-
Notifications
You must be signed in to change notification settings - Fork 56
Comparing changes
Open a pull request
base repository: kubernetes-sigs/windows-gmsa
base: v0.7.1
head repository: kubernetes-sigs/windows-gmsa
compare: v0.8.0
- 17 commits
- 19 files changed
- 4 contributors
Commits on Sep 29, 2023
-
Infer caBundle from .Values.certificates.secretName
Currently, `.Values.certificates.secretName` is no longer supported to provide the `caBundle` that should be supplied to the admission webhooks since the `certificates.cabundle` is no longer queried. This commit ensures that that functionality is restored for users who are deploying the certificate data as a k8s Secret. Here are the tests I ran with my changes: ```bash $ helm template gmsa charts/gmsa | yq e 'select(.kind == "MutatingWebhookConfiguration" or .kind == "ValidatingWebhookConfiguration") | .webhooks[].clientConfig.caBundle' null --- null $ helm template --set 'certificates.certManager.enabled=false' gmsa charts/gmsa | yq e 'select(.kind == "MutatingWebhookConfiguration" or .kind == "ValidatingWebhookConfiguration") | .webhooks[].clientConfig.caBundle' INSERT_CERTIFICATE_FROM_SECRET --- INSERT_CERTIFICATE_FROM_SECRET $ helm template --set 'certificates.certManager.enabled=false' --set 'certificates.caBundle="my-custom-ca-bundle"' gmsa charts/gmsa | yq e 'select(.kind == "MutatingWebhookConfiguration" or .kind == "ValidatingWebhookConfiguration") | .webhooks[].clientConfig.caBundle' $ helm template --set 'certificates.caBundle="my-custom-ca-bundle"' gmsa charts/gmsa | yq e 'select(.kind == "MutatingWebhookConfiguration" or .kind == "ValidatingWebhookConfiguration") | .webhooks[].clientConfig.caBundle' null --- null ```
Arvind Iyengar committedSep 29, 2023 Configuration menu - View commit details
-
Copy full SHA for 3cce8ea - Browse repository at this point
Copy the full SHA 3cce8eaView commit details -
Make formatting changes to the Helm chart
Arvind Iyengar committedSep 29, 2023 Configuration menu - View commit details
-
Copy full SHA for 4b3b800 - Browse repository at this point
Copy the full SHA 4b3b800View commit details -
Update comments on credential.domainJoinConfig
Arvind Iyengar committedSep 29, 2023 Configuration menu - View commit details
-
Copy full SHA for c99bc40 - Browse repository at this point
Copy the full SHA c99bc40View commit details -
Fix nodeselector to nodeSelector in Helm chart
Currently, the default `nodeselector` in the `values.yaml` of the Helm chart is incorrect since it doesn't actually do anything. ```bash $ helm template --set="nodeselector.hi=bye" gmsa charts/gmsa | yq e 'select(.kind == "Deployment") | .spec.template.spec.nodeSelector' kubernetes.io/os: linux $ helm template --set="nodeSelector.hi=bye" gmsa charts/gmsa | yq e 'select(.kind == "Deployment") | .spec.template.spec.nodeSelector' kubernetes.io/os: linux hi: bye ``` To fix this, I'm simply modifying `nodeselector` to `nodeSelector` in the default `values.yaml`.
