Upversion helm charts to v0.13.1

This commit upversions the portieris helm charts to 0.13.1,
which is the newest version at the time. This commit also aligns
our patches to the new helm charts.
- the issues addessed by patch 0001 has been merged upstream, so
  the patch was removed
- tolerations and image pull secrets are handled by helm overrides
  so the patches were removed
- some patches on code that have been removed upstream were removed

The behavior for portieris changed a bit since our old version.
In the old version, the default behavior is to allow all deployments.
Namespaces with an imagepolicy will follow that imagepolicy.
In the new version(0.13.1), the default behavior is to deny all
deployments. This commit adds a permissive cluster image policy
to allow all deployments, keeping it in line with the old behavior
and preventing any interference with things like kube-system and
our other applications.

Test Cases:

PASS: Build new ISO and ensure the new application tarball uses the
      new v0.13.1 helm charts
PASS: Apply portieris and ensure it uses the new v0.13.1 image
PASS: Apply an imagepolicy. Ensure a signed image can be deployed
      in a pod and an unsigned image cannot be deployed in a pod
PASS: remove and reapply application

Story: 2010394
Task: 47071
Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
Change-Id: Ica6efa081a7b2c1e1358add609b274d6b121bb12

centos_tarball-dl.lst

@@ -1 +1 @@
-portieris-0.7.0.tgz#portieris#https://github.com/IBM/portieris/archive/0.7.0.tar.gz#http##
+portieris-0.13.1.tgz#portieris#https://github.com/IBM/portieris/archive/refs/tags/v0.13.1.tar.gz#http##

portieris-helm/debian/deb_folder/patches/0001-Add-permissive-cluster-policy-by-default.patch

@@ -0,0 +1,37 @@
+From 0eff41601723e51d975af4e4663dc788bb067f0a Mon Sep 17 00:00:00 2001
+From: Jerry Sun <jerry.sun@windriver.com>
+Date: Mon, 16 Jan 2023 11:35:58 -0500
+Subject: [PATCH 1/1] Add permissive cluster policy by default
+
+The default permissive policy is only added if the policy set is
+set to IKS. In the non IKS case, no default cluster image policy
+is created. This means all pod deployment is denied in all
+namespaces that don't have any imagepolicies. This patch applies
+the default permissive cluster image policy to not interfere with
+platform functionality when Portieris is applied.
+
+Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
+---
+ helm/portieris/templates/policies.yaml | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/helm/portieris/templates/policies.yaml b/helm/portieris/templates/policies.yaml
+index 6e67ffc..ed8c84f 100644
+--- a/helm/portieris/templates/policies.yaml
++++ b/helm/portieris/templates/policies.yaml
+@@ -65,7 +65,6 @@ spec:
+ ---
+ {{ end }}
+ 
+-{{- if (eq .Values.PolicySet "IKS") }}
+ apiVersion: portieris.cloud.ibm.com/v1
+ kind: ClusterImagePolicy
+ metadata:
+@@ -77,4 +76,3 @@ spec:
+    repositories:
+    {{- .Values.clusterPolicy.allowedRepositories | toYaml | nindent 4 }}
+ ---
+-{{ end }}
+-- 
+2.34.1
+

portieris-helm/debian/deb_folder/patches/0002-add-image-pull-secrets-to-images.patch

@@ -1,28 +0,0 @@
-From 77a11903c2486d07cd3b078f99476b3a855fdce0 Mon Sep 17 00:00:00 2001
-From: Michel Thebeau <Michel.Thebeau@windriver.com>
-Date: Mon, 18 Jan 2021 17:02:39 -0500
-Subject: [PATCH] add image pull secrets to images
-
-Signed-off-by: Michel Thebeau <Michel.Thebeau@windriver.com>
----
- helm/portieris/templates/deployment.yaml | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/helm/portieris/templates/deployment.yaml b/helm/portieris/templates/deployment.yaml
-index b72c599..d8f3590 100644
---- a/helm/portieris/templates/deployment.yaml
-+++ b/helm/portieris/templates/deployment.yaml
-@@ -21,6 +21,10 @@ spec:
-         release: {{ .Release.Name }}
-     spec:
-       serviceAccountName: portieris
-+      {{ if .Values.image.host }}
-+      imagePullSecrets:
-+      - name: default-registry-key
-+      {{ end }}
-       containers:
-         - name: {{ .Chart.Name }}
-           image: "{{ .Values.image.host | default "docker.io/ibmcom"  }}/{{ .Values.image.image }}:{{ .Values.image.tag }}"
--- 
-2.29.2
-

portieris-helm/debian/deb_folder/patches/0003-add-toggle-to-reinstall-the-admission-webhook.patch

@@ -1,51 +0,0 @@
-From b5defc7482fa8a0b1ad7c96a1ad8d8b578fb7d2c Mon Sep 17 00:00:00 2001
-From: Michel Thebeau <Michel.Thebeau@windriver.com>
-Date: Wed, 1 Sep 2021 10:34:54 -0400
-Subject: [PATCH 3/4] add toggle to reinstall the admission webhook
-
-The backup and restore procedure will set ReapplyAdmissionWebhook to
-true to force an "upgrade" of an already installed Portieris
-application.  The webhooks job is run on the helm chart's post-upgrade
-hook.  The chart value ReapplyAdmissionWebhook is reserved to simplify
-its handling by backup and restore.
-
-Signed-off-by: Michel Thebeau <Michel.Thebeau@windriver.com>
----
- .../admission-webhooks/create-admission-webhooks.yaml         | 4 ++++
- helm/portieris/values.yaml                                    | 4 ++++
- 2 files changed, 8 insertions(+)
-
-diff --git a/helm/portieris/templates/admission-webhooks/create-admission-webhooks.yaml b/helm/portieris/templates/admission-webhooks/create-admission-webhooks.yaml
-index 04bb56a..7773413 100644
---- a/helm/portieris/templates/admission-webhooks/create-admission-webhooks.yaml
-+++ b/helm/portieris/templates/admission-webhooks/create-admission-webhooks.yaml
-@@ -4,7 +4,11 @@ metadata:
-   name: create-admission-webhooks
-   namespace: {{ .Values.namespace }}
-   annotations:
-+    {{ if .Values.ReapplyAdmissionWebhook }}
-+    helm.sh/hook: post-install,post-upgrade
-+    {{ else }}
-     helm.sh/hook: post-install
-+    {{ end }}
-     helm.sh/hook-weight: "5"
-     helm.sh/hook-delete-policy: hook-succeeded
-   labels:
-diff --git a/helm/portieris/values.yaml b/helm/portieris/values.yaml
-index 8b1a13e..d73d6f2 100644
---- a/helm/portieris/values.yaml
-+++ b/helm/portieris/values.yaml
-@@ -29,6 +29,10 @@ SkipSecretCreation: false
- # If using cert-manager to handle secrets
- UseCertManager: false
- 
-+# Set to force helm upgrade, rerun the create-admission-webhooks job
-+# This value is reserved for the StarlingX backup and restore procedure
-+ReapplyAdmissionWebhook: false
-+
- # Resoures defined to assist scheduling
- # request is typical x10, limit is typical x100
- resources:
--- 
-2.29.2
-

portieris-helm/debian/deb_folder/patches/0004-run-admission-webhooks-as-non-root.patch

