From cc9983742df8d4a28333b9ce3a0b5cf6a3dbcc6e Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Fri, 6 Jun 2025 11:33:35 +0000 Subject: [PATCH] chore: various policy module fixes --- charts/kubezero-argo/values.yaml | 4 ++++ charts/kubezero-policy/Chart.yaml | 3 +++ charts/kubezero-policy/README.md | 1 + charts/kubezero-policy/values.yaml | 23 +++++++++++++++++++++++ charts/kubezero/templates/_app.tpl | 3 ++- charts/kubezero/templates/policy.yaml | 2 +- charts/kubezero/values.yaml | 1 + 7 files changed, 35 insertions(+), 2 deletions(-) diff --git a/charts/kubezero-argo/values.yaml b/charts/kubezero-argo/values.yaml index ac7285a5..83a199ee 100644 --- a/charts/kubezero-argo/values.yaml +++ b/charts/kubezero-argo/values.yaml @@ -63,6 +63,10 @@ argo-cd: application.instanceLabelKey: Null server.rbac.log.enforce.enable: Null + resource.compareoptions: | + # disables status field diffing in specified resource types + ignoreAggregatedRoles: true + resource.customizations: | argoproj.io/Application: health.lua: | diff --git a/charts/kubezero-policy/Chart.yaml b/charts/kubezero-policy/Chart.yaml index 386fcf60..54dc8009 100644 --- a/charts/kubezero-policy/Chart.yaml +++ b/charts/kubezero-policy/Chart.yaml @@ -13,6 +13,9 @@ maintainers: - name: Stefan Reimer email: stefan@zero-downtime.net dependencies: + - name: kubezero-lib + version: 0.2.1 + repository: https://cdn.zero-downtime.net/charts/ - name: kyverno version: 3.4.2 repository: https://kyverno.github.io/kyverno/ diff --git a/charts/kubezero-policy/README.md b/charts/kubezero-policy/README.md index 326d9fbe..8f74c6ae 100644 --- a/charts/kubezero-policy/README.md +++ b/charts/kubezero-policy/README.md @@ -18,6 +18,7 @@ Kubernetes: `>= 1.30.0-0` | Repository | Name | Version | |------------|------|---------| +| https://cdn.zero-downtime.net/charts/ | kubezero-lib | 0.2.1 | | https://kyverno.github.io/kyverno/ | kyverno | 3.4.2 | # Kyverno diff --git a/charts/kubezero-policy/values.yaml b/charts/kubezero-policy/values.yaml index 5729b9fb..2572653a 100644 --- a/charts/kubezero-policy/values.yaml +++ b/charts/kubezero-policy/values.yaml @@ -1,2 +1,25 @@ kyverno: enabled: false + + admissionController: + revisionHistoryLimit: 2 + + nodeSelector: + node-role.kubernetes.io/control-plane: "" + tolerations: + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + +# container: +# extraArgs: +# caSecretName: kubezero-policy-admission-tls +# tlsSecretName: kubezero-policy-admission-tls + + backgroundController: + enabled: false + + cleanupController: + enabled: false + + reportsController: + enabled: false diff --git a/charts/kubezero/templates/_app.tpl b/charts/kubezero/templates/_app.tpl index 664a8bf7..b316e41f 100644 --- a/charts/kubezero/templates/_app.tpl +++ b/charts/kubezero/templates/_app.tpl @@ -10,7 +10,8 @@ metadata: labels: {{- include "kubezero-lib.labels" . | nindent 4 }} annotations: - argocd.argoproj.io/sync-options: Replace=true + argocd.argoproj.io/compare-options: ServerSideDiff=true,IncludeMutationWebhook=true + # argocd.argoproj.io/sync-options: Replace=true {{- with ( index .Values $name "annotations" ) }} {{- toYaml . | nindent 4 }} {{- end }} diff --git a/charts/kubezero/templates/policy.yaml b/charts/kubezero/templates/policy.yaml index 6ed4c93f..df56e9bf 100644 --- a/charts/kubezero/templates/policy.yaml +++ b/charts/kubezero/templates/policy.yaml @@ -1,6 +1,6 @@ {{- define "policy-values" }} kyverno: - test: true + dummy: test {{- end }} {{- define "policy-argo" }} diff --git a/charts/kubezero/values.yaml b/charts/kubezero/values.yaml index 7c6db1ec..91b1b319 100644 --- a/charts/kubezero/values.yaml +++ b/charts/kubezero/values.yaml @@ -32,6 +32,7 @@ addons: policy: enabled: false + namespace: kyverno targetRevision: 0.1.0 network: