diff --git a/README.md b/README.md index 64672d8..5921fde 100644 --- a/README.md +++ b/README.md @@ -69,17 +69,17 @@ helm install cert-manager jetstack/cert-manager --version '1.15.1' -n cert-manag > **Note**: Certain environments such as OpenShift or GKE require non-default configurations when installing the CNI plugin. For the most common setups, values files are provided in the [chart folder](/deploy/charts/airlock-microgateway-cni). ```bash # Standard setup - helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.3.4' + helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.3.5' kubectl -n kube-system rollout status daemonset -l app.kubernetes.io/instance=airlock-microgateway-cni ``` ```bash # GKE setup - helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.3.4' -f https://raw.githubusercontent.com/airlock/microgateway/4.3.4/deploy/charts/airlock-microgateway-cni/gke-values.yaml + helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.3.5' -f https://raw.githubusercontent.com/airlock/microgateway/4.3.5/deploy/charts/airlock-microgateway-cni/gke-values.yaml kubectl -n kube-system rollout status daemonset -l app.kubernetes.io/instance=airlock-microgateway-cni ``` ```bash # OpenShift setup - helm install airlock-microgateway-cni -n openshift-operators oci://quay.io/airlockcharts/microgateway-cni --version '4.3.4' -f https://raw.githubusercontent.com/airlock/microgateway/4.3.4/deploy/charts/airlock-microgateway-cni/openshift-values.yaml + helm install airlock-microgateway-cni -n openshift-operators oci://quay.io/airlockcharts/microgateway-cni --version '4.3.5' -f https://raw.githubusercontent.com/airlock/microgateway/4.3.5/deploy/charts/airlock-microgateway-cni/openshift-values.yaml kubectl -n openshift-operators rollout status daemonset -l app.kubernetes.io/instance=airlock-microgateway-cni ``` **Important:** On OpenShift, all pods which should be protected by Airlock Microgateway must explicitly reference the Airlock Microgateway CNI NetworkAttachmentDefinition via the annotation `k8s.v1.cni.cncf.io/networks` (see [documentation](https://docs.airlock.com/microgateway/latest/#data/1658483168033.html) for details). @@ -87,15 +87,15 @@ helm install cert-manager jetstack/cert-manager --version '1.15.1' -n cert-manag 2. (Recommended) You can verify the correctness of the installation with `helm test`. ```bash # Standard and GKE setup - helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.4' + helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.5' helm test airlock-microgateway-cni -n kube-system --logs - helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.4' + helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.5' ``` ```bash # OpenShift setup - helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.4' + helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.5' helm test airlock-microgateway-cni -n openshift-operators --logs - helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.4' + helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.5' ``` Consult our [documentation](https://docs.airlock.com/microgateway/latest/#data/1699611533587.html) in case of any installation error. @@ -113,14 +113,14 @@ helm install cert-manager jetstack/cert-manager --version '1.15.1' -n cert-manag kubectl -n airlock-microgateway-system create secret generic airlock-microgateway-license --from-file=microgateway-license.txt # Install Operator (CRDs are included via the standard Helm 3 mechanism, i.e. Helm will handle initial installation but not upgrades) - helm install airlock-microgateway -n airlock-microgateway-system oci://quay.io/airlockcharts/microgateway --version '4.3.4' --wait + helm install airlock-microgateway -n airlock-microgateway-system oci://quay.io/airlockcharts/microgateway --version '4.3.5' --wait ``` 2. (Recommended) You can verify the correctness of the installation with `helm test`. ```bash - helm upgrade airlock-microgateway -n airlock-microgateway-system --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway --version '4.3.4' + helm upgrade airlock-microgateway -n airlock-microgateway-system --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway --version '4.3.5' helm test airlock-microgateway -n airlock-microgateway-system --logs - helm upgrade airlock-microgateway -n airlock-microgateway-system --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway --version '4.3.4' + helm upgrade airlock-microgateway -n airlock-microgateway-system --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway --version '4.3.5' ``` ### Upgrading CRDs @@ -128,7 +128,7 @@ helm install cert-manager jetstack/cert-manager --version '1.15.1' -n cert-manag The `helm install/upgrade` command currently does not support upgrading CRDs that already exist in the cluster. CRDs should instead be manually upgraded before upgrading the Operator itself via the following command: ```bash -kubectl apply -k https://github.com/airlock/microgateway/deploy/charts/airlock-microgateway/crds/?ref=4.3.4 --server-side --force-conflicts +kubectl apply -k https://github.com/airlock/microgateway/deploy/charts/airlock-microgateway/crds/?ref=4.3.5 --server-side --force-conflicts ``` **Note**: Certain GitOps solutions such as e.g. Argo CD or Flux CD have their own mechanisms for automatically upgrading CRDs included with Helm charts. diff --git a/deploy/charts/airlock-microgateway-cni/Chart.yaml b/deploy/charts/airlock-microgateway-cni/Chart.yaml index 9158d1f..d7fe010 100644 --- a/deploy/charts/airlock-microgateway-cni/Chart.yaml +++ b/deploy/charts/airlock-microgateway-cni/Chart.yaml @@ -3,8 +3,8 @@ name: microgateway-cni description: A Helm chart for deploying the Airlock Microgateway CNI plugin type: application home: https://www.airlock.com/en/microgateway -version: "4.3.4" -appVersion: "4.3.4" +version: "4.3.5" +appVersion: "4.3.5" annotations: charts.openshift.io/name: Airlock Microgateway CNI artifacthub.io/category: security diff --git a/deploy/charts/airlock-microgateway-cni/README.md b/deploy/charts/airlock-microgateway-cni/README.md index 1559e00..adf7031 100644 --- a/deploy/charts/airlock-microgateway-cni/README.md +++ b/deploy/charts/airlock-microgateway-cni/README.md @@ -1,6 +1,6 @@ # Airlock Microgateway CNI -![Version: 4.3.4](https://img.shields.io/badge/Version-4.3.4-informational?style=flat-square) ![AppVersion: 4.3.4](https://img.shields.io/badge/AppVersion-4.3.4-informational?style=flat-square) +![Version: 4.3.5](https://img.shields.io/badge/Version-4.3.5-informational?style=flat-square) ![AppVersion: 4.3.5](https://img.shields.io/badge/AppVersion-4.3.5-informational?style=flat-square) *Airlock Microgateway is a Kubernetes native WAAP (Web Application and API Protection) solution to protect microservices.* @@ -13,7 +13,7 @@ Modern application security is embedded in the development workflow and follows DevSecOps paradigms. Airlock Microgateway is the perfect fit for these requirements. It is a lightweight alternative to the Airlock Gateway appliance, optimized for Kubernetes environments. Airlock Microgateway protects your applications and microservices with the tried-and-tested Airlock security features against attacks, while also providing a high degree of scalability. -__This Helm chart is part of Airlock Microgateway. See our [GitHub repo](https://github.com/airlock/microgateway/tree/4.3.4).__ +__This Helm chart is part of Airlock Microgateway. See our [GitHub repo](https://github.com/airlock/microgateway/tree/4.3.5).__ ### Features * Kubernetes native integration with its Operator, Custom Resource Definitions, hot-reload, automatic sidecar injection. @@ -47,17 +47,17 @@ The instructions below provide a quick start guide. Detailed information are pro > **Note**: Certain environments such as OpenShift or GKE require non-default configurations when installing the CNI plugin. For the most common setups, values files are provided in the [chart folder](/deploy/charts/airlock-microgateway-cni). ```bash # Standard setup - helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.3.4' + helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.3.5' kubectl -n kube-system rollout status daemonset -l app.kubernetes.io/instance=airlock-microgateway-cni ``` ```bash # GKE setup - helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.3.4' -f https://raw.githubusercontent.com/airlock/microgateway/4.3.4/deploy/charts/airlock-microgateway-cni/gke-values.yaml + helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.3.5' -f https://raw.githubusercontent.com/airlock/microgateway/4.3.5/deploy/charts/airlock-microgateway-cni/gke-values.yaml kubectl -n kube-system rollout status daemonset -l app.kubernetes.io/instance=airlock-microgateway-cni ``` ```bash # OpenShift setup - helm install airlock-microgateway-cni -n openshift-operators oci://quay.io/airlockcharts/microgateway-cni --version '4.3.4' -f https://raw.githubusercontent.com/airlock/microgateway/4.3.4/deploy/charts/airlock-microgateway-cni/openshift-values.yaml + helm install airlock-microgateway-cni -n openshift-operators