Arvind Iyengar committedSep 29, 2023 Configuration menu - View commit details
-
Copy full SHA for a3020b7 - Browse repository at this point
Copy the full SHA a3020b7View commit details -
Ensure that securityContext can be set in Helm chart
According to the Kubernetes API reference docs, `podSecurityContext` should correspond to `spec.template.spec.securityContext`. I'm assuming that the intention of exposing `securityContext` here was to target the `[container]securityContext` of the main container, which should be `spec.template.spec.containers[0].securityContext`. However, since in the current implementation the `securityContext` and `podSecurityContext` are indented to the same line, one simply overrides the other. So you see this outcome, where the `securityContext` **overrides** the `podSecurityContext` **at a Pod level**: ```bash $ helm template --set="securityContext.hi=bye" --set="podSecurityContext.hi=windows" gmsa charts/gmsa | yq e 'select(.kind == "Deployment") | {"podSecurityContext": .spec.template.spec.securityContext, "containerSecurityContext": .spec.template.spec.containers[0].securityContext}' podSecurityContext: hi: bye containerSecurityContext: null ``` To fix this, this commit modifies the indentation to get the correct output. Here is the same command (and a couple of more tests) of the same thing: ```bash $ helm template gmsa charts/gmsa | yq e 'select(.kind == "Deployment") | {"podSecurityContext": .spec.template.spec.securityContext, "containerSecurityContexts": .spec.template.spec.containers[0].securityContext}' podSecurityContext: null containerSecurityContexts: null $ helm template --set="securityContext.hi=bye" gmsa charts/gmsa | yq e 'select(.kind == "Deployment") | {"podSecurityContext": .spec.template.spec.securityContext, "containerSecurityContext": .spec.template.spec.containers[0].securityContext}' podSecurityContext: null containerSecurityContext: hi: bye $ helm template --set="podSecurityContext.hi=windows" gmsa charts/gmsa | yq e 'select(.kind == "Deployment") | {"podSecurityContext": .spec.template.spec.securityContext, "containerSecurityContext": .spec.template.spec.containers[0].securityContext}' podSecurityContext: hi: windows containerSecurityContext: null $ helm template --set="securityContext.hi=bye" --set="podSecurityContext.hi=windows" gmsa charts/gmsa | yq e 'select(.kind == "Deployment") | {"podSecurityContext": .spec.template.spec.securityContext, "containerSecurityContext": .spec.template.spec.containers[0].securityContext}' podSecurityContext: hi: windows containerSecurityContext: hi: bye ```
Arvind Iyengar committedSep 29, 2023 Configuration menu - View commit details
-
Copy full SHA for 23da03f - Browse repository at this point
Copy the full SHA 23da03fView commit details -
Merge pull request #127 from aiyengar2/small_formatting_changes
Make formatting changes to the Helm chart
Configuration menu - View commit details
-
Copy full SHA for c814978 - Browse repository at this point
Copy the full SHA c814978View commit details -
Merge pull request #128 from aiyengar2/fix_node_selector
Fix nodeselector to nodeSelector in Helm chart
Configuration menu - View commit details
-
Copy full SHA for 2804879 - Browse repository at this point
Copy the full SHA 2804879View commit details
Commits on Oct 2, 2023
-
Merge pull request #130 from aiyengar2/fix_security_context
Ensure that securityContext can be set in Helm chart
Configuration menu - View commit details
-
Copy full SHA for 7fb3451 - Browse repository at this point
Copy the full SHA 7fb3451View commit details -
Add credential.hostAccountConfig for CCG scenario
This commit adds a new field `.Values.credential.hostAccountConfig` for situations where the default credential deployed by this chart utilizes CCG. Here are the tests I ran with my changes: ```bash $ helm template gmsa charts/gmsa | yq e 'select(.kind == "GMSACredentialSpec") | .credspec.ActiveDirectoryConfig.HostAccountConfig' $ helm template --set="credential.enabled=true" gmsa charts/gmsa | yq e 'select(.kind == "GMSACredentialSpec") | .credspec.ActiveDirectoryConfig.HostAccountConfig' null $ helm template --set="credential.enabled=true" --set="credential.hostAccountConfig.badkey=hi" gmsa charts/gmsa | yq e 'select(.kind == "GMSACredentialSpec") | .credspec.ActiveDirectoryConfig.HostAccountConfig' Error: execution error at (gmsa/templates/credentialspec.yaml:16:29): credential.hostAccountConfig.portableCCGVersion must be provided if credential.hostAccountConfig is set Use --debug flag to render out invalid YAML $ helm template --set="credential.enabled=true" --set="credential.hostAccountConfig.portableCcgVersion=1" --set="credential.hostAccountConfig.pluginGUID=myguid" gmsa charts/gmsa | yq e 'select(.kind == "GMSACredentialSpec") | .credspec.ActiveDirectoryConfig.HostAccountConfig' Error: execution error at (gmsa/templates/credentialspec.yaml:18:22): credential.hostAccountConfig.pluginInput must be provided if credential.hostAccountConfig is set Use --debug flag to render out invalid YAML $ helm template --set="credential.enabled=true" --set="credential.hostAccountConfig.pluginGUID=myguid" --set="credential.hostAccountConfig.pluginInput=myinput" gmsa charts/gmsa | yq e 'select(.kind == "GMSACredentialSpec") | .credspec.ActiveDirectoryConfig.HostAccountConfig' Error: execution error at (gmsa/templates/credentialspec.yaml:16:29): credential.hostAccountConfig.portableCCGVersion must be provided if credential.hostAccountConfig is set Use --debug flag to render out invalid YAML $ helm template --set="credential.enabled=true" --set="credential.hostAccountConfig.portableCcgVersion=1" --set="credential.hostAccountConfig.pluginInput=myinput" gmsa charts/gmsa | yq e 'select(.kind == "GMSACredentialSpec") | .credspec.ActiveDirectoryConfig.HostAccountConfig' Error: execution error at (gmsa/templates/credentialspec.yaml:17:38): credential.hostAccountConfig.pluginGUID must be provided if credential.hostAccountConfig is set Use --debug flag to render out invalid YAML $ helm template --set="credential.enabled=true" --set="credential.hostAccountConfig.portableCcgVersion=1" --set="credential.hostAccountConfig.pluginGUID=myguid" --set="credential.hostAccountConfig.pluginInput=myinput" gmsa charts/gmsa | yq e 'select(.kind == "GMSACredentialSpec") | .credspec.ActiveDirectoryConfig.HostAccountConfig' PortableCcgVersion: "1" PluginGUID: "{myguid}" PluginInput: "myinput" ```
Arvind Iyengar committedOct 2, 2023 Configuration menu - View commit details
-
Copy full SHA for df8319f - Browse repository at this point
Copy the full SHA df8319fView commit details
Commits on Oct 11, 2023
-
Bump golang.org/x/net from 0.13.0 to 0.17.0 in /admission-webhook
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.13.0 to 0.17.0. - [Commits](golang/net@v0.13.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7a0c265 - Browse repository at this point
Copy the full SHA 7a0c265View commit details
Commits on Oct 17, 2023
-
Merge pull request #125 from aiyengar2/support_non_domain_joined
Add credential.hostAccountConfig for CCG scenario
Configuration menu - View commit details
-
Copy full SHA for d35d560 - Browse repository at this point
Copy the full SHA d35d560View commit details -
Merge pull request #123 from aiyengar2/fix_certificates_secret_name
Infer caBundle from .Values.certificates.secretName
Configuration menu - View commit details
-
Copy full SHA for 545c6e0 - Browse repository at this point
Copy the full SHA 545c6e0View commit details -
Merge pull request #132 from kubernetes-sigs/dependabot/go_modules/ad…
…mission-webhook/golang.org/x/net-0.17.0 Bump golang.org/x/net from 0.13.0 to 0.17.0 in /admission-webhook
Configuration menu - View commit details
-
Copy full SHA for 37b1419 - Browse repository at this point
Copy the full SHA 37b1419View commit details
Commits on Nov 3, 2023
-
Signed-off-by: James Sturtevant <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 53c62f9 - Browse repository at this point
Copy the full SHA 53c62f9View commit details -
Merge pull request #134 from jsturtevant/bump-chart-version
Release latest chart changes
Configuration menu - View commit details
-
Copy full SHA for b1f80fc - Browse repository at this point
Copy the full SHA b1f80fcView commit details
Commits on Dec 14, 2023
-
Signed-off-by: James Sturtevant <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8e02e5f - Browse repository at this point
Copy the full SHA 8e02e5fView commit details -
Merge pull request #136 from jsturtevant/update-kuberetnes-129
Update to kubernetes 1.29
Configuration menu - View commit details
-
Copy full SHA for c201cde - Browse repository at this point
Copy the full SHA c201cdeView commit details
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff v0.7.1...v0.8.0