From 92fd58e63a48cd9ee2c5d76517f56dd192f58754 Mon Sep 17 00:00:00 2001 From: Mike Bryant Date: Sat, 2 Dec 2023 14:14:30 +0000 Subject: [PATCH 1/3] fix: Use Deployment selector for create-default-pdb (#786) Signed-off-by: Mike Bryant --- other/b-d/create-default-pdb/artifacthub-pkg.yml | 6 +++--- other/b-d/create-default-pdb/create-default-pdb.yaml | 4 +--- other/b-d/create-default-pdb/pdb-generated.yaml | 1 - 3 files changed, 4 insertions(+), 7 deletions(-) diff --git a/other/b-d/create-default-pdb/artifacthub-pkg.yml b/other/b-d/create-default-pdb/artifacthub-pkg.yml index 9a20829d4..3b468f883 100644 --- a/other/b-d/create-default-pdb/artifacthub-pkg.yml +++ b/other/b-d/create-default-pdb/artifacthub-pkg.yml @@ -1,5 +1,5 @@ name: create-default-pdb -version: 1.0.0 +version: 1.0.1 displayName: Add Pod Disruption Budget createdAt: "2023-04-10T20:30:03.000Z" description: >- @@ -13,9 +13,9 @@ keywords: - Sample readme: | A PodDisruptionBudget limits the number of Pods of a replicated application that are down simultaneously from voluntary disruptions. For example, a quorum-based application would like to ensure that the number of replicas running is never brought below the number needed for a quorum. As an application owner, you can create a PodDisruptionBudget (PDB) for each application. This policy will create a PDB resource whenever a new Deployment is created. - + Refer to the documentation for more details on Kyverno annotations: https://artifacthub.io/docs/topics/annotations/kyverno/ annotations: kyverno/category: "Sample" kyverno/subject: "Deployment" -digest: 70923b5a8374896a7092cdda3effd04d66316bec4e41afc8c46a214806d1158d +digest: 907d2448433a9e51ebe3836557ab0328ebb928ddd1495e04a86097495d733de2 diff --git a/other/b-d/create-default-pdb/create-default-pdb.yaml b/other/b-d/create-default-pdb/create-default-pdb.yaml index a96c53eb5..5aafb91cf 100644 --- a/other/b-d/create-default-pdb/create-default-pdb.yaml +++ b/other/b-d/create-default-pdb/create-default-pdb.yaml @@ -30,6 +30,4 @@ spec: data: spec: minAvailable: 1 - selector: - matchLabels: - "{{request.object.metadata.labels}}" \ No newline at end of file + selector: "{{request.object.spec.selector}}" diff --git a/other/b-d/create-default-pdb/pdb-generated.yaml b/other/b-d/create-default-pdb/pdb-generated.yaml index 57f148b7e..65c64ee9d 100644 --- a/other/b-d/create-default-pdb/pdb-generated.yaml +++ b/other/b-d/create-default-pdb/pdb-generated.yaml @@ -8,4 +8,3 @@ spec: selector: matchLabels: app: busybox - foo: bar From dd1ce4d4152741bd01a6b5be75d6fba2cafc6dfa Mon Sep 17 00:00:00 2001 From: Paul O'Connor <465717+pauloconnor@users.noreply.github.com> Date: Sat, 2 Dec 2023 14:15:30 +0000 Subject: [PATCH 2/3] Fix: Correct karpenter do-not-evict description (#793) * Fix: Correct karpenter don't evict description Signed-off-by: Paul O'Connor <465717+pauloconnor@users.noreply.github.com> * Update artifacthub sha Signed-off-by: Paul O'Connor <465717+pauloconnor@users.noreply.github.com> --------- Signed-off-by: Paul O'Connor <465717+pauloconnor@users.noreply.github.com> --- .../add-karpenter-donot-evict.yaml | 4 ++-- karpenter/add-karpenter-donot-evict/artifacthub-pkg.yml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/karpenter/add-karpenter-donot-evict/add-karpenter-donot-evict.yaml b/karpenter/add-karpenter-donot-evict/add-karpenter-donot-evict.yaml index cced9b9a2..b2f75d1a9 100644 --- a/karpenter/add-karpenter-donot-evict/add-karpenter-donot-evict.yaml +++ b/karpenter/add-karpenter-donot-evict/add-karpenter-donot-evict.yaml @@ -14,7 +14,7 @@ metadata: If a Pod exists with the annotation `karpenter.sh/do-not-evict: true` on a Node, and a request is made to delete the Node, Karpenter will not drain any Pods from that Node or otherwise try to delete the Node. This is useful for Pods that should - run interrupted to completion. This policy mutates Jobs and CronJobs + run uninterrupted to completion. This policy mutates Jobs and CronJobs so that Pods spawned by them will contain the `karpenter.sh/do-not-evict: true` annotation. spec: rules: @@ -45,4 +45,4 @@ spec: template: metadata: annotations: - karpenter.sh/do-not-evict: "true" \ No newline at end of file + karpenter.sh/do-not-evict: "true" diff --git a/karpenter/add-karpenter-donot-evict/artifacthub-pkg.yml b/karpenter/add-karpenter-donot-evict/artifacthub-pkg.yml index 1ab10de2a..c3cb4da38 100644 --- a/karpenter/add-karpenter-donot-evict/artifacthub-pkg.yml +++ b/karpenter/add-karpenter-donot-evict/artifacthub-pkg.yml @@ -3,7 +3,7 @@ version: 1.0.0 displayName: Add Karpenter Do Not Evict createdAt: "2023-04-10T20:11:12.000Z" description: >- - If a Pod exists with the annotation `karpenter.sh/do-not-evict: true` on a Node, and a request is made to delete the Node, Karpenter will not drain any Pods from that Node or otherwise try to delete the Node. This is useful for Pods that should run interrupted to completion. This policy mutates Jobs and CronJobs so that Pods spawned by them will contain the `karpenter.sh/do-not-evict: true` annotation. + If a Pod exists with the annotation `karpenter.sh/do-not-evict: true` on a Node, and a request is made to delete the Node, Karpenter will not drain any Pods from that Node or otherwise try to delete the Node. This is useful for Pods that should run uninterrupted to completion. This policy mutates Jobs and CronJobs so that Pods spawned by them will contain the `karpenter.sh/do-not-evict: true` annotation. install: |- ```shell kubectl apply -f https://raw.githubusercontent.com/kyverno/policies/main/karpenter/add-karpenter-donot-evict/add-karpenter-donot-evict.yaml @@ -13,11 +13,11 @@ keywords: - Karpenter - EKS Best Practices readme: | - If a Pod exists with the annotation `karpenter.sh/do-not-evict: true` on a Node, and a request is made to delete the Node, Karpenter will not drain any Pods from that Node or otherwise try to delete the Node. This is useful for Pods that should run interrupted to completion. This policy mutates Jobs and CronJobs so that Pods spawned by them will contain the `karpenter.sh/do-not-evict: true` annotation. + If a Pod exists with the annotation `karpenter.sh/do-not-evict: true` on a Node, and a request is made to delete the Node, Karpenter will not drain any Pods from that Node or otherwise try to delete the Node. This is useful for Pods that should run uninterrupted to completion. This policy mutates Jobs and CronJobs so that Pods spawned by them will contain the `karpenter.sh/do-not-evict: true` annotation. Refer to the documentation for more details on Kyverno annotations: https://artifacthub.io/docs/topics/annotations/kyverno/ annotations: kyverno/category: "Karpenter, EKS Best Practices" kyverno/kubernetesVersion: "1.23" kyverno/subject: "Pod" -digest: 14e1fecc09c5d577e29540a58166cff7b0f81f63b5b48b0d6c7dd0afa137c851 +digest: cce9736174afeaba6059a9dc3b577f61a812637e199f0d0f5460caff78472402 From 4234f040429bfaa6d4f4b098858119a94f81ebb1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 2 Dec 2023 09:16:04 -0500 Subject: [PATCH 3/3] build(deps): Bump zgosalvez/github-actions-ensure-sha-pinned-actions (#803) Bumps [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions) from 2.1.5 to 3.0.1. - [Release notes](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases) - [Commits](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/compare/c481dd7047e38178bde090fef4902ea48cc89577...b35f285b9bb7e80de0967367cee66d3b6d50ceca) --- updated-dependencies: - dependency-name: zgosalvez/github-actions-ensure-sha-pinned-actions dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/check-actions.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check-actions.yaml b/.github/workflows/check-actions.yaml index 40102dfcf..8dddccdef 100644 --- a/.github/workflows/check-actions.yaml +++ b/.github/workflows/check-actions.yaml @@ -18,4 +18,4 @@ jobs: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Ensure SHA pinned actions - uses: zgosalvez/github-actions-ensure-sha-pinned-actions@c481dd7047e38178bde090fef4902ea48cc89577 # v2.1.5 + uses: zgosalvez/github-actions-ensure-sha-pinned-actions@b35f285b9bb7e80de0967367cee66d3b6d50ceca # v3.0.1