Merge branch 'main' into add-config-policies-for-s3

.chainsaw-config.yaml

@@ -8,8 +8,8 @@ spec:
   timeouts:
     apply: 1m30s
     assert: 1m30s
-    cleanup: 2m30s
-    delete: 1m30s
+    cleanup: 3m30s
+    delete: 2m30s
     error: 1m30s
     exec: 1m30s
   fullName: true

.github/workflows/chainsaw-e2e.yaml

@@ -15,8 +15,8 @@ jobs:
     strategy:
       fail-fast: false    
       matrix:
-        k8s-version: [v1.29.2, v1.28.0, v1.27.3, v1.26.3, v1.25.8, v1.24.12]
-        n4k-chart-version: [3.0.29]
+        k8s-version: [v1.30.0, v1.29.4, v1.28.9]
+        n4k-chart-version: [3.0.30]
 
     steps:
       - name: Checkout
@@ -53,8 +53,8 @@ jobs:
     strategy:
       fail-fast: false    
       matrix:
-        k8s-version: [v1.29.2, v1.28.0, v1.27.3, v1.26.3, v1.25.8]
-        n4k-chart-version: [3.1.14]
+        k8s-version: [v1.30.0, v1.29.4, v1.28.9]
+        n4k-chart-version: [3.1.18, 3.2.2-rc3]
 
     steps:
       - name: Checkout
@@ -92,7 +92,7 @@ jobs:
       fail-fast: false    
       matrix:
         k8s-version: [v1.27.3, v1.26.3]
-        n4k-chart-version: [3.1.14]
+        n4k-chart-version: [3.1.18, 3.2.1]
 
     steps:
       - name: Checkout
@@ -124,8 +124,8 @@ jobs:
     strategy:
       fail-fast: false    
       matrix:
-        k8s-version: [v1.29.2, v1.28.0]
-        n4k-chart-version: [3.1.14]
+        k8s-version: [v1.30.0, v1.29.4, v1.28.9]
+        n4k-chart-version: [3.1.18, 3.2.1]
 
     steps:
       - name: Checkout

Makefile

@@ -7,7 +7,7 @@ USE_CONFIG           ?= standard
 
 TOOLS_DIR                          := $(PWD)/.tools
 KIND                               := $(TOOLS_DIR)/kind
-KIND_VERSION                       := v0.22.0
+KIND_VERSION                       := v0.23.0
 KIND_VAP_ALPHA_CONFIG			   := $(PWD)/.github/scripts/config/kind/vap-v1alpha1.yaml
 KIND_VAP_BETA_CONFIG			   := $(PWD)/.github/scripts/config/kind/vap-v1beta1.yaml
 HELM_VALUES_VAP					   := $(PWD)/.github/scripts/config/helm/values-vap.yaml
@@ -52,10 +52,15 @@ test-chainsaw-vap:
 
 ## Create kind cluster
 .PHONY: kind-create-cluster
-kind-create-cluster: $(KIND) 
+kind-create-cluster: $(KIND)
 	@echo Create kind cluster... >&2
+ifeq ($(K8S_VERSION),v1.22.17)
+	@echo Create kind cluster with kind-config-2.yaml... >&2
+	@$(KIND) create cluster --name $(KIND_NAME) --image $(KIND_IMAGE) --config kind-config-1-22.yaml
+else
+	@echo Create kind cluster with default configuration... >&2
 	@$(KIND) create cluster --name $(KIND_NAME) --image $(KIND_IMAGE)
-
+endif
 ## Create kind cluster with alpha VAP enabled
 .PHONY: kind-create-cluster-vap-alpha
 kind-create-cluster-vap-alpha: $(KIND) 

kind-config-1-22.yaml

@@ -0,0 +1,29 @@
+# kind-config.yaml
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+- role: control-plane
+  kubeadmConfigPatches:
+  - |
+    kind: InitConfiguration
+    nodeRegistration:
+      kubeletExtraArgs:
+        node-labels: "ingress-ready=true"
+        authorization-mode: "AlwaysAllow"
+  - |
+    kind: ClusterConfiguration
+    apiVersion: kubeadm.k8s.io/v1beta2
+    apiServer:
+      extraArgs:
+        feature-gates: "WindowsHostProcessContainers=true"
+  extraMounts:
+  - hostPath: /var/run/docker.sock
+    containerPath: /var/run/docker.sock
+- role: worker
+  kubeadmConfigPatches:
+  - |
+    kind: JoinConfiguration
+    nodeRegistration:
+      kubeletExtraArgs:
+        node-labels: "ingress-ready=true"
+        authorization-mode: "AlwaysAllow"

pod-security/baseline/disallow-host-process/deployment.yaml

@@ -35,6 +35,9 @@ spec:
             cpu: "500m"
       - name: nginx3
         image: nginx:1.14.2
+        securityContext:
+          windowsOptions:
+            hostProcess: true
         resources:
           requests:
             memory: "64Mi"