Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: kubernetes-sigs/windows-gmsa
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.7.1
Choose a base ref
...
head repository: kubernetes-sigs/windows-gmsa
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v0.8.0
Choose a head ref
  • 17 commits
  • 19 files changed
  • 4 contributors

Commits on Sep 29, 2023

  1. Infer caBundle from .Values.certificates.secretName 

    Currently, `.Values.certificates.secretName` is no longer supported to provide the `caBundle` that should be supplied to the admission webhooks since the `certificates.cabundle` is no longer queried.

This commit ensures that that functionality is restored for users who are deploying the certificate data as a k8s Secret.

Here are the tests I ran with my changes:

```bash
$ helm template gmsa charts/gmsa | yq e 'select(.kind == "MutatingWebhookConfiguration" or .kind == "ValidatingWebhookConfiguration") | .webhooks[].clientConfig.caBundle'
null
---
null

$ helm template --set 'certificates.certManager.enabled=false' gmsa charts/gmsa | yq e 'select(.kind == "MutatingWebhookConfiguration" or .kind == "ValidatingWebhookConfiguration") | .webhooks[].clientConfig.caBundle'
INSERT_CERTIFICATE_FROM_SECRET
---
INSERT_CERTIFICATE_FROM_SECRET

$ helm template --set 'certificates.certManager.enabled=false' --set 'certificates.caBundle="my-custom-ca-bundle"' gmsa charts/gmsa | yq e 'select(.kind == "MutatingWebhookConfiguration" or .kind == "ValidatingWebhookConfiguration") | .webhooks[].clientConfig.caBundle'

$ helm template --set 'certificates.caBundle="my-custom-ca-bundle"' gmsa charts/gmsa | yq e 'select(.kind == "MutatingWebhookConfiguration" or .kind == "ValidatingWebhookConfiguration") | .webhooks[].clientConfig.caBundle'
null
---
null
```
    Arvind Iyengar committed Sep 29, 2023
    Configuration menu
    Copy the full SHA
    3cce8ea View commit details
    Browse the repository at this point in the history

  2. Make formatting changes to the Helm chart

    Arvind Iyengar committed Sep 29, 2023
    Configuration menu
    Copy the full SHA
    4b3b800 View commit details
    Browse the repository at this point in the history

  3. Update comments on credential.domainJoinConfig

    Arvind Iyengar committed Sep 29, 2023
    Configuration menu
    Copy the full SHA
    c99bc40 View commit details
    Browse the repository at this point in the history

  4. Fix nodeselector to nodeSelector in Helm chart 

    Currently, the default `nodeselector` in the `values.yaml` of the Helm chart is incorrect since it doesn't actually do anything.

```bash
$ helm template --set="nodeselector.hi=bye" gmsa charts/gmsa | yq e 'select(.kind == "Deployment") | .spec.template.spec.nodeSelector'
kubernetes.io/os: linux

$ helm template --set="nodeSelector.hi=bye" gmsa charts/gmsa | yq e 'select(.kind == "Deployment") | .spec.template.spec.nodeSelector'
kubernetes.io/os: linux
hi: bye
```

To fix this, I'm simply modifying `nodeselector` to `nodeSelector` in the default `values.yaml`.
    Arvind Iyengar committed Sep 29, 2023
    Configuration menu
    Copy the full SHA
    a3020b7 View commit details
    Browse the repository at this point in the history

  5. Ensure that securityContext can be set in Helm chart 

    According to the Kubernetes API reference docs, `podSecurityContext` should correspond to `spec.template.spec.securityContext`.

I'm assuming that the intention of exposing `securityContext` here was to target the `[container]securityContext` of the main container, which should be `spec.template.spec.containers[0].securityContext`.

However, since in the current implementation the `securityContext` and `podSecurityContext` are indented to the same line, one simply overrides the other. So you see this outcome, where the `securityContext` **overrides** the `podSecurityContext` **at a Pod level**:

```bash
$ helm template --set="securityContext.hi=bye" --set="podSecurityContext.hi=windows" gmsa charts/gmsa | yq e 'select(.kind == "Deployment") | {"podSecurityContext": .spec.template.spec.securityContext, "containerSecurityContext": .spec.template.spec.containers[0].securityContext}'
podSecurityContext:
  hi: bye
containerSecurityContext: null
```

