chore: various policy module fixes

charts/kubezero-argo/values.yaml

@@ -63,6 +63,10 @@ argo-cd:
       application.instanceLabelKey: Null
       server.rbac.log.enforce.enable: Null
 
+      resource.compareoptions: |
+        # disables status field diffing in specified resource types
+        ignoreAggregatedRoles: true
+
       resource.customizations: |
         argoproj.io/Application:
           health.lua: |

charts/kubezero-policy/Chart.yaml

@@ -13,6 +13,9 @@ maintainers:
   - name: Stefan Reimer
     email: stefan@zero-downtime.net
 dependencies:
+  - name: kubezero-lib
+    version: 0.2.1
+    repository: https://cdn.zero-downtime.net/charts/
   - name: kyverno
     version: 3.4.2
     repository: https://kyverno.github.io/kyverno/

charts/kubezero-policy/README.md

@@ -18,6 +18,7 @@ Kubernetes: `>= 1.30.0-0`
 
 | Repository | Name | Version |
 |------------|------|---------|
+| https://cdn.zero-downtime.net/charts/ | kubezero-lib | 0.2.1 |
 | https://kyverno.github.io/kyverno/ | kyverno | 3.4.2 |
 
 # Kyverno

charts/kubezero-policy/values.yaml

@@ -1,2 +1,25 @@
 kyverno:
   enabled: false
+
+  admissionController:
+    revisionHistoryLimit: 2
+
+    nodeSelector:
+      node-role.kubernetes.io/control-plane: ""
+    tolerations:
+    - key: node-role.kubernetes.io/control-plane
+      effect: NoSchedule
+
+#   container:
+#     extraArgs:
+#       caSecretName: kubezero-policy-admission-tls
+#       tlsSecretName: kubezero-policy-admission-tls
+
+  backgroundController:
+    enabled: false
+
+  cleanupController:
+    enabled: false
+
+  reportsController:
+    enabled: false

charts/kubezero/templates/_app.tpl

@@ -10,7 +10,8 @@ metadata:
   labels:
     {{- include "kubezero-lib.labels" . | nindent 4 }}
   annotations:
-    argocd.argoproj.io/sync-options: Replace=true
+    argocd.argoproj.io/compare-options: ServerSideDiff=true,IncludeMutationWebhook=true
+    # argocd.argoproj.io/sync-options: Replace=true
     {{- with ( index .Values $name "annotations" ) }}
     {{- toYaml . | nindent 4 }}
     {{- end }}

charts/kubezero/templates/policy.yaml

@@ -1,6 +1,6 @@
 {{- define "policy-values" }}
 kyverno:
-  test: true
+  dummy: test
 {{- end }}
 
 {{- define "policy-argo" }}

charts/kubezero/values.yaml

@@ -32,6 +32,7 @@ addons:
 
 policy:
   enabled: false
+  namespace: kyverno
   targetRevision: 0.1.0
 
 network: