tag: "4.3.2" # -- SHA256 image digest to pull (in the format "sha256:c79ee3f85862fb386e9dd62b901b607161d27807f512d7fbdece05e9ee3d7c63"). # Overrides tag when specified. - digest: "sha256:84b6eb914103d4c62024d9f761b7dd4371ea3ba8996fb04095d87ebfaf3db2bb" + digest: "sha256:d22f2ca35603b805caa67dd07aba524c3e4d68c3b59f7ddfc0e22e7fc09a200c" # -- Pull policy for this image. pullPolicy: IfNotPresent # -- Annotations to add to all Pods. @@ -109,10 +109,10 @@ engine: # -- Image repository from which to pull the Airlock Microgateway Engine image. repository: "quay.io/airlock/microgateway-engine" # -- Image tag to pull. - tag: "4.3.1" + tag: "4.3.2" # -- SHA256 image digest to pull (in the format "sha256:a3051f42d3013813b05f7513bb86ed6a3209cb3003f1bb2f7b72df249aa544d3"). # Overrides tag when specified. - digest: "sha256:6be782cc3f3206bfa61f462812d2a495e114ae13c59a7cdaed7ca406d5bc1b01" + digest: "sha256:8d42759d999e6b69efa9ef1ecfdc84dc1f8f6f1ca822c8d2d3ef8ff1e335b9c9" # -- Pull policy for this image. pullPolicy: IfNotPresent # -- Resource restrictions to apply to the Airlock Microgateway Engine container. @@ -141,9 +141,9 @@ networkValidator: repository: "cgr.dev/chainguard/netcat" # -- Image tag to pull. tag: "" - # -- SHA256 image digest to pull (in the format "sha256:6626ab44066867687baa7bfcabedafce5adc50446be1207c90c3b211bd922f84"). + # -- SHA256 image digest to pull (in the format "sha256:d1c484f4b9ea6218e2b1925f6b08d54dd352c7aaf653977bbbbeeb21eb3e19dd"). # Overrides tag when specified. - digest: "sha256:6626ab44066867687baa7bfcabedafce5adc50446be1207c90c3b211bd922f84" + digest: "sha256:d1c484f4b9ea6218e2b1925f6b08d54dd352c7aaf653977bbbbeeb21eb3e19dd" # -- Pull policy for this image. pullPolicy: IfNotPresent sessionAgent: @@ -152,10 +152,10 @@ sessionAgent: # -- Image repository from which to pull the Airlock Microgateway Session Agent image. repository: "quay.io/airlock/microgateway-session-agent" # -- Image tag to pull. - tag: "4.3.1" + tag: "4.3.2" # -- SHA256 image digest to pull (in the format "sha256:a3051f42d3013813b05f7513bb86ed6a3209cb3003f1bb2f7b72df249aa544d3"). # Overrides tag when specified. - digest: "sha256:d62bdb16c74d340a81791be1696d620950d8232437676910bb6e5548411f2afd" + digest: "sha256:d487f4099c267310debffe5d5cac168deeddf6082dafbee352550f2792b9609c" # -- Pull policy for this image. pullPolicy: IfNotPresent # -- Resource restrictions to apply to the Airlock Microgateway Session Agent container.