oci://quay.io/airlockcharts/microgateway-cni --version '4.3.5' -f https://raw.githubusercontent.com/airlock/microgateway/4.3.5/deploy/charts/airlock-microgateway-cni/openshift-values.yaml kubectl -n openshift-operators rollout status daemonset -l app.kubernetes.io/instance=airlock-microgateway-cni ``` **Important:** On OpenShift, all pods which should be protected by Airlock Microgateway must explicitly reference the Airlock Microgateway CNI NetworkAttachmentDefinition via the annotation `k8s.v1.cni.cncf.io/networks` (see [documentation](https://docs.airlock.com/microgateway/latest/#data/1658483168033.html) for details). @@ -65,15 +65,15 @@ The instructions below provide a quick start guide. Detailed information are pro 2. (Recommended) You can verify the correctness of the installation with `helm test`. ```bash # Standard and GKE setup - helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.4' + helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.5' helm test airlock-microgateway-cni -n kube-system --logs - helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.4' + helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.5' ``` ```bash # OpenShift setup - helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.4' + helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.5' helm test airlock-microgateway-cni -n openshift-operators --logs - helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.4' + helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.5' ``` Consult our [documentation](https://docs.airlock.com/microgateway/latest/#data/1699611533587.html) in case of any installation error. @@ -98,10 +98,10 @@ For the community edition, check our **[Airlock community forum](https://forum.a | config.installMode | string | `"chained"` | Whether to install the CNI plugin as a `chained` plugin (default, required with most interface CNI providers), as a `standalone` plugin (required for use with Multus CNI, e.g. on OpenShift) or in `manual` mode, where no CNI network configuration is written. | | config.logLevel | string | `"info"` | Log level for the CNI installer and plugin. | | fullnameOverride | string | `""` | Allows overriding the name to use as full name of resources. | -| image.digest | string | `"sha256:1e01310b3ad8566e9b39ee539ed5c959049aadda1a18c1a534e96d8865e20172"` | SHA256 image digest to pull (in the format "sha256:7144f7bab3d4c2648d7e59409f15ec52a18006a128c733fcff20d3a4a54ba44a"). Overrides tag when specified. | +| image.digest | string | `"sha256:0a45ca228f67e21422f6e29832a2309fa143bf7ed8a479d91f124d11cf8ec9f4"` | SHA256 image digest to pull (in the format "sha256:7144f7bab3d4c2648d7e59409f15ec52a18006a128c733fcff20d3a4a54ba44a"). Overrides tag when specified. | | image.pullPolicy | string | `"IfNotPresent"` | Pull policy for this image. | | image.repository | string | `"quay.io/airlock/microgateway-cni"` | Image repository from which to pull the Airlock Microgateway CNI image. | -| image.tag | string | `"4.3.4"` | Image tag to pull. | +| image.tag | string | `"4.3.5"` | Image tag to pull. | | imagePullSecrets | list | `[]` | ImagePullSecrets to use when pulling images. | | multusNetworkAttachmentDefinition.create | bool | `false` | Whether a NetworkAttachmentDefinition CR should be created, which can be used for applying the CNI plugin to Pods. | | multusNetworkAttachmentDefinition.namespace | string | `"default"` | Namespace in which the NetworkAttachmentDefinition is deployed. Note: If namespace is set to a custom value, referencing the created NetworkAttachmentDefinition from other namespaces may not work if Multus namespace isolation is enabled. https://github.com/k8snetworkplumbingwg/multus-cni/blob/v4.0.2/docs/configuration.md#namespace-isolation | diff --git a/deploy/charts/airlock-microgateway-cni/values.yaml b/deploy/charts/airlock-microgateway-cni/values.yaml index 63ef360..5a7bbd9 100644 --- a/deploy/charts/airlock-microgateway-cni/values.yaml +++ b/deploy/charts/airlock-microgateway-cni/values.yaml @@ -15,10 +15,10 @@ image: # -- Image repository from which to pull the Airlock Microgateway CNI image. repository: "quay.io/airlock/microgateway-cni" # -- Image tag to pull. - tag: "4.3.4" + tag: "4.3.5" # -- SHA256 image digest to pull (in the format "sha256:7144f7bab3d4c2648d7e59409f15ec52a18006a128c733fcff20d3a4a54ba44a"). # Overrides tag when specified. - digest: "sha256:1e01310b3ad8566e9b39ee539ed5c959049aadda1a18c1a534e96d8865e20172" + digest: "sha256:0a45ca228f67e21422f6e29832a2309fa143bf7ed8a479d91f124d11cf8ec9f4" # -- Pull