To fix this, this commit modifies the indentation to get the correct output. Here is the same command (and a couple of more tests) of the same thing:

```bash
$ helm template gmsa charts/gmsa | yq e 'select(.kind == "Deployment") | {"podSecurityContext": .spec.template.spec.securityContext, "containerSecurityContexts": .spec.template.spec.containers[0].securityContext}'
podSecurityContext: null
containerSecurityContexts: null

$ helm template --set="securityContext.hi=bye" gmsa charts/gmsa | yq e 'select(.kind == "Deployment") | {"podSecurityContext": .spec.template.spec.securityContext, "containerSecurityContext": .spec.template.spec.containers[0].securityContext}'
podSecurityContext: null
containerSecurityContext:
  hi: bye

$ helm template --set="podSecurityContext.hi=windows" gmsa charts/gmsa | yq e 'select(.kind == "Deployment") | {"podSecurityContext": .spec.template.spec.securityContext, "containerSecurityContext": .spec.template.spec.containers[0].securityContext}'
podSecurityContext:
  hi: windows
containerSecurityContext: null

$ helm template --set="securityContext.hi=bye" --set="podSecurityContext.hi=windows" gmsa charts/gmsa | yq e 'select(.kind == "Deployment") | {"podSecurityContext": .spec.template.spec.securityContext, "containerSecurityContext": .spec.template.spec.containers[0].securityContext}'
podSecurityContext:
  hi: windows
containerSecurityContext:
  hi: bye
```
    Arvind Iyengar committed Sep 29, 2023
    Configuration menu
    Copy the full SHA
    23da03f View commit details
    Browse the repository at this point in the history

  6. Merge pull request #127 from aiyengar2/small_formatting_changes 

    Make formatting changes to the Helm chart
    @k8s-ci-robot
    k8s-ci-robot committed Sep 29, 2023
    Configuration menu
    Copy the full SHA
    c814978 View commit details
    Browse the repository at this point in the history

  7. Merge pull request #128 from aiyengar2/fix_node_selector 

    Fix nodeselector to nodeSelector in Helm chart
    @k8s-ci-robot
    k8s-ci-robot committed Sep 29, 2023
    Configuration menu
    Copy the full SHA
    2804879 View commit details
    Browse the repository at this point in the history

Commits on Oct 2, 2023

  1. Merge pull request #130 from aiyengar2/fix_security_context 

    Ensure that securityContext can be set in Helm chart
    @k8s-ci-robot
    k8s-ci-robot committed Oct 2, 2023
    Configuration menu
    Copy the full SHA
    7fb3451 View commit details
    Browse the repository at this point in the history

  2. Add credential.hostAccountConfig for CCG scenario 

    This commit adds a new field `.Values.credential.hostAccountConfig` for situations where the default credential deployed by this chart utilizes CCG.

Here are the tests I ran with my changes:

```bash
$ helm template gmsa charts/gmsa | yq e 'select(.kind == "GMSACredentialSpec") | .credspec.ActiveDirectoryConfig.HostAccountConfig'

$ helm template --set="credential.enabled=true" gmsa charts/gmsa | yq e 'select(.kind == "GMSACredentialSpec") | .credspec.ActiveDirectoryConfig.HostAccountConfig'
null

$ helm template --set="credential.enabled=true" --set="credential.hostAccountConfig.badkey=hi" gmsa charts/gmsa | yq e 'select(.kind == "GMSACredentialSpec") | .credspec.ActiveDirectoryConfig.HostAccountConfig'
Error: execution error at (gmsa/templates/credentialspec.yaml:16:29): credential.hostAccountConfig.portableCCGVersion must be provided if credential.hostAccountConfig is set

Use --debug flag to render out invalid YAML

$ helm template --set="credential.enabled=true" --set="credential.hostAccountConfig.portableCcgVersion=1" --set="credential.hostAccountConfig.pluginGUID=myguid" gmsa charts/gmsa | yq e 'select(.kind == "GMSACredentialSpec") | .credspec.ActiveDirectoryConfig.HostAccountConfig'
Error: execution error at (gmsa/templates/credentialspec.yaml:18:22): credential.hostAccountConfig.pluginInput must be provided if credential.hostAccountConfig is set

Use --debug flag to render out invalid YAML

$ helm template --set="credential.enabled=true" --set="credential.hostAccountConfig.pluginGUID=myguid" --set="credential.hostAccountConfig.pluginInput=myinput" gmsa charts/gmsa | yq e 'select(.kind == "GMSACredentialSpec") | .credspec.ActiveDirectoryConfig.HostAccountConfig'
Error: execution error at (gmsa/templates/credentialspec.yaml:16:29): credential.hostAccountConfig.portableCCGVersion must be provided if credential.hostAccountConfig is set

Use --debug flag to render out invalid YAML

$ helm template --set="credential.enabled=true" --set="credential.hostAccountConfig.portableCcgVersion=1" --set="credential.hostAccountConfig.pluginInput=myinput" gmsa charts/gmsa | yq e 'select(.kind == "GMSACredentialSpec") | .credspec.ActiveDirectoryConfig.HostAccountConfig'
Error: execution error at (gmsa/templates/credentialspec.yaml:17:38): credential.hostAccountConfig.pluginGUID must be provided if credential.hostAccountConfig is set

Use --debug flag to render out invalid YAML

$ helm template --set="credential.enabled=true" --set="credential.hostAccountConfig.portableCcgVersion=1" --set="credential.hostAccountConfig.pluginGUID=myguid" --set="credential.hostAccountConfig.pluginInput=myinput" gmsa charts/gmsa | yq e 'select(.kind == "GMSACredentialSpec") | .credspec.ActiveDirectoryConfig.HostAccountConfig'
PortableCcgVersion: "1"
PluginGUID: "{myguid}"
PluginInput: "myinput"
```
    Arvind Iyengar committed Oct 2, 2023
    Configuration menu
    Copy the full SHA
    df8319f View commit details
    Browse the repository at this point in the history

