ZeroDownTime/KubeZero
3
0
Fork 0
Code Issues 1 Pull Requests 28 Packages Projects Releases Wiki Activity

feat: first working Kyverno Policy integration

Browse Source
This commit is contained in:
Stefan Reimer 2025-06-11 17:59:03 +00:00
parent de0a68cd81
commit 3010ccac50
3 changed files with 70 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
charts/kubezero-mq/values.yaml
View File

@ -3,6 +3,10 @@ nats:
enabled: false enabled: false
config: config:
cluster:
routeURLs:
useFQDN: true
jetstream: jetstream:
enabled: true enabled: true

56
charts/kubezero-policy/values.yaml
View File

@ -1,28 +1,58 @@
kyverno: kyverno:
enabled: false enabled: false
# Disable hooks being triggered during each sync
policyReportsCleanup:
enabled: false
webhooksCleanup:
enabled: false
autoDeleteWebhooks:
enabled: true
crds:
migration:
enabled: false
# templating: # templating:
# enabled: true # enabled: true
config:
preserve: false
webhookAnnotations:
argocd.argoproj.io/installation-id: KubeZero-ArgoCD
# Unfortunately Argo needs different values for Mutating and Validating hooks so disabled for now
# argocd.argoproj.io/tracking-id: policy:/ServiceAccount:kyverno/kyverno-admission-controller
features:
logging:
format: json
# Enabled via kubezero global metrics flag
grafana:
enabled: false
admissionController: admissionController:
revisionHistoryLimit: 2 revisionHistoryLimit: 2
nodeSelector: cleanupController:
node-role.kubernetes.io/control-plane: "" revisionHistoryLimit: 2
tolerations: rbac:
- key: node-role.kubernetes.io/control-plane clusterRole:
effect: NoSchedule extraResources:
# Allow to clean up postgreSQL backups
# container: - apiGroups:
# extraArgs: - postgresql.cnpg.io
# caSecretName: kubezero-policy-admission-tls resources:
# tlsSecretName: kubezero-policy-admission-tls - backups
verbs:
- delete
- list
- watch
backgroundController: backgroundController:
revisionHistoryLimit: 2
enabled: false enabled: false
# cleanupController:
# enabled: false
reportsController: reportsController:
revisionHistoryLimit: 2
enabled: false enabled: false

24
charts/kubezero/templates/policy.yaml
View File

@ -1,6 +1,28 @@
{{- define "policy-values" }} {{- define "policy-values" }}
kyverno: kyverno:
dummy: test {{- if eq .Values.global.platform "aws" }}
global:
{{- include "kubezero-lib.control-plane" . | nindent 4 }}
{{- end }}
grafana:
enabled: {{ .Values.metrics.enabled }}
admissionController:
serviceMonitor:
enabled: {{ .Values.metrics.enabled }}
cleanupController:
serviceMonitor:
enabled: {{ .Values.metrics.enabled }}
backgroundController:
serviceMonitor:
enabled: {{ .Values.metrics.enabled }}
reportsController:
serviceMonitor:
enabled: {{ .Values.metrics.enabled }}
{{- end }} {{- end }}
{{- define "policy-argo" }} {{- define "policy-argo" }}