@@ -1,105 +0,0 @@
-From 8a6d884de01c2ce8ad9f68284b69a0ae2e5dea2a Mon Sep 17 00:00:00 2001
-From: Michel Thebeau <Michel.Thebeau@windriver.com>
-Date: Wed, 1 Sep 2021 18:54:44 -0400
-Subject: [PATCH 4/4] run admission webhooks as non-root
-
-With pod security policies enabled the webhooks will not run as root,
-with "Error: container has runAsNonRoot and image will run as root".
-
-Copy the securityContext from portieris chart, run as 'portieris'
-service account.
-
-Fix subsequent jobs that fail with the absent securityContext,
-permissions.  Add patch verb to customresourcedefinitions for portieris
-service add account.
-
-Signed-off-by: Michel Thebeau <Michel.Thebeau@windriver.com>
----
- .../admission-webhooks/create-admission-webhooks.yaml         | 3 +++
- .../admission-webhooks/delete-admission-webhooks.yaml         | 3 +++
- helm/portieris/templates/clusterrole.yaml                     | 4 ++--
- helm/portieris/templates/crd-creation/create-crds.yaml        | 4 +++-
- helm/portieris/templates/crd-creation/delete-crds.yaml        | 4 +++-
- .../templates/crd-creation/validate-crd-creation.yaml         | 4 +++-
- 6 files changed, 17 insertions(+), 5 deletions(-)
-
-diff --git a/helm/portieris/templates/admission-webhooks/create-admission-webhooks.yaml b/helm/portieris/templates/admission-webhooks/create-admission-webhooks.yaml
-index 7773413..cbe0eb7 100644
---- a/helm/portieris/templates/admission-webhooks/create-admission-webhooks.yaml
-+++ b/helm/portieris/templates/admission-webhooks/create-admission-webhooks.yaml
-@@ -44,3 +44,6 @@ spec:
-           configMap:
-             name: admission-webhooks
-       restartPolicy: OnFailure
-+      securityContext:
-+        runAsUser: {{ .Values.securityContext.runAsUser }}
-+
-diff --git a/helm/portieris/templates/admission-webhooks/delete-admission-webhooks.yaml b/helm/portieris/templates/admission-webhooks/delete-admission-webhooks.yaml
-index ce34927..dd8c259 100644
---- a/helm/portieris/templates/admission-webhooks/delete-admission-webhooks.yaml
-+++ b/helm/portieris/templates/admission-webhooks/delete-admission-webhooks.yaml
-@@ -40,3 +40,6 @@ spec:
-           configMap:
-             name: admission-webhooks
-       restartPolicy: OnFailure
-+      securityContext:
-+        runAsUser: {{ .Values.securityContext.runAsUser }}
-+
-diff --git a/helm/portieris/templates/clusterrole.yaml b/helm/portieris/templates/clusterrole.yaml
-index 67c5912..13b4cb4 100644
---- a/helm/portieris/templates/clusterrole.yaml
-+++ b/helm/portieris/templates/clusterrole.yaml
-@@ -16,10 +16,10 @@ rules:
-   verbs: ["get", "watch", "list", "create", "patch"]
- - apiGroups: ["apiextensions.k8s.io"]
-   resources: ["customresourcedefinitions"]
--  verbs: ["get", "create", "delete"]
-+  verbs: ["get", "create", "delete", "patch"]
- - apiGroups: ["admissionregistration.k8s.io"]
-   resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"]
--  verbs: ["get", "create", "delete"]
-+  verbs: ["get", "create", "delete", "patch"]
- - apiGroups: [""]
-   resources: ["secrets", "serviceaccounts"]
-   verbs: ["get"]
-diff --git a/helm/portieris/templates/crd-creation/create-crds.yaml b/helm/portieris/templates/crd-creation/create-crds.yaml
-index 3ac36f6..13b0ca2 100644
---- a/helm/portieris/templates/crd-creation/create-crds.yaml
-+++ b/helm/portieris/templates/crd-creation/create-crds.yaml
-@@ -39,4 +39,6 @@ spec:
-           configMap:
-             name: image-policy-crds
-       restartPolicy: OnFailure
--      
-\ No newline at end of file
-+      securityContext:
-+        runAsUser: {{ .Values.securityContext.runAsUser }}
-+
-diff --git a/helm/portieris/templates/crd-creation/delete-crds.yaml b/helm/portieris/templates/crd-creation/delete-crds.yaml
-index 9080511..783fe23 100644
---- a/helm/portieris/templates/crd-creation/delete-crds.yaml
-+++ b/helm/portieris/templates/crd-creation/delete-crds.yaml
-@@ -40,4 +40,6 @@ spec:
-           configMap:
-             name: image-policy-crds
-       restartPolicy: OnFailure
--      
-+      securityContext:
-+        runAsUser: {{ .Values.securityContext.runAsUser }}
-+
-diff --git a/helm/portieris/templates/crd-creation/validate-crd-creation.yaml b/helm/portieris/templates/crd-creation/validate-crd-creation.yaml
-index 5c68466..d3075da 100644
---- a/helm/portieris/templates/crd-creation/validate-crd-creation.yaml
-+++ b/helm/portieris/templates/crd-creation/validate-crd-creation.yaml
-@@ -33,4 +33,6 @@ spec:
-             - imagepolicies.securityenforcement.admission.cloud.ibm.com
-             - clusterimagepolicies.securityenforcement.admission.cloud.ibm.com
-       restartPolicy: OnFailure
--      
-\ No newline at end of file
-+      securityContext:
-+        runAsUser: {{ .Values.securityContext.runAsUser }}
-+
--- 
-2.29.2
-

