kyverno/definitions/install.yaml

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: policies.kyverno.io
spec:
  group: kyverno.io
  versions:
    - name: v1alpha1
      served: true
      storage: true
  scope: Cluster
  names:
    kind: Policy
    plural: policies
    singular: policy
  subresources:
    status: {}
  validation:
    openAPIV3Schema:
      properties:
        spec:
          required:
          - rules
          # set as required, as we cannot set default yet. check below for more details
          - mode
          properties:
            mode:
              type: string
              # default can only be set if CustomResourceDefaulting feature gate is enabled
              # default: blockChanges
              enum: 
              - blockChanges 
              - reportViolation
            rules:
              type: array
              items:
                type: object
                required:
                - name
                - resource
                properties:
                  name:
                    type: string
                  resource:
                    type: object
                    required:
                    - kinds
                    properties:
                      kinds:
                        type: array
                        items:
                          type: string
                      name:
                        type: string
                      namespace:
                        type: string
                      selector:
                        properties:
                          matchLabels:
                            type: object
                            additionalProperties:
                              type: string
                          matchExpressions:
                            type: array
                            items:
                              type: object
                              required:
                              - key
                              - operator
                              properties:
                                key:
                                  type: string
                                operator:
                                  type: string
                                values:
                                  type: array
                                  items:
                                    type: string
                  mutate:
                    type: object
                    properties:
                      overlay:
                        AnyValue: {}
                      patches:
                        type: array
                        items:
                          type: object
                          required:
                          - path
                          - op
                          properties:
                            path:
                              type: string
                            op:
                              type: string
                              enum:
                              - add
                              - replace
                              - remove
                            value:
                              AnyValue: {}
                  validate:
                    type: object
                    required:
                    - pattern
                    properties:
                      message:
                        type: string
                      pattern:
                        AnyValue: {}
                  generate:
                    type: object
                    required:
                    - kind
                    - name
                    properties:
                      kind:
                        type: string
                      name:
                        type: string
                      clone: 
                        type: object
                        required:
                        - namespace
                        - name
                        properties:
                          namespace:
                            type: string
                          name:
                            type: string
                      data:
                        AnyValue: {}
---
kind: Namespace
apiVersion: v1
metadata: 
    name: "kyverno"
---
apiVersion: v1
kind: Service
metadata:
  namespace: kyverno
  name: kyverno-svc
  labels:
    app: kyverno
spec:
  ports:
  - port: 443
    targetPort: 443
  selector:
    app: kyverno
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: kyverno-service-account
  namespace: kyverno
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: kyverno-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: kyverno-service-account
  namespace: kyverno
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  namespace: kyverno
  name: kyverno
  labels:
    app: kyverno
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: kyverno
    spec:
      serviceAccountName: kyverno-service-account
      containers:
        - name: kyverno
          image: nirmata/kyverno:dev-testing
          args: ["--filterKind","Nodes,Events,APIService,SubjectAccessReview"]
          ports:
          - containerPort: 443
          securityContext:
            privileged: true
NK2: Added script for code-generator, YAMLs with CRDs and stub for main.go 2019-02-06 12:52:09 +00:00			`apiVersion: apiextensions.k8s.io/v1beta1`