policy for this image. pullPolicy: IfNotPresent # -- Annotations to add to all Pods. diff --git a/deploy/charts/airlock-microgateway/Chart.yaml b/deploy/charts/airlock-microgateway/Chart.yaml index a558ffb..7b5df66 100644 --- a/deploy/charts/airlock-microgateway/Chart.yaml +++ b/deploy/charts/airlock-microgateway/Chart.yaml @@ -3,8 +3,8 @@ name: microgateway description: A Helm chart for deploying the Airlock Microgateway type: application home: https://www.airlock.com/en/microgateway -version: "4.3.4" -appVersion: "4.3.4" +version: "4.3.5" +appVersion: "4.3.5" annotations: charts.openshift.io/name: Airlock Microgateway artifacthub.io/category: security diff --git a/deploy/charts/airlock-microgateway/README.md b/deploy/charts/airlock-microgateway/README.md index 5028932..42a6269 100644 --- a/deploy/charts/airlock-microgateway/README.md +++ b/deploy/charts/airlock-microgateway/README.md @@ -1,6 +1,6 @@ # Airlock Microgateway -![Version: 4.3.4](https://img.shields.io/badge/Version-4.3.4-informational?style=flat-square) ![AppVersion: 4.3.4](https://img.shields.io/badge/AppVersion-4.3.4-informational?style=flat-square) +![Version: 4.3.5](https://img.shields.io/badge/Version-4.3.5-informational?style=flat-square) ![AppVersion: 4.3.5](https://img.shields.io/badge/AppVersion-4.3.5-informational?style=flat-square) *Airlock Microgateway is a Kubernetes native WAAP (Web Application and API Protection) solution to protect microservices.* @@ -13,7 +13,7 @@ Modern application security is embedded in the development workflow and follows DevSecOps paradigms. Airlock Microgateway is the perfect fit for these requirements. It is a lightweight alternative to the Airlock Gateway appliance, optimized for Kubernetes environments. Airlock Microgateway protects your applications and microservices with the tried-and-tested Airlock security features against attacks, while also providing a high degree of scalability. -__This Helm chart is part of Airlock Microgateway. See our [GitHub repo](https://github.com/airlock/microgateway/tree/4.3.4).__ +__This Helm chart is part of Airlock Microgateway. See our [GitHub repo](https://github.com/airlock/microgateway/tree/4.3.5).__ ### Features * Kubernetes native integration with its Operator, Custom Resource Definitions, hot-reload, automatic sidecar injection. @@ -73,14 +73,14 @@ helm install cert-manager jetstack/cert-manager --version '1.15.1' -n cert-manag kubectl -n airlock-microgateway-system create secret generic airlock-microgateway-license --from-file=microgateway-license.txt # Install Operator (CRDs are included via the standard Helm 3 mechanism, i.e. Helm will handle initial installation but not upgrades) - helm install airlock-microgateway -n airlock-microgateway-system oci://quay.io/airlockcharts/microgateway --version '4.3.4' --wait + helm install airlock-microgateway -n airlock-microgateway-system oci://quay.io/airlockcharts/microgateway --version '4.3.5' --wait ``` 2. (Recommended) You can verify the correctness of the installation with `helm test`. ```bash - helm upgrade airlock-microgateway -n airlock-microgateway-system --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway --version '4.3.4' + helm upgrade airlock-microgateway -n airlock-microgateway-system --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway --version '4.3.5' helm test airlock-microgateway -n airlock-microgateway-system --logs - helm upgrade airlock-microgateway -n airlock-microgateway-system --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway --version '4.3.4' + helm upgrade airlock-microgateway -n airlock-microgateway-system --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway --version '4.3.5' ``` ### Upgrading CRDs @@ -88,7 +88,7 @@ helm install cert-manager jetstack/cert-manager --version '1.15.1' -n cert-manag The `helm install/upgrade` command currently does not support upgrading CRDs that already exist in the cluster. CRDs should instead be manually upgraded before upgrading the Operator itself via the following command: ```bash -kubectl apply -k https://github.com/airlock/microgateway/deploy/charts/airlock-microgateway/crds/?ref=4.3.4 --server-side --force-conflicts +kubectl apply -k https://github.com/airlock/microgateway/deploy/charts/airlock-microgateway/crds/?ref=4.3.5 --server-side --force-conflicts ``` **Note**: Certain GitOps solutions such as e.g. Argo CD or Flux CD have their own mechanisms for automatically upgrading CRDs included with Helm charts. @@ -116,10 +116,10 @@ For the community