portieris-helm/debian/deb_folder/patches/0005-add-toleration.patch

@@ -1,130 +0,0 @@
-From ed939af4c374f834f6e15e2f6c3d5cbff53c90ec Mon Sep 17 00:00:00 2001
-From: Rafael Camargos <RafaelLucas.Camargos@windriver.com>
-Date: Tue, 28 Sep 2021 11:05:29 -0400
-Subject: [PATCH] Add toleration to deployment and jobs
-
----
- .../admission-webhooks/create-admission-webhooks.yaml       | 4 ++++
- .../admission-webhooks/delete-admission-webhooks.yaml       | 4 ++++
- helm/portieris/templates/crd-creation/create-crds.yaml      | 4 ++++
- helm/portieris/templates/crd-creation/delete-crds.yaml      | 4 ++++
- .../templates/crd-creation/validate-crd-creation.yaml       | 4 ++++
- .../templates/default/create-default-policies.yaml          | 6 +++++-
- helm/portieris/templates/deployment.yaml                    | 4 ++++
- 7 files changed, 29 insertions(+), 1 deletion(-)
-
-diff --git a/helm/portieris/templates/admission-webhooks/create-admission-webhooks.yaml b/helm/portieris/templates/admission-webhooks/create-admission-webhooks.yaml
-index cbe0eb7..fe3e5c2 100644
---- a/helm/portieris/templates/admission-webhooks/create-admission-webhooks.yaml
-+++ b/helm/portieris/templates/admission-webhooks/create-admission-webhooks.yaml
-@@ -27,6 +27,10 @@ spec:
-         heritage: {{ .Release.Service }}
-     spec:
-       serviceAccountName: portieris
-+      tolerations:
-+        - key: "node-role.kubernetes.io/master"
-+          operator: "Exists"
-+          effect: "NoSchedule"
-       containers:
-         - name: hyperkube
-           image: "{{ .Values.hyperkube.repository }}:{{ .Values.hyperkube.tag }}"
-diff --git a/helm/portieris/templates/admission-webhooks/delete-admission-webhooks.yaml b/helm/portieris/templates/admission-webhooks/delete-admission-webhooks.yaml
-index dd8c259..e8edc3d 100644
---- a/helm/portieris/templates/admission-webhooks/delete-admission-webhooks.yaml
-+++ b/helm/portieris/templates/admission-webhooks/delete-admission-webhooks.yaml
-@@ -23,6 +23,10 @@ spec:
-         heritage: {{ .Release.Service }}
-     spec:
-       serviceAccountName: portieris
-+      tolerations:
-+        - key: "node-role.kubernetes.io/master"
-+          operator: "Exists"
-+          effect: "NoSchedule"
-       containers:
-         - name: hyperkube
-           image: "{{ .Values.hyperkube.repository }}:{{ .Values.hyperkube.tag }}"
-diff --git a/helm/portieris/templates/crd-creation/create-crds.yaml b/helm/portieris/templates/crd-creation/create-crds.yaml
-index 13b0ca2..2033ee6 100644
---- a/helm/portieris/templates/crd-creation/create-crds.yaml
-+++ b/helm/portieris/templates/crd-creation/create-crds.yaml
-@@ -23,6 +23,10 @@ spec:
-         heritage: {{ .Release.Service }}
-     spec:
-       serviceAccountName: portieris
-+      tolerations:
-+        - key: "node-role.kubernetes.io/master"
-+          operator: "Exists"
-+          effect: "NoSchedule"
-       containers:
-         - name: hyperkube
-           image: "{{ .Values.hyperkube.repository }}:{{ .Values.hyperkube.tag }}"
-diff --git a/helm/portieris/templates/crd-creation/delete-crds.yaml b/helm/portieris/templates/crd-creation/delete-crds.yaml
-index 783fe23..894598a 100644
---- a/helm/portieris/templates/crd-creation/delete-crds.yaml
-+++ b/helm/portieris/templates/crd-creation/delete-crds.yaml
-@@ -23,6 +23,10 @@ spec:
-         heritage: {{ .Release.Service }}
-     spec:
-       serviceAccountName: portieris
-+      tolerations:
-+        - key: "node-role.kubernetes.io/master"
-+          operator: "Exists"
-+          effect: "NoSchedule"
-       containers:
-         - name: hyperkube
-           image: "{{ .Values.hyperkube.repository }}:{{ .Values.hyperkube.tag }}"
-diff --git a/helm/portieris/templates/crd-creation/validate-crd-creation.yaml b/helm/portieris/templates/crd-creation/validate-crd-creation.yaml
-index d3075da..58e501e 100644
---- a/helm/portieris/templates/crd-creation/validate-crd-creation.yaml
-+++ b/helm/portieris/templates/crd-creation/validate-crd-creation.yaml
-@@ -23,6 +23,10 @@ spec:
-         heritage: {{ .Release.Service }}
-     spec:
-       serviceAccountName: portieris
-+      tolerations:
-+        - key: "node-role.kubernetes.io/master"
-+          operator: "Exists"
-+          effect: "NoSchedule"
-       containers:
-         - name: hyperkube
-           image: "{{ .Values.hyperkube.repository }}:{{ .Values.hyperkube.tag }}"
-diff --git a/helm/portieris/templates/default/create-default-policies.yaml b/helm/portieris/templates/default/create-default-policies.yaml
-index 31a38c0..fae1597 100644
---- a/helm/portieris/templates/default/create-default-policies.yaml
-+++ b/helm/portieris/templates/default/create-default-policies.yaml
-@@ -23,6 +23,10 @@ spec:
-         heritage: {{ .Release.Service }}
-     spec:
-       serviceAccountName: portieris
-+      tolerations:
-+        - key: "node-role.kubernetes.io/master"
-+          operator: "Exists"
-+          effect: "NoSchedule"
-       containers:
-         - name: hyperkube
-           image: "{{ .Values.hyperkube.repository }}:{{ .Values.hyperkube.tag }}"
-@@ -39,4 +43,4 @@ spec:
-           configMap:
-             name: default-image-policies
-       restartPolicy: OnFailure
--      
-\ No newline at end of file
-+      
-diff --git a/helm/portieris/templates/deployment.yaml b/helm/portieris/templates/deployment.yaml
-index d8f3590..e6c4184 100644
---- a/helm/portieris/templates/deployment.yaml
-+++ b/helm/portieris/templates/deployment.yaml
-@@ -25,6 +25,10 @@ spec:
-       imagePullSecrets:
-       - name: default-registry-key
-       {{ end }}
-+      tolerations:
-+        - key: "node-role.kubernetes.io/master"
-+          operator: "Exists"
-+          effect: "NoSchedule"
-       containers:
-         - name: {{ .Chart.Name }}
-           image: "{{ .Values.image.host | default "docker.io/ibmcom"  }}/{{ .Values.image.image }}:{{ .Values.image.tag }}"
--- 
-2.29.2
-

portieris-helm/debian/deb_folder/patches/0006-Add-toleration-to-deployment-and-jobs.patch