			`kind: CustomResourceDefinition`
			`metadata:`
- Change kube-policy to kyverno in install.yaml - Install in namespace kyverno 2019-05-22 01:36:24 +00:00			`name: policies.kyverno.io`
NK2: Added script for code-generator, YAMLs with CRDs and stub for main.go 2019-02-06 12:52:09 +00:00			`spec:`
- Change kube-policy to kyverno in install.yaml - Install in namespace kyverno 2019-05-22 01:36:24 +00:00			`group: kyverno.io`
NK9: Updated policy crd and added minimal policy sample to check controller functions 2019-02-12 17:01:25 +00:00			`versions:`
			`- name: v1alpha1`
			`served: true`
			`storage: true`
NK-9: Merged Webhook server and Policy controller. Added logger for controller. 2019-02-14 14:36:55 +00:00			`scope: Cluster`
NK2: Added script for code-generator, YAMLs with CRDs and stub for main.go 2019-02-06 12:52:09 +00:00			`names:`
			`kind: Policy`
			`plural: policies`
			`singular: policy`
NK-23: Improved comments, commited crd with status subresource. 2019-03-07 15:57:43 +00:00			`subresources:`
			`status: {}`
NK-31: Implemented validation of failurePolicy field. 2019-03-12 12:42:24 +00:00			`validation:`
NK-31: Modified crd.yaml - added validation field that constraints policy resource creation. 2019-03-14 12:00:57 +00:00			`openAPIV3Schema:`
			`properties:`
			`spec:`
			`required:`
			`- rules`
add mode(blockChanges,reportViolation) CRD spec 2019-07-15 22:30:28 +00:00			`# set as required, as we cannot set default yet. check below for more details`
			`- mode`
NK-31: Modified crd.yaml - added validation field that constraints policy resource creation. 2019-03-14 12:00:57 +00:00			`properties:`
add mode(blockChanges,reportViolation) CRD spec 2019-07-15 22:30:28 +00:00			`mode:`
			`type: string`
			`# default can only be set if CustomResourceDefaulting feature gate is enabled`
			`# default: blockChanges`
			`enum:`
			`- blockChanges`
			`- reportViolation`
NK-31: Modified crd.yaml - added validation field that constraints policy resource creation. 2019-03-14 12:00:57 +00:00			`rules:`
			`type: array`
			`items:`
			`type: object`
			`required:`
Updated install.yaml due to the policy-v2 specifications 2019-05-13 13:08:02 +00:00			`- name`
NK-31: Modified crd.yaml - added validation field that constraints policy resource creation. 2019-03-14 12:00:57 +00:00			`- resource`
update install.yaml for generate 2019-05-21 21:37:54 +00:00			`properties:`
Updated install.yaml due to the policy-v2 specifications 2019-05-13 13:08:02 +00:00			`name:`
			`type: string`
NK-31: Modified crd.yaml - added validation field that constraints policy resource creation. 2019-03-14 12:00:57 +00:00			`resource:`
			`type: object`
			`required:`
support list of kind in resource, update the CRD openapischema & adapt the test and examples for the change 2019-05-21 22:43:43 +00:00			`- kinds`
update install.yaml for generate 2019-05-21 21:37:54 +00:00			`properties:`
support list of kind in resource, update the CRD openapischema & adapt the test and examples for the change 2019-05-21 22:43:43 +00:00			`kinds:`
			`type: array`
			`items:`
			`type: string`
NK-31: Modified crd.yaml - added validation field that constraints policy resource creation. 2019-03-14 12:00:57 +00:00			`name:`
			`type: string`
update crd spec for namespace attrib 2019-07-01 22:21:50 +00:00			`namespace:`
			`type: string`
NK-31: Modified crd.yaml - added validation field that constraints policy resource creation. 2019-03-14 12:00:57 +00:00			`selector:`
			`properties:`
			`matchLabels:`
			`type: object`
			`additionalProperties:`
			`type: string`
			`matchExpressions:`
			`type: array`
			`items:`
			`type: object`
			`required:`
			`- key`
			`- operator`
			`properties:`
			`key:`
			`type: string`
			`operator:`
			`type: string`
			`values:`
			`type: array`
			`items:`
			`type: string`
Updated install.yaml due to the policy-v2 specifications 2019-05-13 13:08:02 +00:00			`mutate:`
			`type: object`
			`properties:`
			`overlay:`
			`AnyValue: {}`
			`patches:`
			`type: array`
			`items:`
			`type: object`
			`required:`
			`- path`
			`- op`
			`properties:`
			`path:`
			`type: string`
			`op:`
			`type: string`
			`enum:`
			`- add`
			`- replace`
			`- remove`
			`value:`
			`AnyValue: {}`
			`validate:`
			`type: object`
			`required:`
			`- pattern`
			`properties:`
			`message:`
			`type: string`
			`pattern:`
			`AnyValue: {}`
			`generate:`
update install.yaml for generate 2019-05-21 21:37:54 +00:00			`type: object`
			`required:`
			`- kind`
			`- name`
			`properties:`
			`kind:`
			`type: string`
			`name:`
			`type: string`
update from to clone for copying existing resource 2019-06-01 01:45:23 +00:00			`clone:`
update install.yaml for generate 2019-05-21 21:37:54 +00:00			`type: object`
			`required:`
			`- namespace`
			`- name`
			`properties:`
			`namespace:`
NK-31: Modified crd.yaml - added validation field that constraints policy resource creation. 2019-03-14 12:00:57 +00:00			`type: string`
update install.yaml for generate 2019-05-21 21:37:54 +00:00			`name:`
NK-31: Modified crd.yaml - added validation field that constraints policy resource creation. 2019-03-14 12:00:57 +00:00			`type: string`
update install.yaml for generate 2019-05-21 21:37:54 +00:00			`data:`
support generation of any resource 2019-06-01 00:59:36 +00:00			`AnyValue: {}`
