chore(deps): update kubezero-ci-dependencies

charts/kubezero-ci/Chart.yaml

@@ -30,7 +30,7 @@ dependencies:
     repository: https://aquasecurity.github.io/helm-charts/
     condition: trivy.enabled
   - name: renovate
-    version: 40.49.11
+    version: 40.49.12
     repository: https://docs.renovatebot.com/helm-charts
     condition: renovate.enabled
 kubeVersion: ">= 1.25.0"

charts/kubezero-mq/values.yaml

@@ -3,6 +3,10 @@ nats:
   enabled: false
 
   config:
+    cluster:
+      routeURLs:
+        useFQDN: true
+
     jetstream:
       enabled: true
 

charts/kubezero-policy/values.yaml

@@ -1,28 +1,58 @@
 kyverno:
   enabled: false
 
+  # Disable hooks being triggered during each sync
+  policyReportsCleanup:
+    enabled: false
+  webhooksCleanup:
+    enabled: false
+    autoDeleteWebhooks:
+      enabled: true
+
+  crds:
+    migration:
+      enabled: false
+
 # templating:
 #   enabled: true
 
+  config:
+    preserve: false
+    webhookAnnotations:
+      argocd.argoproj.io/installation-id: KubeZero-ArgoCD
+      # Unfortunately Argo needs different values for Mutating and Validating hooks so disabled for now
+      # argocd.argoproj.io/tracking-id: policy:/ServiceAccount:kyverno/kyverno-admission-controller
+
+  features:
+    logging:
+      format: json
+
+  # Enabled via kubezero global metrics flag
+  grafana:
+    enabled: false
+
   admissionController:
     revisionHistoryLimit: 2
 
-    nodeSelector:
+  cleanupController:
-      node-role.kubernetes.io/control-plane: ""
+    revisionHistoryLimit: 2
-    tolerations:
+    rbac:
-    - key: node-role.kubernetes.io/control-plane
+      clusterRole:
-      effect: NoSchedule
+        extraResources:
-
+          # Allow to clean up postgreSQL backups
-#   container:
+          - apiGroups:
-#     extraArgs:
+              - postgresql.cnpg.io
-#       caSecretName: kubezero-policy-admission-tls
+            resources:
-#       tlsSecretName: kubezero-policy-admission-tls
+              - backups
+            verbs:
+              - delete
+              - list
+              - watch
 
   backgroundController:
+    revisionHistoryLimit: 2
     enabled: false
 
-# cleanupController:
-#   enabled: false
-
   reportsController:
+    revisionHistoryLimit: 2
     enabled: false

charts/kubezero/templates/policy.yaml

@@ -1,6 +1,28 @@
 {{- define "policy-values" }}
 kyverno:
-  dummy: test
+  {{- if eq .Values.global.platform "aws" }}
+  global:
+    {{- include "kubezero-lib.control-plane" . | nindent 4 }}
+  {{- end }}
+
+  grafana:
+    enabled: {{ .Values.metrics.enabled }}
+
+  admissionController:
+    serviceMonitor:
+      enabled: {{ .Values.metrics.enabled }}
+
+  cleanupController:
+    serviceMonitor:
+      enabled: {{ .Values.metrics.enabled }}
+
+  backgroundController:
+    serviceMonitor:
+      enabled: {{ .Values.metrics.enabled }}
+
+  reportsController:
+    serviceMonitor:
+      enabled: {{ .Values.metrics.enabled }}
 {{- end }}
 
 {{- define "policy-argo" }}