@@ -1,119 +0,0 @@
-From ed8b4b884a2a73b07934461206db66adf8da8218 Mon Sep 17 00:00:00 2001
-From: Boovan Rajendran <boovan.rajendran@windriver.com>
-Date: Fri, 28 Oct 2022 10:37:56 -0400
-Subject: [PATCH] Add toleration to deployment and jobs
-
-The tolerations address the nodeselectors for kubernetes versions 1.24 and earlier.
-
-Signed-off-by: Rafael Camargos <RafaelLucas.Camargos@windriver.com>
----
- .../admission-webhooks/create-admission-webhooks.yaml          | 3 +++
- .../admission-webhooks/delete-admission-webhooks.yaml          | 3 +++
- helm/portieris/templates/crd-creation/create-crds.yaml         | 3 +++
- helm/portieris/templates/crd-creation/delete-crds.yaml         | 3 +++
- .../templates/crd-creation/validate-crd-creation.yaml          | 3 +++
- helm/portieris/templates/default/create-default-policies.yaml  | 3 +++
- helm/portieris/templates/deployment.yaml                       | 3 +++
- 7 files changed, 21 insertions(+)
-
-diff --git a/helm/portieris/templates/admission-webhooks/create-admission-webhooks.yaml b/helm/portieris/templates/admission-webhooks/create-admission-webhooks.yaml
-index fe3e5c2..6674602 100644
---- a/helm/portieris/templates/admission-webhooks/create-admission-webhooks.yaml
-+++ b/helm/portieris/templates/admission-webhooks/create-admission-webhooks.yaml
-@@ -31,6 +31,9 @@ spec:
-         - key: "node-role.kubernetes.io/master"
-           operator: "Exists"
-           effect: "NoSchedule"
-+        - key: "node-role.kubernetes.io/control-plane"
-+          operator: "Exists"
-+          effect: "NoSchedule"
-       containers:
-         - name: hyperkube
-           image: "{{ .Values.hyperkube.repository }}:{{ .Values.hyperkube.tag }}"
-diff --git a/helm/portieris/templates/admission-webhooks/delete-admission-webhooks.yaml b/helm/portieris/templates/admission-webhooks/delete-admission-webhooks.yaml
-index e8edc3d..abd1538 100644
---- a/helm/portieris/templates/admission-webhooks/delete-admission-webhooks.yaml
-+++ b/helm/portieris/templates/admission-webhooks/delete-admission-webhooks.yaml
-@@ -27,6 +27,9 @@ spec:
-         - key: "node-role.kubernetes.io/master"
-           operator: "Exists"
-           effect: "NoSchedule"
-+        - key: "node-role.kubernetes.io/control-plane"
-+          operator: "Exists"
-+          effect: "NoSchedule"
-       containers:
-         - name: hyperkube
-           image: "{{ .Values.hyperkube.repository }}:{{ .Values.hyperkube.tag }}"
-diff --git a/helm/portieris/templates/crd-creation/create-crds.yaml b/helm/portieris/templates/crd-creation/create-crds.yaml
-index 2033ee6..1237920 100644
---- a/helm/portieris/templates/crd-creation/create-crds.yaml
-+++ b/helm/portieris/templates/crd-creation/create-crds.yaml
-@@ -27,6 +27,9 @@ spec:
-         - key: "node-role.kubernetes.io/master"
-           operator: "Exists"
-           effect: "NoSchedule"
-+        - key: "node-role.kubernetes.io/control-plane"
-+          operator: "Exists"
-+          effect: "NoSchedule"
-       containers:
-         - name: hyperkube
-           image: "{{ .Values.hyperkube.repository }}:{{ .Values.hyperkube.tag }}"
-diff --git a/helm/portieris/templates/crd-creation/delete-crds.yaml b/helm/portieris/templates/crd-creation/delete-crds.yaml
-index 894598a..b0a3c0a 100644
---- a/helm/portieris/templates/crd-creation/delete-crds.yaml
-+++ b/helm/portieris/templates/crd-creation/delete-crds.yaml
-@@ -27,6 +27,9 @@ spec:
-         - key: "node-role.kubernetes.io/master"
-           operator: "Exists"
-           effect: "NoSchedule"
-+        - key: "node-role.kubernetes.io/control-plane"
-+          operator: "Exists"
-+          effect: "NoSchedule"
-       containers:
-         - name: hyperkube
-           image: "{{ .Values.hyperkube.repository }}:{{ .Values.hyperkube.tag }}"
-diff --git a/helm/portieris/templates/crd-creation/validate-crd-creation.yaml b/helm/portieris/templates/crd-creation/validate-crd-creation.yaml
-index 58e501e..430c1ab 100644
---- a/helm/portieris/templates/crd-creation/validate-crd-creation.yaml
-+++ b/helm/portieris/templates/crd-creation/validate-crd-creation.yaml
-@@ -27,6 +27,9 @@ spec:
-         - key: "node-role.kubernetes.io/master"
-           operator: "Exists"
-           effect: "NoSchedule"
-+        - key: "node-role.kubernetes.io/control-plane"
-+          operator: "Exists"
-+          effect: "NoSchedule"
-       containers:
-         - name: hyperkube
-           image: "{{ .Values.hyperkube.repository }}:{{ .Values.hyperkube.tag }}"
-diff --git a/helm/portieris/templates/default/create-default-policies.yaml b/helm/portieris/templates/default/create-default-policies.yaml
-index fae1597..6f55ccc 100644
---- a/helm/portieris/templates/default/create-default-policies.yaml
-+++ b/helm/portieris/templates/default/create-default-policies.yaml
-@@ -27,6 +27,9 @@ spec:
-         - key: "node-role.kubernetes.io/master"
-           operator: "Exists"
-           effect: "NoSchedule"
-+        - key: "node-role.kubernetes.io/control-plane"
-+          operator: "Exists"
-+          effect: "NoSchedule"
-       containers:
-         - name: hyperkube
-           image: "{{ .Values.hyperkube.repository }}:{{ .Values.hyperkube.tag }}"
-diff --git a/helm/portieris/templates/deployment.yaml b/helm/portieris/templates/deployment.yaml
-index e6c4184..7835f29 100644
---- a/helm/portieris/templates/deployment.yaml
-+++ b/helm/portieris/templates/deployment.yaml
-@@ -29,6 +29,9 @@ spec:
-         - key: "node-role.kubernetes.io/master"
-           operator: "Exists"
-           effect: "NoSchedule"
-+        - key: "node-role.kubernetes.io/control-plane"
-+          operator: "Exists"
-+          effect: "NoSchedule"
-       containers:
-         - name: {{ .Chart.Name }}
-           image: "{{ .Values.image.host | default "docker.io/ibmcom"  }}/{{ .Values.image.image }}:{{ .Values.image.tag }}"
--- 
-2.25.1
-

portieris-helm/debian/deb_folder/patches/series

@@ -1,6 +1 @@
-0001-Squash-required-portieris-fixes.patch
-0002-add-image-pull-secrets-to-images.patch
-0003-add-toggle-to-reinstall-the-admission-webhook.patch
-0004-run-admission-webhooks-as-non-root.patch
-0005-add-toleration.patch
-0006-Add-toleration-to-deployment-and-jobs.patch
+0001-Add-permissive-cluster-policy-by-default.patch

portieris-helm/debian/deb_folder/rules

@@ -3,7 +3,7 @@
 
 export ROOT = debian/tmp
 export CHART_FOLDER = $(ROOT)/usr/lib/helm
-export PORTIERIS_VERSION = 0.7.0
+export PORTIERIS_VERSION = v0.13.1
 export PORTIERIS_TARBALL = portieris-$(PORTIERIS_VERSION).tgz
 