NK-31: Put constants in separate file. Updated install.yaml definition to create Service and DaemonSet. Fixed bug with webhook registration. 2019-03-21 13:57:30 +00:00			`---`
- Change kube-policy to kyverno in install.yaml - Install in namespace kyverno 2019-05-22 01:36:24 +00:00			`kind: Namespace`
			`apiVersion: v1`
			`metadata:`
			`name: "kyverno"`
			`---`
NK-31: Put constants in separate file. Updated install.yaml definition to create Service and DaemonSet. Fixed bug with webhook registration. 2019-03-21 13:57:30 +00:00			`apiVersion: v1`
			`kind: Service`
			`metadata:`
- Change kube-policy to kyverno in install.yaml - Install in namespace kyverno 2019-05-22 01:36:24 +00:00			`namespace: kyverno`
			`name: kyverno-svc`
NK-31: Put constants in separate file. Updated install.yaml definition to create Service and DaemonSet. Fixed bug with webhook registration. 2019-03-21 13:57:30 +00:00			`labels:`
- Change kube-policy to kyverno in install.yaml - Install in namespace kyverno 2019-05-22 01:36:24 +00:00			`app: kyverno`
NK-31: Put constants in separate file. Updated install.yaml definition to create Service and DaemonSet. Fixed bug with webhook registration. 2019-03-21 13:57:30 +00:00			`spec:`
			`ports:`
			`- port: 443`
			`targetPort: 443`
			`selector:`
- Change kube-policy to kyverno in install.yaml - Install in namespace kyverno 2019-05-22 01:36:24 +00:00			`app: kyverno`
NK-31: Changed DaemonSet to Deployment for kube-policy image 2019-03-21 15:25:36 +00:00			`---`
			`apiVersion: v1`
			`kind: ServiceAccount`
			`metadata:`
- Change kube-policy to kyverno in install.yaml - Install in namespace kyverno 2019-05-22 01:36:24 +00:00			`name: kyverno-service-account`
			`namespace: kyverno`
NK-31: Put constants in separate file. Updated install.yaml definition to create Service and DaemonSet. Fixed bug with webhook registration. 2019-03-21 13:57:30 +00:00			`---`
			`kind: ClusterRoleBinding`
			`apiVersion: rbac.authorization.k8s.io/v1beta1`
			`metadata:`
- Change kube-policy to kyverno in install.yaml - Install in namespace kyverno 2019-05-22 01:36:24 +00:00			`name: kyverno-admin`
NK-31: Put constants in separate file. Updated install.yaml definition to create Service and DaemonSet. Fixed bug with webhook registration. 2019-03-21 13:57:30 +00:00			`roleRef:`
			`apiGroup: rbac.authorization.k8s.io`
			`kind: ClusterRole`
			`name: cluster-admin`
			`subjects:`
			`- kind: ServiceAccount`
- Change kube-policy to kyverno in install.yaml - Install in namespace kyverno 2019-05-22 01:36:24 +00:00			`name: kyverno-service-account`
			`namespace: kyverno`
NK-31: Put constants in separate file. Updated install.yaml definition to create Service and DaemonSet. Fixed bug with webhook registration. 2019-03-21 13:57:30 +00:00			`---`
			`apiVersion: extensions/v1beta1`
NK-31: Changed DaemonSet to Deployment for kube-policy image 2019-03-21 15:25:36 +00:00			`kind: Deployment`
NK-31: Put constants in separate file. Updated install.yaml definition to create Service and DaemonSet. Fixed bug with webhook registration. 2019-03-21 13:57:30 +00:00			`metadata:`
- Change kube-policy to kyverno in install.yaml - Install in namespace kyverno 2019-05-22 01:36:24 +00:00			`namespace: kyverno`
rename kyverno-deployment to kyverno 2019-06-27 18:38:34 +00:00			`name: kyverno`
NK-31: Put constants in separate file. Updated install.yaml definition to create Service and DaemonSet. Fixed bug with webhook registration. 2019-03-21 13:57:30 +00:00			`labels:`
- Change kube-policy to kyverno in install.yaml - Install in namespace kyverno 2019-05-22 01:36:24 +00:00			`app: kyverno`
NK-31: Put constants in separate file. Updated install.yaml definition to create Service and DaemonSet. Fixed bug with webhook registration. 2019-03-21 13:57:30 +00:00			`spec:`
NK-31: Changed DaemonSet to Deployment for kube-policy image 2019-03-21 15:25:36 +00:00			`replicas: 1`
NK-31: Put constants in separate file. Updated install.yaml definition to create Service and DaemonSet. Fixed bug with webhook registration. 2019-03-21 13:57:30 +00:00			`template:`
			`metadata:`
			`labels:`
- Change kube-policy to kyverno in install.yaml - Install in namespace kyverno 2019-05-22 01:36:24 +00:00			`app: kyverno`
NK-31: Put constants in separate file. Updated install.yaml definition to create Service and DaemonSet. Fixed bug with webhook registration. 2019-03-21 13:57:30 +00:00			`spec:`
- Change kube-policy to kyverno in install.yaml - Install in namespace kyverno 2019-05-22 01:36:24 +00:00			`serviceAccountName: kyverno-service-account`
NK-31: Put constants in separate file. Updated install.yaml definition to create Service and DaemonSet. Fixed bug with webhook registration. 2019-03-21 13:57:30 +00:00			`containers:`
- Change kube-policy to kyverno in install.yaml - Install in namespace kyverno 2019-05-22 01:36:24 +00:00			`- name: kyverno`
add mode(blockChanges,reportViolation) CRD spec 2019-07-15 22:30:28 +00:00			`image: nirmata/kyverno:dev-testing`
code review corrections 2019-06-19 21:05:23 +00:00			`args: ["--filterKind","Nodes,Events,APIService,SubjectAccessReview"]`
NK-31: Changed DaemonSet to Deployment for kube-policy image 2019-03-21 15:25:36 +00:00			`ports:`
			`- containerPort: 443`
			`securityContext:`
			`privileged: true`
- add Makefile - add Dockerfile - update install.yaml 2019-05-23 04:41:24 +00:00