Merge pull request #131 from weaveworks/dev

release v2.1.0
weaveworks · Nov 14, 2022 · 0a3e3cd · 0a3e3cd
2 parents b4c76a2 + 5427def
commit 0a3e3cd
Show file tree

Hide file tree

Showing 5 changed files with 39 additions and 4 deletions.
diff --git a/helm/Chart.yaml b/helm/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: "2.0.0"
+appVersion: "2.1.0"
 description: A Helm chart for Kubernetes to configure the policy agent
 name: policy-agent
-version: 2.0.0
+version: 2.1.0
 maintainers:
   - name: Weaveworks
     email: support@weave.works
diff --git a/helm/README.md b/helm/README.md
@@ -0,0 +1,22 @@
+# Policy Agent Helm Release
+
+## Installation
+```bash
+helm repo add policy-agent https://weaveworks.github.io/policy-agent/
+```
+
+## Configuration
+
+List of available variables:
+
+
+| Key                   | Type          | Default                   | Description                                                                                               |
+|-----------------------|---------------|---------------------------|-----------------------------------------------------------------------------------------------------------|
+| `image`               | `string`      | `weaveworks/policy-agent` | docker image.                                                                                             |
+| `useCertManager`      | `boolean`     | `true`                    | use [cert-manager](https://cert-manager.io/) to manage agent's TLS certificate.                           |
+| `certificate`         | `string`      |                           | TLS certificate. Not needed if `useCertManager` is set to `true`.                                         |
+| `key`                 | `string`      |                           | TLS key. Not needed if `useCertManager` is set to `true`.                                                 |
+| `caCertificate`       | `string`      |                           | TLS CA Certificate . Not needed if `useCertManager` is set to `true`.                                     |
+| `failurePolicy`       | `string`      | `Fail`                    |  Whether to fail or ignore when the admission controller request fails. Available values `Fail`, `Ignore` |
+| `excludeNamespaces`   | `[]string`    |                           | List of namespaces to ignore by the admission controller.                                                 |
+| `config`              | `object`      |                           | Agent configuration. See agent's configuration [guide](../docs/README.md#configuration).                  |
diff --git a/helm/templates/agent.yaml b/helm/templates/agent.yaml
@@ -308,7 +308,13 @@ webhooks:
       matchExpressions:
       - key: kubernetes.io/metadata.name
         operator: NotIn
-        values: [{{ .Release.Namespace }}]
+        {{- if .Values.excludeNamespaces }}
+        values:
+          {{- toYaml .Values.excludeNamespaces | nindent 8 }}
+        {{- else }}
+        values:
+        - {{ .Release.Namespace }}
+        {{- end }}
 {{- end}}
   - name: policyconfigs.pac.weave.works
     admissionReviewVersions:

diff --git a/helm/values.yaml b/helm/values.yaml
@@ -8,6 +8,13 @@ certificate: ""
 key: ""
 caCertificate: ""
 
+# exclude namespaces by admission controller
+# If not set, The policy agent will exclude only it's namespace ({{.Release.Namespace}})
+excludeNamespaces:
+# - policy-system
+# - flux-system
+# - kube-system
+
 persistence:
   enabled: false
   # claimStorage: 1Gi

diff --git a/version.txt b/version.txt
@@ -1 +1 @@
-2.0.0
+2.1.0