 %:

portieris-helm/debian/meta_data.yaml

@@ -2,9 +2,9 @@
 debname: portieris-helm
 debver: 1.0-1
 dl_path:
-  name: portieris-0.7.0.tgz
-  url: https://github.com/IBM/portieris/archive/0.7.0.tar.gz
-  md5sum: ef9c907c5fe0e49db91fd0072d39111e
+  name: portieris-0.13.1.tgz
+  url: https://github.com/IBM/portieris/archive/refs/tags/v0.13.1.tar.gz
+  md5sum: 3c5b2a092172dfd0fd51d4319305680f
 src_files:
   - files/metadata.yaml
   - files/index.yaml

portieris-helm/files/0001-Add-permissive-cluster-policy-by-default.patch

@@ -0,0 +1,37 @@
+From 0eff41601723e51d975af4e4663dc788bb067f0a Mon Sep 17 00:00:00 2001
+From: Jerry Sun <jerry.sun@windriver.com>
+Date: Mon, 16 Jan 2023 11:35:58 -0500
+Subject: [PATCH 1/1] Add permissive cluster policy by default
+
+The default permissive policy is only added if the policy set is
+set to IKS. In the non IKS case, no default cluster image policy
+is created. This means all pod deployment is denied in all
+namespaces that don't have any imagepolicies. This patch applies
+the default permissive cluster image policy to not interfere with
+platform functionality when Portieris is applied.
+
+Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
+---
+ helm/portieris/templates/policies.yaml | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/helm/portieris/templates/policies.yaml b/helm/portieris/templates/policies.yaml
+index 6e67ffc..ed8c84f 100644
+--- a/helm/portieris/templates/policies.yaml
++++ b/helm/portieris/templates/policies.yaml
+@@ -65,7 +65,6 @@ spec:
+ ---
+ {{ end }}
+ 
+-{{- if (eq .Values.PolicySet "IKS") }}
+ apiVersion: portieris.cloud.ibm.com/v1
+ kind: ClusterImagePolicy
+ metadata:
+@@ -77,4 +76,3 @@ spec:
+    repositories:
+    {{- .Values.clusterPolicy.allowedRepositories | toYaml | nindent 4 }}
+ ---
+-{{ end }}
+-- 
+2.34.1
+

portieris-helm/files/0002-add-image-pull-secrets-to-images.patch

@@ -1,28 +0,0 @@
-From 77a11903c2486d07cd3b078f99476b3a855fdce0 Mon Sep 17 00:00:00 2001
-From: Michel Thebeau <Michel.Thebeau@windriver.com>
-Date: Mon, 18 Jan 2021 17:02:39 -0500
-Subject: [PATCH] add image pull secrets to images
-
-Signed-off-by: Michel Thebeau <Michel.Thebeau@windriver.com>
----
- helm/portieris/templates/deployment.yaml | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/helm/portieris/templates/deployment.yaml b/helm/portieris/templates/deployment.yaml
-index b72c599..d8f3590 100644
---- a/helm/portieris/templates/deployment.yaml
-+++ b/helm/portieris/templates/deployment.yaml
-@@ -21,6 +21,10 @@ spec:
-         release: {{ .Release.Name }}
-     spec:
-       serviceAccountName: portieris
-+      {{ if .Values.image.host }}
-+      imagePullSecrets:
-+      - name: default-registry-key
-+      {{ end }}
-       containers:
-         - name: {{ .Chart.Name }}
-           image: "{{ .Values.image.host | default "docker.io/ibmcom"  }}/{{ .Values.image.image }}:{{ .Values.image.tag }}"
--- 
-2.29.2
-

portieris-helm/files/0003-add-toggle-to-reinstall-the-admission-webhook.patch

@@ -1,51 +0,0 @@
-From b5defc7482fa8a0b1ad7c96a1ad8d8b578fb7d2c Mon Sep 17 00:00:00 2001
-From: Michel Thebeau <Michel.Thebeau@windriver.com>
-Date: Wed, 1 Sep 2021 10:34:54 -0400
-Subject: [PATCH 3/4] add toggle to reinstall the admission webhook
-
-The backup and restore procedure will set ReapplyAdmissionWebhook to
-true to force an "upgrade" of an already installed Portieris
-application.  The webhooks job is run on the helm chart's post-upgrade
-hook.  The chart value ReapplyAdmissionWebhook is reserved to simplify
-its handling by backup and restore.
-
-Signed-off-by: Michel Thebeau <Michel.Thebeau@windriver.com>
----
- .../admission-webhooks/create-admission-webhooks.yaml         | 4 ++++
- helm/portieris/values.yaml                                    | 4 ++++
- 2 files changed, 8 insertions(+)
-
-diff --git a/helm/portieris/templates/admission-webhooks/create-admission-webhooks.yaml b/helm/portieris/templates/admission-webhooks/create-admission-webhooks.yaml
-index 04bb56a..7773413 100644
---- a/helm/portieris/templates/admission-webhooks/create-admission-webhooks.yaml
-+++ b/helm/portieris/templates/admission-webhooks/create-admission-webhooks.yaml
-@@ -4,7 +4,11 @@ metadata:
-   name: create-admission-webhooks
-   namespace: {{ .Values.namespace }}
-   annotations:
-+    {{ if .Values.ReapplyAdmissionWebhook }}
-+    helm.sh/hook: post-install,post-upgrade
-+    {{ else }}
-     helm.sh/hook: post-install
-+    {{ end }}
-     helm.sh/hook-weight: "5"
-     helm.sh/hook-delete-policy: hook-succeeded
-   labels:
-diff --git a/helm/portieris/values.yaml b/helm/portieris/values.yaml
-index 8b1a13e..d73d6f2 100644
---- a/helm/portieris/values.yaml
-+++ b/helm/portieris/values.yaml
-@@ -29,6 +29,10 @@ SkipSecretCreation: false
- # If using cert-manager to handle secrets
- UseCertManager: false
- 
-+# Set to force helm upgrade, rerun the create-admission-webhooks job
-+# This value is reserved for the StarlingX backup and restore procedure
-+ReapplyAdmissionWebhook: false
-+
- # Resoures defined to assist scheduling
- # request is typical x10, limit is typical x100
- resources:
--- 
-2.29.2
-