Commits on Oct 11, 2023

  1. Bump golang.org/x/net from 0.13.0 to 0.17.0 in /admission-webhook 

    Bumps [golang.org/x/net](https://github.com/golang/net) from 0.13.0 to 0.17.0.
- [Commits](golang/net@v0.13.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] committed Oct 11, 2023
    Configuration menu
    Copy the full SHA
    7a0c265 View commit details
    Browse the repository at this point in the history

Commits on Oct 17, 2023

  1. Merge pull request #125 from aiyengar2/support_non_domain_joined 

    Add credential.hostAccountConfig for CCG scenario
    @k8s-ci-robot
    k8s-ci-robot committed Oct 17, 2023
    Configuration menu
    Copy the full SHA
    d35d560 View commit details
    Browse the repository at this point in the history

  2. Merge pull request #123 from aiyengar2/fix_certificates_secret_name 

    Infer caBundle from .Values.certificates.secretName
    @jsturtevant
    jsturtevant committed Oct 17, 2023
    Configuration menu
    Copy the full SHA
    545c6e0 View commit details
    Browse the repository at this point in the history

  3. Merge pull request #132 from kubernetes-sigs/dependabot/go_modules/ad… 

    …mission-webhook/golang.org/x/net-0.17.0

Bump golang.org/x/net from 0.13.0 to 0.17.0 in /admission-webhook
    @jsturtevant
    jsturtevant committed Oct 17, 2023
    Configuration menu
    Copy the full SHA
    37b1419 View commit details
    Browse the repository at this point in the history

Commits on Nov 3, 2023

  1. Release latest chart changes 

    Signed-off-by: James Sturtevant <[email protected]>
    @jsturtevant
    jsturtevant committed Nov 3, 2023
    Configuration menu
    Copy the full SHA
    53c62f9 View commit details
    Browse the repository at this point in the history

  2. Merge pull request #134 from jsturtevant/bump-chart-version 

    Release latest chart changes
    @k8s-ci-robot
    k8s-ci-robot committed Nov 3, 2023
    Configuration menu
    Copy the full SHA
    b1f80fc View commit details
    Browse the repository at this point in the history

Commits on Dec 14, 2023

  1. Update to kubernetes 1.29 

    Signed-off-by: James Sturtevant <[email protected]>
    @jsturtevant
    jsturtevant committed Dec 14, 2023
    Configuration menu
    Copy the full SHA
    8e02e5f View commit details
    Browse the repository at this point in the history

  2. Merge pull request #136 from jsturtevant/update-kuberetnes-129 

    Update to kubernetes 1.29
    @k8s-ci-robot
    k8s-ci-robot committed Dec 14, 2023
    Configuration menu
    Copy the full SHA
    c201cde View commit details
    Browse the repository at this point in the history
Loading