edition, check our **[Airlock community forum](https://forum.a | dashboards.instances.blockMetrics.create | bool | `true` | Whether to create the block metrics dashboard. | | dashboards.instances.license.create | bool | `true` | Whether to create the license dashboard. | | dashboards.instances.overview.create | bool | `true` | Whether to create the overview dashboard. | -| engine.image.digest | string | `"sha256:91e05c509bed3b51ff4888d7475980d56cbc85db121aa766d1bde413204f9070"` | SHA256 image digest to pull (in the format "sha256:a3051f42d3013813b05f7513bb86ed6a3209cb3003f1bb2f7b72df249aa544d3"). Overrides tag when specified. | +| engine.image.digest | string | `"sha256:92adb33ee20e4e82d35ee10c49da95d967fef6fe9faa2abe01538ef02c3eb79f"` | SHA256 image digest to pull (in the format "sha256:a3051f42d3013813b05f7513bb86ed6a3209cb3003f1bb2f7b72df249aa544d3"). Overrides tag when specified. | | engine.image.pullPolicy | string | `"IfNotPresent"` | Pull policy for this image. | | engine.image.repository | string | `"quay.io/airlock/microgateway-engine"` | Image repository from which to pull the Airlock Microgateway Engine image. | -| engine.image.tag | string | `"4.3.4"` | Image tag to pull. | +| engine.image.tag | string | `"4.3.5"` | Image tag to pull. | | engine.resources | object | `{}` | Resource restrictions to apply to the Airlock Microgateway Engine container. | | engine.sidecar.podMonitor.create | bool | `false` | Whether to create a PodMonitor resource for monitoring. | | engine.sidecar.podMonitor.labels | object | `{}` | Labels to add to the PodMonitor. | @@ -127,16 +127,16 @@ For the community edition, check our **[Airlock community forum](https://forum.a | imagePullSecrets | list | `[]` | ImagePullSecrets to use when pulling images. | | license.secretName | string | `"airlock-microgateway-license"` | Name of the secret containing the "microgateway-license.txt" key. | | nameOverride | string | `""` | Allows overriding the name to use instead of "microgateway". | -| networkValidator.image.digest | string | `"sha256:7a73d4b82a2d4165bbc5efa55de4fee9d43f2b1c1edb3505cdc8afd1361bad9b"` | SHA256 image digest to pull (in the format "sha256:7a73d4b82a2d4165bbc5efa55de4fee9d43f2b1c1edb3505cdc8afd1361bad9b"). Overrides tag when specified. | +| networkValidator.image.digest | string | `"sha256:7ef657ce316ce9d86f90c1dc99702d1190877c6ac2e923e696dc82c30050a14c"` | SHA256 image digest to pull (in the format "sha256:7ef657ce316ce9d86f90c1dc99702d1190877c6ac2e923e696dc82c30050a14c"). Overrides tag when specified. | | networkValidator.image.pullPolicy | string | `"IfNotPresent"` | Pull policy for this image. | | networkValidator.image.repository | string | `"cgr.dev/chainguard/netcat"` | Image repository from which to pull the netcat image for the Airlock Microgateway Network Validator init-container. | | networkValidator.image.tag | string | `""` | Image tag to pull. | | operator.affinity | object | `{}` | Custom affinity to apply to the operator Deployment. Used to influence the scheduling. | | operator.config.logLevel | string | `"info"` | Operator application log level. | -| operator.image.digest | string | `"sha256:6819c78d5570de66edce6c13964c6e1b4cc4746d0c0bc6f4975cd38e324828c0"` | SHA256 image digest to pull (in the format "sha256:c79ee3f85862fb386e9dd62b901b607161d27807f512d7fbdece05e9ee3d7c63"). Overrides tag when specified. | +| operator.image.digest | string | `"sha256:4611c85c723d5aca11ac58d5e1871066a52b360a3ce9449caa837b116e44d61d"` | SHA256 image digest to pull (in the format "sha256:c79ee3f85862fb386e9dd62b901b607161d27807f512d7fbdece05e9ee3d7c63"). Overrides tag when specified. | | operator.image.pullPolicy | string | `"IfNotPresent"` | Pull policy for this image. | | operator.image.repository | string | `"quay.io/airlock/microgateway-operator"` | Image repository from which to pull the Airlock Microgateway Operator image. | -| operator.image.tag | string | `"4.3.4"` | Image tag to pull. | +| operator.image.tag | string | `"4.3.5"` | Image tag to pull. | | operator.nodeSelector | object | `{}` | Custom nodeSelector to apply to the operator Deployment in order to constrain its Pods to certain nodes. | | operator.podAnnotations | object | `{}` | Annotations to add to all Pods. | | operator.podLabels | object | `{}` | Labels to add to all Pods. | @@ -154,10 +154,10 @@ For the community edition, check our **[Airlock community forum](https://forum.a | operator.updateStrategy | object | `{"type":"RollingUpdate"}` | Specifies the operator update