portieris-helm/files/0004-run-admission-webhooks-as-non-root.patch

@@ -1,105 +0,0 @@
-From 8a6d884de01c2ce8ad9f68284b69a0ae2e5dea2a Mon Sep 17 00:00:00 2001
-From: Michel Thebeau <Michel.Thebeau@windriver.com>
-Date: Wed, 1 Sep 2021 18:54:44 -0400
-Subject: [PATCH 4/4] run admission webhooks as non-root
-
-With pod security policies enabled the webhooks will not run as root,
-with "Error: container has runAsNonRoot and image will run as root".
-
-Copy the securityContext from portieris chart, run as 'portieris'
-service account.
-
-Fix subsequent jobs that fail with the absent securityContext,
-permissions.  Add patch verb to customresourcedefinitions for portieris
-service add account.
-
-Signed-off-by: Michel Thebeau <Michel.Thebeau@windriver.com>
----
- .../admission-webhooks/create-admission-webhooks.yaml         | 3 +++
- .../admission-webhooks/delete-admission-webhooks.yaml         | 3 +++
- helm/portieris/templates/clusterrole.yaml                     | 4 ++--
- helm/portieris/templates/crd-creation/create-crds.yaml        | 4 +++-
- helm/portieris/templates/crd-creation/delete-crds.yaml        | 4 +++-
- .../templates/crd-creation/validate-crd-creation.yaml         | 4 +++-
- 6 files changed, 17 insertions(+), 5 deletions(-)
-
-diff --git a/helm/portieris/templates/admission-webhooks/create-admission-webhooks.yaml b/helm/portieris/templates/admission-webhooks/create-admission-webhooks.yaml
-index 7773413..cbe0eb7 100644
---- a/helm/portieris/templates/admission-webhooks/create-admission-webhooks.yaml
-+++ b/helm/portieris/templates/admission-webhooks/create-admission-webhooks.yaml
-@@ -44,3 +44,6 @@ spec:
-           configMap:
-             name: admission-webhooks
-       restartPolicy: OnFailure
-+      securityContext:
-+        runAsUser: {{ .Values.securityContext.runAsUser }}
-+
-diff --git a/helm/portieris/templates/admission-webhooks/delete-admission-webhooks.yaml b/helm/portieris/templates/admission-webhooks/delete-admission-webhooks.yaml
-index ce34927..dd8c259 100644
---- a/helm/portieris/templates/admission-webhooks/delete-admission-webhooks.yaml
-+++ b/helm/portieris/templates/admission-webhooks/delete-admission-webhooks.yaml
-@@ -40,3 +40,6 @@ spec:
-           configMap:
-             name: admission-webhooks
-       restartPolicy: OnFailure
-+      securityContext:
-+        runAsUser: {{ .Values.securityContext.runAsUser }}
-+
-diff --git a/helm/portieris/templates/clusterrole.yaml b/helm/portieris/templates/clusterrole.yaml
-index 67c5912..13b4cb4 100644
---- a/helm/portieris/templates/clusterrole.yaml
-+++ b/helm/portieris/templates/clusterrole.yaml
-@@ -16,10 +16,10 @@ rules:
-   verbs: ["get", "watch", "list", "create", "patch"]
- - apiGroups: ["apiextensions.k8s.io"]
-   resources: ["customresourcedefinitions"]
--  verbs: ["get", "create", "delete"]
-+  verbs: ["get", "create", "delete", "patch"]
- - apiGroups: ["admissionregistration.k8s.io"]
-   resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"]
--  verbs: ["get", "create", "delete"]
-+  verbs: ["get", "create", "delete", "patch"]
- - apiGroups: [""]
-   resources: ["secrets", "serviceaccounts"]
-   verbs: ["get"]
-diff --git a/helm/portieris/templates/crd-creation/create-crds.yaml b/helm/portieris/templates/crd-creation/create-crds.yaml
-index 3ac36f6..13b0ca2 100644
---- a/helm/portieris/templates/crd-creation/create-crds.yaml
-+++ b/helm/portieris/templates/crd-creation/create-crds.yaml
-@@ -39,4 +39,6 @@ spec:
-           configMap:
-             name: image-policy-crds
-       restartPolicy: OnFailure
--      
-\ No newline at end of file
-+      securityContext:
-+        runAsUser: {{ .Values.securityContext.runAsUser }}
-+
-diff --git a/helm/portieris/templates/crd-creation/delete-crds.yaml b/helm/portieris/templates/crd-creation/delete-crds.yaml
-index 9080511..783fe23 100644
---- a/helm/portieris/templates/crd-creation/delete-crds.yaml
-+++ b/helm/portieris/templates/crd-creation/delete-crds.yaml
-@@ -40,4 +40,6 @@ spec:
-           configMap:
-             name: image-policy-crds
-       restartPolicy: OnFailure
--      
-+      securityContext:
-+        runAsUser: {{ .Values.securityContext.runAsUser }}
-+
-diff --git a/helm/portieris/templates/crd-creation/validate-crd-creation.yaml b/helm/portieris/templates/crd-creation/validate-crd-creation.yaml
-index 5c68466..d3075da 100644
---- a/helm/portieris/templates/crd-creation/validate-crd-creation.yaml
-+++ b/helm/portieris/templates/crd-creation/validate-crd-creation.yaml
-@@ -33,4 +33,6 @@ spec:
-             - imagepolicies.securityenforcement.admission.cloud.ibm.com
-             - clusterimagepolicies.securityenforcement.admission.cloud.ibm.com
-       restartPolicy: OnFailure
--      
-\ No newline at end of file
-+      securityContext:
-+        runAsUser: {{ .Values.securityContext.runAsUser }}
-+
--- 
-2.29.2
-

