gitea-bot
7061dbd5e4
This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow. ### Details - **Trigger**: `pull_request` by `@alexlebens` - **Commit**: `2280df1` (on `2280df1e16abf2c300e4d2782ce0b44463337e86`) - **Charts Updated**: `rybbit` ### Update Details (2026-03-24 15:27 UTC) - **Trigger**: `pull_request` by `@alexlebens` - **Commit**: `3d24db8` (on `3d24db859a4c3a0fccdbbb98f78ca11acec2b0fb`) - **Charts Updated**: `traefik` ### Update Details (2026-03-24 15:28 UTC) - **Trigger**: `pull_request` by `@alexlebens` - **Commit**: `e0f4b4b` (on `e0f4b4b62976e07ecc4778bf872c6efeab1247ba`) - **Charts Updated**: `unpoller` Reviewed-on: #5043 Co-authored-by: gitea-bot <gitea-bot@alexlebens.net> Co-committed-by: gitea-bot <gitea-bot@alexlebens.net>
32 lines
2.0 KiB
YAML
32 lines
2.0 KiB
YAML
apiVersion: admissionregistration.k8s.io/v1
|
|
kind: ValidatingAdmissionPolicy
|
|
metadata:
|
|
annotations:
|
|
app.kubernetes.io/managed-by: Helm
|
|
gateway.networking.k8s.io/bundle-version: v1.5.0-dev
|
|
gateway.networking.k8s.io/channel: standard
|
|
helm.sh/resource-policy: keep
|
|
labels:
|
|
app.kubernetes.io/managed-by: Helm
|
|
name: safe-upgrades.gateway.networking.k8s.io
|
|
spec:
|
|
failurePolicy: Fail
|
|
matchConstraints:
|
|
resourceRules:
|
|
- apiGroups:
|
|
- apiextensions.k8s.io
|
|
apiVersions:
|
|
- v1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
resources:
|
|
- '*'
|
|
validations:
|
|
- expression: object.spec.group != 'gateway.networking.k8s.io' || oldObject == null || ( has(object.metadata.annotations) && object.metadata.annotations.exists(k, k == 'gateway.networking.k8s.io/channel') && object.metadata.annotations['gateway.networking.k8s.io/channel'] == 'standard' ) || ( oldObject != null && has(oldObject.metadata.annotations) && oldObject.metadata.annotations.exists(k, k == 'gateway.networking.k8s.io/channel') && oldObject.metadata.annotations['gateway.networking.k8s.io/channel'] == 'experimental' )
|
|
message: Installing experimental CRDs on top of standard channel CRDs is prohibited by default. Uninstall ValidatingAdmissionPolicy safe-upgrades.gateway.networking.k8s.io to install experimental CRDs on top of standard channel CRDs.
|
|
reason: Invalid
|
|
- expression: object.spec.group != 'gateway.networking.k8s.io' || (has(object.metadata.annotations) && object.metadata.annotations.exists(k, k == 'gateway.networking.k8s.io/bundle-version') && !matches(object.metadata.annotations['gateway.networking.k8s.io/bundle-version'], 'v1.[0-4].\\d+') && !matches(object.metadata.annotations['gateway.networking.k8s.io/bundle-version'], 'v0'))
|
|
message: Installing CRDs with version before v1.5.0 is prohibited by default. Uninstall ValidatingAdmissionPolicy safe-upgrades.gateway.networking.k8s.io to install older versions.
|
|
reason: Invalid
|