strategy. | | operator.watchNamespaceSelector | object | `{}` | Allows to dynamically select watch namespaces of the operator and the scope of the webhooks based on a Namespace label selector. It is able to detect and reconcile resources in all namespaces that match the label selector automatically, even for new namespaces, without restarting the operator. This facilitates a dynamic `MultiNamespace` installation mode, but still requires cluster-scoped permissions (i.e., ClusterRoles and ClusterRoleBindings). An `AllNamespaces` installation or the usage of the `watchNamespaces` requires the `watchNamespaceSelector` to be empty. Please note that this feature requires a Premium license. | | operator.watchNamespaces | list | `[]` | Allows to restrict the operator to specific namespaces, depending on your needs. For a `OwnNamespace` or `SingleNamespace` installation the list may only contain one namespace (e.g., `watchNamespaces: ["airlock-microgateway-system"]`). In case of the `OwnNamespace` installation mode the specified namespace should be equal to the installation namespace. For a static `MultiNamespace` installation, the complete list of namespaces must be provided in the `watchNamespaces`. An `AllNamespaces` installation or the usage of the `watchNamespaceSelector` requires the `watchNamespaces` to be empty. Regardless of the installation modes supported by `watchNamespaces`, RBAC is created only namespace-scoped (using Roles and RoleBindings) in the respective namespaces. Please note that this feature requires a Premium license. | -| sessionAgent.image.digest | string | `"sha256:df4e50d0929cb4c5e4486452979b59ec17f5e49a1516b685acd3a1ab0ddb3cf4"` | SHA256 image digest to pull (in the format "sha256:a3051f42d3013813b05f7513bb86ed6a3209cb3003f1bb2f7b72df249aa544d3"). Overrides tag when specified. | +| sessionAgent.image.digest | string | `"sha256:6f5fb03b83c0c6d4fa0e423401bccbc59d941e4303906e72c6a3485b23a02f43"` | SHA256 image digest to pull (in the format "sha256:a3051f42d3013813b05f7513bb86ed6a3209cb3003f1bb2f7b72df249aa544d3"). Overrides tag when specified. | | sessionAgent.image.pullPolicy | string | `"IfNotPresent"` | Pull policy for this image. | | sessionAgent.image.repository | string | `"quay.io/airlock/microgateway-session-agent"` | Image repository from which to pull the Airlock Microgateway Session Agent image. | -| sessionAgent.image.tag | string | `"4.3.4"` | Image tag to pull. | +| sessionAgent.image.tag | string | `"4.3.5"` | Image tag to pull. | | sessionAgent.resources | object | `{}` | Resource restrictions to apply to the Airlock Microgateway Session Agent container. | | tests.enabled | bool | `false` | Whether additional resources required for running `helm test` should be created (e.g. Roles and ServiceAccounts). If set to false, `helm test` will not run any tests. | diff --git a/deploy/charts/airlock-microgateway/crds/accesscontrols.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/accesscontrols.microgateway.airlock.com.yaml index 9dc81f1..5c49cea 100644 --- a/deploy/charts/airlock-microgateway/crds/accesscontrols.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/accesscontrols.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.4 + app.kubernetes.io/version: 4.3.5 name: accesscontrols.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/contentsecurities.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/contentsecurities.microgateway.airlock.com.yaml index e63a5b1..47bce6e 100644 --- a/deploy/charts/airlock-microgateway/crds/contentsecurities.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/contentsecurities.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.4 + app.kubernetes.io/version: 4.3.5 name: contentsecurities.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/denyrules.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/denyrules.microgateway.airlock.com.yaml index 7108ee5..8593ef5 100644 --- a/deploy/charts/airlock-microgateway/crds/denyrules.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/denyrules.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.4 + app.kubernetes.io/version: 4.3.5 name: denyrules.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/envoyclusters.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/envoyclusters.microgateway.airlock.com.yaml index 35dda9f..435957e 100644 --- a/deploy/charts/airlock-microgateway/crds/envoyclusters.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/envoyclusters.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.4 + app.kubernetes.io/version: 4.3.5 name: envoyclusters.