chore: bump support matrix to include GK 3.16.0 (#1504)

.github/workflows/build-pr.yml

@@ -23,7 +23,7 @@ jobs:
       fail-fast: false
       matrix:
         KUBERNETES_VERSION: ["1.29.2"]
-        GATEKEEPER_VERSION: ["3.15.0"]
+        GATEKEEPER_VERSION: ["3.16.0"]
     uses: ./.github/workflows/e2e-k8s.yml 
     with:
       k8s_version: ${{ matrix.KUBERNETES_VERSION }}
@@ -36,7 +36,7 @@ jobs:
       fail-fast: false
       matrix:
         KUBERNETES_VERSION: ["1.28.7", "1.29.2"]
-        GATEKEEPER_VERSION: ["3.13.0", "3.14.0", "3.15.0"]
+        GATEKEEPER_VERSION: ["3.14.0", "3.15.0", "3.16.0"]
     uses: ./.github/workflows/e2e-k8s.yml 
     with:
       k8s_version: ${{ matrix.KUBERNETES_VERSION }}
@@ -52,7 +52,7 @@ jobs:
       fail-fast: false
       matrix:
         KUBERNETES_VERSION: ["1.27.9", "1.29.2"]
-        GATEKEEPER_VERSION: ["3.13.0", "3.14.0", "3.15.0"]
+        GATEKEEPER_VERSION: ["3.14.0", "3.15.0", "3.16.0"]
     uses: ./.github/workflows/e2e-aks.yml
     with:
       k8s_version: ${{ matrix.KUBERNETES_VERSION }}

.github/workflows/e2e-aks.yml

@@ -14,7 +14,7 @@ on:
       gatekeeper_version:
         description: 'Gatekeeper version'
         required: true
-        default: '3.15.0'
+        default: '3.16.0'
         type: string
 
 jobs:

.github/workflows/e2e-k8s.yml

@@ -14,7 +14,7 @@ on:
       gatekeeper_version:
         description: 'Gatekeeper version'
         required: true
-        default: '3.15.0'
+        default: '3.16.0'
         type: string
 
 jobs:

.github/workflows/run-full-validation.yml

@@ -25,7 +25,7 @@ jobs:
       fail-fast: false
       matrix:
         KUBERNETES_VERSION: ["1.28.7", "1.29.2"]
-        GATEKEEPER_VERSION: ["3.13.0", "3.14.0", "3.15.0"]
+        GATEKEEPER_VERSION: ["3.14.0", "3.15.0", "3.16.0"]
     uses: ./.github/workflows/e2e-k8s.yml 
     with:
       k8s_version: ${{ matrix.KUBERNETES_VERSION }}
@@ -40,7 +40,7 @@ jobs:
       fail-fast: false
       matrix:
         KUBERNETES_VERSION: ["1.27.9", "1.29.2"]
-        GATEKEEPER_VERSION: ["3.13.0", "3.14.0", "3.15.0"]
+        GATEKEEPER_VERSION: ["3.14.0", "3.15.0", "3.16.0"]
     uses: ./.github/workflows/e2e-aks.yml
     with:
       k8s_version: ${{ matrix.KUBERNETES_VERSION }}

Makefile

@@ -28,7 +28,7 @@ LDFLAGS += -X $(GO_PKG)/internal/version.GitTag=$(GIT_TAG)
 KIND_VERSION ?= 0.22.0
 KUBERNETES_VERSION ?= 1.29.2
 KIND_KUBERNETES_VERSION ?= 1.29.2
-GATEKEEPER_VERSION ?= 3.15.0
+GATEKEEPER_VERSION ?= 3.16.0
 DAPR_VERSION ?= 1.12.5
 COSIGN_VERSION ?= 2.2.3
 NOTATION_VERSION ?= 1.1.0
@@ -518,10 +518,7 @@ e2e-azure-setup: e2e-create-all-image e2e-notation-setup e2e-notation-leaf-cert-
 
