shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

⬆️ kyverno 3.0.5

Browse Source
This commit is contained in:
auricom
2023-08-26 10:53:59 +02:00
parent a69307a984
commit 094893c610
3 changed files with 56 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
kubernetes/apps/kyverno/kyverno/app/helmrelease.yaml
View File

@@ -10,7 +10,7 @@ spec:
chart: chart:
spec: spec:
chart: kyverno chart: kyverno
version: 2.7.5 version: 3.0.5
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository
name: kyverno name: kyverno
@@ -29,14 +29,55 @@ spec:
uninstall: uninstall:
keepHistory: false keepHistory: false
values: values:
installCRDs: true crds:
replicaCount: 1 install: true
serviceMonitor: grafana:
enabled: true enabled: true
topologySpreadConstraints: annotations:
- maxSkew: 1 grafana_folder: System
topologyKey: kubernetes.io/hostname backgroundController:
whenUnsatisfiable: DoNotSchedule serviceMonitor:
labelSelector: enabled: true
matchLabels: rbac:
app.kubernetes.io/instance: kyverno clusterRole:
extraResources:
- apiGroups:
- ""
resources:
- pods
verbs:
- create
- update
- patch
- delete
- get
- list
cleanupController:
serviceMonitor:
enabled: true
reportsController:
serviceMonitor:
enabled: true
admissionController:
replicas: 3
serviceMonitor:
enabled: true
rbac:
clusterRole:
extraResources:
- apiGroups:
- ""
resources:
- pods
verbs:
- create
- update
- delete
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/instance: kyverno
app.kubernetes.io/component: kyverno

2
kubernetes/apps/kyverno/kyverno/policies/kustomization.yaml
View File

@@ -3,4 +3,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ./delete-cpu-limits.yaml - ./remove-cpu-limits.yaml

8
kubernetes/apps/kyverno/kyverno/policies/delete-cpu-limits.yaml → kubernetes/apps/kyverno/kyverno/policies/remove-cpu-limits.yaml
View File

@@ -7,20 +7,19 @@ metadata:
annotations: annotations:
policies.kyverno.io/title: Remove CPU limits policies.kyverno.io/title: Remove CPU limits
policies.kyverno.io/category: Best Practices policies.kyverno.io/category: Best Practices
policies.kyverno.io/severity: medium
policies.kyverno.io/subject: Pod policies.kyverno.io/subject: Pod
policies.kyverno.io/description: >- policies.kyverno.io/description: >-
This policy removes CPU limits from all Pods. This policy removes CPU limits from all Pods.
pod-policies.kyverno.io/autogen-controllers: none pod-policies.kyverno.io/autogen-controllers: none
spec: spec:
mutateExistingOnPolicyUpdate: true
generateExistingOnPolicyUpdate: true generateExistingOnPolicyUpdate: true
rules: rules:
- name: remove-containers-cpu-limits - name: remove-containers-cpu-limits
match: match:
any: any:
- resources: - resources:
kinds: kinds: ["Pod"]
- Pod
mutate: mutate:
foreach: foreach:
- list: "request.object.spec.containers" - list: "request.object.spec.containers"
@@ -31,8 +30,7 @@ spec:
match: match:
any: any:
- resources: - resources:
kinds: kinds: ["Pod"]
- Pod
preconditions: preconditions:
all: all:
- key: "{{ request.object.spec.initContainers[] || `[]` | length(@) }}" - key: "{{ request.object.spec.initContainers[] || `[]` | length(@) }}"