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/envoyconfigurations.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/envoyconfigurations.microgateway.airlock.com.yaml index c4f61f2..e1fc4c6 100644 --- a/deploy/charts/airlock-microgateway/crds/envoyconfigurations.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/envoyconfigurations.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.4 + app.kubernetes.io/version: 4.3.5 name: envoyconfigurations.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/envoyhttpfilters.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/envoyhttpfilters.microgateway.airlock.com.yaml index 538ff67..f4ea254 100644 --- a/deploy/charts/airlock-microgateway/crds/envoyhttpfilters.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/envoyhttpfilters.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.4 + app.kubernetes.io/version: 4.3.5 name: envoyhttpfilters.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/graphqls.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/graphqls.microgateway.airlock.com.yaml index 165abe0..5ce2565 100644 --- a/deploy/charts/airlock-microgateway/crds/graphqls.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/graphqls.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.4 + app.kubernetes.io/version: 4.3.5 name: graphqls.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/headerrewrites.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/headerrewrites.microgateway.airlock.com.yaml index 72a1067..fca6461 100644 --- a/deploy/charts/airlock-microgateway/crds/headerrewrites.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/headerrewrites.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.4 + app.kubernetes.io/version: 4.3.5 name: headerrewrites.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/identitypropagations.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/identitypropagations.microgateway.airlock.com.yaml index 661e932..cc4905c 100644 --- a/deploy/charts/airlock-microgateway/crds/identitypropagations.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/identitypropagations.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.4 + app.kubernetes.io/version: 4.3.5 name: identitypropagations.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/limits.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/limits.microgateway.airlock.com.yaml index a75813d..eede704 100644 --- a/deploy/charts/airlock-microgateway/crds/limits.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/limits.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.4 + app.kubernetes.io/version: 4.3.5 name: limits.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/oidcproviders.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/oidcproviders.microgateway.airlock.com.yaml index 030bd15..bb7aa43 100644 --- a/deploy/charts/airlock-microgateway/crds/oidcproviders.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/oidcproviders.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.4 + app.kubernetes.io/version: 4.3.5 name: oidcproviders.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/oidcrelyingparties.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/oidcrelyingparties.microgateway.airlock.com.yaml index 7398b26..9ec1f40 100644 --- a/deploy/charts/airlock-microgateway/crds/oidcrelyingparties.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/oidcrelyingparties.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.4 + app.kubernetes.io/version: 4.3.5 name: oidcrelyingparties.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/openapis.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/openapis.microgateway.airlock.com.yaml index b05f43e..e807973 100644 --- a/deploy/charts/airlock-microgateway/crds/openapis.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/openapis.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.4 + app.kubernetes.io/version: 4.3.5 name: openapis.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/parsers.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/parsers.microgateway.airlock.com.yaml index 15171f2..ee52bf5 100644 --- a/deploy/charts/airlock-microgateway/crds/parsers.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/parsers.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.4 + app.kubernetes.io/version: 4.3.5 name: parsers.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/redisproviders.