portieris-helm/files/0005-add-toleration.patch

@@ -1,130 +0,0 @@
-From ed939af4c374f834f6e15e2f6c3d5cbff53c90ec Mon Sep 17 00:00:00 2001
-From: Rafael Camargos <RafaelLucas.Camargos@windriver.com>
-Date: Tue, 28 Sep 2021 11:05:29 -0400
-Subject: [PATCH] Add toleration to deployment and jobs
-
----
- .../admission-webhooks/create-admission-webhooks.yaml       | 4 ++++
- .../admission-webhooks/delete-admission-webhooks.yaml       | 4 ++++
- helm/portieris/templates/crd-creation/create-crds.yaml      | 4 ++++
- helm/portieris/templates/crd-creation/delete-crds.yaml      | 4 ++++
- .../templates/crd-creation/validate-crd-creation.yaml       | 4 ++++
- .../templates/default/create-default-policies.yaml          | 6 +++++-
- helm/portieris/templates/deployment.yaml                    | 4 ++++
- 7 files changed, 29 insertions(+), 1 deletion(-)
-
-diff --git a/helm/portieris/templates/admission-webhooks/create-admission-webhooks.yaml b/helm/portieris/templates/admission-webhooks/create-admission-webhooks.yaml
-index cbe0eb7..fe3e5c2 100644
---- a/helm/portieris/templates/admission-webhooks/create-admission-webhooks.yaml
-+++ b/helm/portieris/templates/admission-webhooks/create-admission-webhooks.yaml
-@@ -27,6 +27,10 @@ spec:
-         heritage: {{ .Release.Service }}
-     spec:
-       serviceAccountName: portieris
-+      tolerations:
-+        - key: "node-role.kubernetes.io/master"
-+          operator: "Exists"
-+          effect: "NoSchedule"
-       containers:
-         - name: hyperkube
-           image: "{{ .Values.hyperkube.repository }}:{{ .Values.hyperkube.tag }}"
-diff --git a/helm/portieris/templates/admission-webhooks/delete-admission-webhooks.yaml b/helm/portieris/templates/admission-webhooks/delete-admission-webhooks.yaml
-index dd8c259..e8edc3d 100644
---- a/helm/portieris/templates/admission-webhooks/delete-admission-webhooks.yaml
-+++ b/helm/portieris/templates/admission-webhooks/delete-admission-webhooks.yaml
-@@ -23,6 +23,10 @@ spec:
-         heritage: {{ .Release.Service }}
-     spec:
-       serviceAccountName: portieris
-+      tolerations:
-+        - key: "node-role.kubernetes.io/master"
-+          operator: "Exists"
-+          effect: "NoSchedule"
-       containers:
-         - name: hyperkube
-           image: "{{ .Values.hyperkube.repository }}:{{ .Values.hyperkube.tag }}"
-diff --git a/helm/portieris/templates/crd-creation/create-crds.yaml b/helm/portieris/templates/crd-creation/create-crds.yaml
-index 13b0ca2..2033ee6 100644
---- a/helm/portieris/templates/crd-creation/create-crds.yaml
-+++ b/helm/portieris/templates/crd-creation/create-crds.yaml
-@@ -23,6 +23,10 @@ spec:
-         heritage: {{ .Release.Service }}
-     spec:
-       serviceAccountName: portieris
-+      tolerations:
-+        - key: "node-role.kubernetes.io/master"
-+          operator: "Exists"
-+          effect: "NoSchedule"
-       containers:
-         - name: hyperkube
-           image: "{{ .Values.hyperkube.repository }}:{{ .Values.hyperkube.tag }}"
-diff --git a/helm/portieris/templates/crd-creation/delete-crds.yaml b/helm/portieris/templates/crd-creation/delete-crds.yaml
-index 783fe23..894598a 100644
---- a/helm/portieris/templates/crd-creation/delete-crds.yaml
-+++ b/helm/portieris/templates/crd-creation/delete-crds.yaml
-@@ -23,6 +23,10 @@ spec:
-         heritage: {{ .Release.Service }}
-     spec:
-       serviceAccountName: portieris
-+      tolerations:
-+        - key: "node-role.kubernetes.io/master"
-+          operator: "Exists"
-+          effect: "NoSchedule"
-       containers:
-         - name: hyperkube
-           image: "{{ .Values.hyperkube.repository }}:{{ .Values.hyperkube.tag }}"
-diff --git a/helm/portieris/templates/crd-creation/validate-crd-creation.yaml b/helm/portieris/templates/crd-creation/validate-crd-creation.yaml
-index d3075da..58e501e 100644
---- a/helm/portieris/templates/crd-creation/validate-crd-creation.yaml
-+++ b/helm/portieris/templates/crd-creation/validate-crd-creation.yaml
-@@ -23,6 +23,10 @@ spec:
-         heritage: {{ .Release.Service }}
-     spec:
-       serviceAccountName: portieris
-+      tolerations:
-+        - key: "node-role.kubernetes.io/master"
-+          operator: "Exists"
-+          effect: "NoSchedule"
-       containers:
-         - name: hyperkube
-           image: "{{ .Values.hyperkube.repository }}:{{ .Values.hyperkube.tag }}"
-diff --git a/helm/portieris/templates/default/create-default-policies.yaml b/helm/portieris/templates/default/create-default-policies.yaml
-index 31a38c0..fae1597 100644
---- a/helm/portieris/templates/default/create-default-policies.yaml
-+++ b/helm/portieris/templates/default/create-default-policies.yaml
-@@ -23,6 +23,10 @@ spec:
-         heritage: {{ .Release.Service }}
-     spec:
-       serviceAccountName: portieris
-+      tolerations:
-+        - key: "node-role.kubernetes.io/master"
-+          operator: "Exists"
-+          effect: "NoSchedule"
-       containers:
-         - name: hyperkube
-           image: "{{ .Values.hyperkube.repository }}:{{ .Values.hyperkube.tag }}"
-@@ -39,4 +43,4 @@ spec:
-           configMap:
-             name: default-image-policies
-       restartPolicy: OnFailure
--      
-\ No newline at end of file
-+      
-diff --git a/helm/portieris/templates/deployment.yaml b/helm/portieris/templates/deployment.yaml
-index d8f3590..e6c4184 100644
---- a/helm/portieris/templates/deployment.yaml
-+++ b/helm/portieris/templates/deployment.yaml
-@@ -25,6 +25,10 @@ spec:
-       imagePullSecrets:
-       - name: default-registry-key
-       {{ end }}
-+      tolerations:
-+        - key: "node-role.kubernetes.io/master"
-+          operator: "Exists"
-+          effect: "NoSchedule"
-       containers:
-         - name: {{ .Chart.Name }}
-           image: "{{ .Values.image.host | default "docker.io/ibmcom"  }}/{{ .Values.image.image }}:{{ .Values.image.tag }}"
--- 
-2.29.2
-