 e2e-deploy-gatekeeper: e2e-helm-install
 	./.staging/helm/linux-amd64/helm repo add gatekeeper https://open-policy-agent.github.io/gatekeeper/charts
-	if [ ${GATEKEEPER_VERSION} = "3.13.0" ]; then ./.staging/helm/linux-amd64/helm install gatekeeper/gatekeeper --version ${GATEKEEPER_VERSION} --name-template=gatekeeper --namespace ${GATEKEEPER_NAMESPACE} --create-namespace --set enableExternalData=true --set validatingWebhookTimeoutSeconds=5 --set mutatingWebhookTimeoutSeconds=2 --set auditInterval=0; fi
-	if [ ${GATEKEEPER_VERSION} = "3.13.0" ]; then kubectl -n ${GATEKEEPER_NAMESPACE} patch deployment gatekeeper-controller-manager --type=json -p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--external-data-provider-response-cache-ttl=1s"}]' && sleep 60; fi
-	# Gatekeeper versions >= 3.14.0 need a special helm value to override the default external data response cache ttl to 10s
-	if [ ${GATEKEEPER_VERSION} != "3.13.0" ]; then ./.staging/helm/linux-amd64/helm install gatekeeper/gatekeeper --version ${GATEKEEPER_VERSION} --name-template=gatekeeper --namespace ${GATEKEEPER_NAMESPACE} --create-namespace --set enableExternalData=true --set validatingWebhookTimeoutSeconds=5 --set mutatingWebhookTimeoutSeconds=2 --set auditInterval=0 --set externaldataProviderResponseCacheTTL=1s; fi
+	./.staging/helm/linux-amd64/helm install gatekeeper/gatekeeper --version ${GATEKEEPER_VERSION} --name-template=gatekeeper --namespace ${GATEKEEPER_NAMESPACE} --create-namespace --set enableExternalData=true --set validatingWebhookTimeoutSeconds=5 --set mutatingWebhookTimeoutSeconds=2 --set auditInterval=0 --set externaldataProviderResponseCacheTTL=1s
 
 e2e-build-crd-image:
 	docker build --progress=plain --no-cache --build-arg KUBE_VERSION=${KUBERNETES_VERSION} --build-arg TARGETOS="linux" --build-arg TARGETARCH="amd64" -f crd.Dockerfile -t localbuildcrd:test ./charts/ratify/crds

charts/ratify/README.md

@@ -69,7 +69,7 @@ Values marked `# DEPRECATED` in the `values.yaml` as well as **DEPRECATED** in t
 | resources.requests.memory                          | Memory request of Ratify Deployment                                                                                                                                                                                                                                                                                                                                    | `512Mi`                           |
 | serviceAccount.create                              | Create new dedicated Ratify service account                                                                                                                                                                                                                                                                                                                            | `true`                            |
 | serviceAccount.name                                | Name of Ratify service account to create                                                                                                                                                                                                                                                                                                                               | `ratify-admin`                    |
-| gatekeeper.version                                 | Determines the Gatekeeper CRD versioning                                                                                                                                                                                                                                                                                                                               | `3.15.0`                          |
+| gatekeeper.version                                 | Determines the Gatekeeper CRD versioning                                                                                                                                                                                                                                                                                                                               | `3.16.0`                          |
 | gatekeeper.namespace                               | Namespace Gatekeeper is installed                                                                                                                                                                                                                                                                                                                                      | `gatekeeper-system`               |
 | instrumentation.metricsEnabled                     | Initializes the configured metrics provider                                                                                                                                                                                                                                                                                                                            | `true`                            |
 | instrumentation.metricsType                        | Specifies the metrics provider type                                                                                                                                                                                                                                                                                                                                    | `prometheus`                      |

charts/ratify/values.yaml

@@ -41,7 +41,7 @@ serviceAccount:
   create: true
   name: ratify-admin
 gatekeeper:
-  version: "3.15.0"
+  version: "3.16.0"
   namespace: # default is gatekeeper-system
 instrumentation:
   metricsEnabled: true

dev.helmfile.yaml

@@ -10,7 +10,7 @@ releases:
     namespace: gatekeeper-system
     createNamespace: true
     chart: gatekeeper/gatekeeper
-    version: 3.15.0
+    version: 3.16.0
     wait: true
     set:
       - name: enableExternalData

dev.high-availability.helmfile.yaml

@@ -20,7 +20,7 @@ releases:
     namespace: gatekeeper-system
     createNamespace: true
     chart: gatekeeper/gatekeeper
-    version: 3.15.0
+    version: 3.16.0
     wait: true
     set:
       - name: enableExternalData

scripts/azure-ci-test.sh

@@ -28,7 +28,7 @@ export KEYVAULT_NAME="${KEYVAULT_NAME:-ratify-akv-${SUFFIX}}"
 export USER_ASSIGNED_IDENTITY_NAME="${USER_ASSIGNED_IDENTITY_NAME:-ratify-e2e-identity-${SUFFIX}}"
 export LOCATION="eastus"
 export KUBERNETES_VERSION=${1:-1.29.2}
-GATEKEEPER_VERSION=${2:-3.15.0}
+GATEKEEPER_VERSION=${2:-3.16.0}
 TENANT_ID=$3
 export RATIFY_NAMESPACE=${4:-gatekeeper-system}
 CERT_DIR=${5:-"~/ratify/certs"}