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/redisproviders.microgateway.airlock.com.yaml index 9acdf4d..c003e63 100644 --- a/deploy/charts/airlock-microgateway/crds/redisproviders.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/redisproviders.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.4 + app.kubernetes.io/version: 4.3.5 name: redisproviders.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/sessionhandlings.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/sessionhandlings.microgateway.airlock.com.yaml index bb4c0f9..a94fdc8 100644 --- a/deploy/charts/airlock-microgateway/crds/sessionhandlings.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/sessionhandlings.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.4 + app.kubernetes.io/version: 4.3.5 name: sessionhandlings.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/sidecargateways.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/sidecargateways.microgateway.airlock.com.yaml index 6847f73..92aed6f 100644 --- a/deploy/charts/airlock-microgateway/crds/sidecargateways.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/sidecargateways.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.4 + app.kubernetes.io/version: 4.3.5 name: sidecargateways.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/telemetries.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/telemetries.microgateway.airlock.com.yaml index d1a8897..34fc031 100644 --- a/deploy/charts/airlock-microgateway/crds/telemetries.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/telemetries.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.3.4 + app.kubernetes.io/version: 4.3.5 name: telemetries.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/values.yaml b/deploy/charts/airlock-microgateway/values.yaml index af720d5..f879fa1 100644 --- a/deploy/charts/airlock-microgateway/values.yaml +++ b/deploy/charts/airlock-microgateway/values.yaml @@ -26,10 +26,10 @@ operator: # -- Image repository from which to pull the Airlock Microgateway Operator image. repository: "quay.io/airlock/microgateway-operator" # -- Image tag to pull. - tag: "4.3.4" + tag: "4.3.5" # -- SHA256 image digest to pull (in the format "sha256:c79ee3f85862fb386e9dd62b901b607161d27807f512d7fbdece05e9ee3d7c63"). # Overrides tag when specified. - digest: "sha256:6819c78d5570de66edce6c13964c6e1b4cc4746d0c0bc6f4975cd38e324828c0" + digest: "sha256:4611c85c723d5aca11ac58d5e1871066a52b360a3ce9449caa837b116e44d61d" # -- Pull policy for this image. pullPolicy: IfNotPresent # -- Annotations to add to all Pods. @@ -109,10 +109,10 @@ engine: # -- Image repository from which to pull the Airlock Microgateway Engine image. repository: "quay.io/airlock/microgateway-engine" # -- Image tag to pull. - tag: "4.3.4" + tag: "4.3.5" # -- SHA256 image digest to pull (in the format "sha256:a3051f42d3013813b05f7513bb86ed6a3209cb3003f1bb2f7b72df249aa544d3"). # Overrides tag when specified. - digest: "sha256:91e05c509bed3b51ff4888d7475980d56cbc85db121aa766d1bde413204f9070" + digest: "sha256:92adb33ee20e4e82d35ee10c49da95d967fef6fe9faa2abe01538ef02c3eb79f" # -- Pull policy for this image. pullPolicy: IfNotPresent # -- Resource restrictions to apply to the Airlock Microgateway Engine container. @@ -141,9 +141,9 @@ networkValidator: repository: "cgr.dev/chainguard/netcat" # -- Image tag to pull. tag: "" - # -- SHA256 image digest to pull (in the format "sha256:7a73d4b82a2d4165bbc5efa55de4fee9d43f2b1c1edb3505cdc8afd1361bad9b"). + # -- SHA256 image digest to pull (in the format "sha256:7ef657ce316ce9d86f90c1dc99702d1190877c6ac2e923e696dc82c30050a14c"). # Overrides tag when specified. - digest: "sha256:7a73d4b82a2d4165bbc5efa55de4fee9d43f2b1c1edb3505cdc8afd1361bad9b" + digest: "sha256:7ef657ce316ce9d86f90c1dc99702d1190877c6ac2e923e696dc82c30050a14c" # -- Pull policy for this image. pullPolicy: IfNotPresent sessionAgent: @@ -152,10 +152,10 @@ sessionAgent: # -- Image repository from which to pull the Airlock Microgateway Session Agent image. repository: "quay.io/airlock/microgateway-session-agent" # -- Image tag to pull. - tag: "4.3.4" + tag: "4.3.5" # -- SHA256 image digest to pull (in the format "sha256:a3051f42d3013813b05f7513bb86ed6a3209cb3003f1bb2f7b72df249aa544d3"). # Overrides tag when specified. - digest: "sha256:df4e50d0929cb4c5e4486452979b59ec17f5e49a1516b685acd3a1ab0ddb3cf4" + digest: "sha256:6f5fb03b83c0c6d4fa0e423401bccbc59d941e4303906e72c6a3485b23a02f43" # -- Pull policy for this image. pullPolicy: IfNotPresent # -- Resource restrictions to apply to the Airlock Microgateway Session Agent container.