portieris-helm/files/0006-Add-toleration-to-deployment-and-jobs.patch

@@ -1,119 +0,0 @@
-From ed8b4b884a2a73b07934461206db66adf8da8218 Mon Sep 17 00:00:00 2001
-From: Boovan Rajendran <boovan.rajendran@windriver.com>
-Date: Fri, 28 Oct 2022 10:37:56 -0400
-Subject: [PATCH] Add toleration to deployment and jobs
-
-The tolerations address the nodeselectors for kubernetes versions 1.24 and earlier.
-
-Signed-off-by: Rafael Camargos <RafaelLucas.Camargos@windriver.com>
----
- .../admission-webhooks/create-admission-webhooks.yaml          | 3 +++
- .../admission-webhooks/delete-admission-webhooks.yaml          | 3 +++
- helm/portieris/templates/crd-creation/create-crds.yaml         | 3 +++
- helm/portieris/templates/crd-creation/delete-crds.yaml         | 3 +++
- .../templates/crd-creation/validate-crd-creation.yaml          | 3 +++
- helm/portieris/templates/default/create-default-policies.yaml  | 3 +++
- helm/portieris/templates/deployment.yaml                       | 3 +++
- 7 files changed, 21 insertions(+)
-
-diff --git a/helm/portieris/templates/admission-webhooks/create-admission-webhooks.yaml b/helm/portieris/templates/admission-webhooks/create-admission-webhooks.yaml
-index fe3e5c2..6674602 100644
---- a/helm/portieris/templates/admission-webhooks/create-admission-webhooks.yaml
-+++ b/helm/portieris/templates/admission-webhooks/create-admission-webhooks.yaml
-@@ -31,6 +31,9 @@ spec:
-         - key: "node-role.kubernetes.io/master"
-           operator: "Exists"
-           effect: "NoSchedule"
-+        - key: "node-role.kubernetes.io/control-plane"
-+          operator: "Exists"
-+          effect: "NoSchedule"
-       containers:
-         - name: hyperkube
-           image: "{{ .Values.hyperkube.repository }}:{{ .Values.hyperkube.tag }}"
-diff --git a/helm/portieris/templates/admission-webhooks/delete-admission-webhooks.yaml b/helm/portieris/templates/admission-webhooks/delete-admission-webhooks.yaml
-index e8edc3d..abd1538 100644
---- a/helm/portieris/templates/admission-webhooks/delete-admission-webhooks.yaml
-+++ b/helm/portieris/templates/admission-webhooks/delete-admission-webhooks.yaml
-@@ -27,6 +27,9 @@ spec:
-         - key: "node-role.kubernetes.io/master"
-           operator: "Exists"
-           effect: "NoSchedule"
-+        - key: "node-role.kubernetes.io/control-plane"
-+          operator: "Exists"
-+          effect: "NoSchedule"
-       containers:
-         - name: hyperkube
-           image: "{{ .Values.hyperkube.repository }}:{{ .Values.hyperkube.tag }}"
-diff --git a/helm/portieris/templates/crd-creation/create-crds.yaml b/helm/portieris/templates/crd-creation/create-crds.yaml
-index 2033ee6..1237920 100644
---- a/helm/portieris/templates/crd-creation/create-crds.yaml
-+++ b/helm/portieris/templates/crd-creation/create-crds.yaml
-@@ -27,6 +27,9 @@ spec:
-         - key: "node-role.kubernetes.io/master"
-           operator: "Exists"
-           effect: "NoSchedule"
-+        - key: "node-role.kubernetes.io/control-plane"
-+          operator: "Exists"
-+          effect: "NoSchedule"
-       containers:
-         - name: hyperkube
-           image: "{{ .Values.hyperkube.repository }}:{{ .Values.hyperkube.tag }}"
-diff --git a/helm/portieris/templates/crd-creation/delete-crds.yaml b/helm/portieris/templates/crd-creation/delete-crds.yaml
-index 894598a..b0a3c0a 100644
---- a/helm/portieris/templates/crd-creation/delete-crds.yaml
-+++ b/helm/portieris/templates/crd-creation/delete-crds.yaml
-@@ -27,6 +27,9 @@ spec:
-         - key: "node-role.kubernetes.io/master"
-           operator: "Exists"
-           effect: "NoSchedule"
-+        - key: "node-role.kubernetes.io/control-plane"
-+          operator: "Exists"
-+          effect: "NoSchedule"
-       containers:
-         - name: hyperkube
-           image: "{{ .Values.hyperkube.repository }}:{{ .Values.hyperkube.tag }}"
-diff --git a/helm/portieris/templates/crd-creation/validate-crd-creation.yaml b/helm/portieris/templates/crd-creation/validate-crd-creation.yaml
-index 58e501e..430c1ab 100644
---- a/helm/portieris/templates/crd-creation/validate-crd-creation.yaml
-+++ b/helm/portieris/templates/crd-creation/validate-crd-creation.yaml
-@@ -27,6 +27,9 @@ spec:
-         - key: "node-role.kubernetes.io/master"
-           operator: "Exists"
-           effect: "NoSchedule"
-+        - key: "node-role.kubernetes.io/control-plane"
-+          operator: "Exists"
-+          effect: "NoSchedule"
-       containers:
-         - name: hyperkube
-           image: "{{ .Values.hyperkube.repository }}:{{ .Values.hyperkube.tag }}"
-diff --git a/helm/portieris/templates/default/create-default-policies.yaml b/helm/portieris/templates/default/create-default-policies.yaml
-index fae1597..6f55ccc 100644
---- a/helm/portieris/templates/default/create-default-policies.yaml
-+++ b/helm/portieris/templates/default/create-default-policies.yaml
-@@ -27,6 +27,9 @@ spec:
-         - key: "node-role.kubernetes.io/master"
-           operator: "Exists"
-           effect: "NoSchedule"
-+        - key: "node-role.kubernetes.io/control-plane"
-+          operator: "Exists"
-+          effect: "NoSchedule"
-       containers:
-         - name: hyperkube
-           image: "{{ .Values.hyperkube.repository }}:{{ .Values.hyperkube.tag }}"
-diff --git a/helm/portieris/templates/deployment.yaml b/helm/portieris/templates/deployment.yaml
-index e6c4184..7835f29 100644
---- a/helm/portieris/templates/deployment.yaml
-+++ b/helm/portieris/templates/deployment.yaml
-@@ -29,6 +29,9 @@ spec:
-         - key: "node-role.kubernetes.io/master"
-           operator: "Exists"
-           effect: "NoSchedule"
-+        - key: "node-role.kubernetes.io/control-plane"
-+          operator: "Exists"
-+          effect: "NoSchedule"
-       containers:
-         - name: {{ .Chart.Name }}
-           image: "{{ .Values.image.host | default "docker.io/ibmcom"  }}/{{ .Values.image.image }}:{{ .Values.image.tag }}"
--- 
-2.25.1
-

stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris/helmrelease.yaml

@@ -15,7 +15,7 @@ spec:
   chart:
     spec:
       chart: portieris
-      version: 0.7.0
+      version: 0.13.1
       sourceRef:
         kind: HelmRepository
         name: stx-platform

stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris/portieris-static-overrides.yaml

@@ -8,13 +8,15 @@ replicaCount: 3
 namespace: portieris
 images:
   tags:
-    portieris: docker.io/starlingx/portieris:stx.5.0-v0.7.0
+    portieris: icr.io/portieris/portieris:v0.13.1
 image:
-  host: registry.local:9001/docker.io/starlingx
+  host: registry.local:9001/icr.io/portieris
+  pullSecret: default-registry-key
   image: portieris
-  tags: stx.5.0-v0.7.0
-  tag: stx.5.0-v0.7.0
-IBMContainerService: false
+  tag: v0.13.1
+tolerations:
+  - key: "node-role.kubernetes.io/master"
+    operator: "Exists"
+    effect: "NoSchedule"
 SkipSecretCreation: true
 UseCertManager: true
-