kyverno/definitions/manifest/deployment.yaml

---
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: kyverno
  name: kyverno
  labels:
    app: kyverno
spec:
  selector:
    matchLabels:
      app: kyverno
  replicas: 1
  template:
    metadata:
      labels:
        app: kyverno
    spec:
      serviceAccountName: kyverno-service-account
      securityContext:
        runAsNonRoot: true
      initContainers:
        - name: kyverno-pre
          image: nirmata/kyvernopre:v1.1.9
          imagePullPolicy: Always
          securityContext:
            runAsUser: 1000
            runAsNonRoot: true
            privileged: false
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            capabilities:
              drop:
                - all
      containers:
        - name: kyverno
          image: nirmata/kyverno:latest
          imagePullPolicy: Always
          args:
          - "--filterK8Resources=[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*]"
          # customize webhook timeout
          #- "--webhooktimeout=4"
          # enable profiling
          # - "--profile"
          - "-v=2"
          ports:
            - containerPort: 9443
              name: https
              protocol: TCP
          env:
            - name: INIT_CONFIG
              value: init-config
            - name: KYVERNO_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: KYVERNO_SVC
              value: kyverno-svc
          securityContext:
            runAsUser: 1000
            runAsNonRoot: true
            privileged: false
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            capabilities:
              drop:
                - all
          resources:
            requests:
              memory: "50Mi"
              cpu: "100m"
            limits:
              memory: "128Mi"
          livenessProbe:
            httpGet:
              path: /health/liveness
              port: 9443
              scheme: HTTPS
            initialDelaySeconds: 5
            periodSeconds: 10
            timeoutSeconds: 5
            failureThreshold: 4
            successThreshold: 1
          readinessProbe:
            httpGet:
              path: /health/readiness
              port: 9443
              scheme: HTTPS
            initialDelaySeconds: 5
            periodSeconds: 10
            timeoutSeconds: 5
            failureThreshold: 4
            successThreshold: 1
remove duplicate crd changes 2020-06-05 13:42:53 -07:00			`---`
			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`namespace: kyverno`
			`name: kyverno`
			`labels:`
			`app: kyverno`
			`spec:`
			`selector:`
			`matchLabels:`
			`app: kyverno`
			`replicas: 1`
			`template:`
			`metadata:`
			`labels:`
			`app: kyverno`
			`spec:`
			`serviceAccountName: kyverno-service-account`
update pod security context and ports 2020-10-22 11:26:22 -07:00			`securityContext:`
			`runAsNonRoot: true`
remove duplicate crd changes 2020-06-05 13:42:53 -07:00			`initContainers:`
			`- name: kyverno-pre`
tag 1.1.9 2020-08-10 17:20:48 -07:00			`image: nirmata/kyvernopre:v1.1.9`
e2e workflow added (#1021) * e2e flow added * add kustomize image change in ci 2020-08-05 23:26:31 -07:00			`imagePullPolicy: Always`
update pod security context and ports 2020-10-22 11:26:22 -07:00			`securityContext:`
			`runAsUser: 1000`
			`runAsNonRoot: true`
			`privileged: false`
			`allowPrivilegeEscalation: false`
			`readOnlyRootFilesystem: true`
			`capabilities:`
			`drop:`
			`- all`
remove duplicate crd changes 2020-06-05 13:42:53 -07:00			`containers:`
			`- name: kyverno`
update pod security context and ports 2020-10-22 11:26:22 -07:00			`image: nirmata/kyverno:latest`
remove duplicate crd changes 2020-06-05 13:42:53 -07:00			`imagePullPolicy: Always`
			`args:`
configrable rules added (#1017) * configrable rules added * fix exclude group logic from code * flag added in yaml * exclude username added * exclude username added * config interface implimented * configure exclude username * get role ref * test case fixed * panic fix * move from interface to slice * exclude added in mutate * trim strings * configmap changes added * kustomize changes for configmap * k8s resources added 2020-08-07 17:09:24 -07:00			`- "--filterK8Resources=[Event,,][,kube-system,][,kube-public,][,kube-node-lease,][Node,,][APIService,,][TokenReview,,][SubjectAccessReview,,][,kyverno,][Binding,,][ReplicaSet,,]"`
			`# customize webhook timeout`
			`#- "--webhooktimeout=4"`
			`# enable profiling`
			`# - "--profile"`
			`- "-v=2"`
remove duplicate crd changes 2020-06-05 13:42:53 -07:00			`ports:`
update pod security context and ports 2020-10-22 11:26:22 -07:00			`- containerPort: 9443`
			`name: https`
			`protocol: TCP`
remove duplicate crd changes 2020-06-05 13:42:53 -07:00			`env:`
e2e workflow added (#1021) * e2e flow added * add kustomize image change in ci 2020-08-05 23:26:31 -07:00			`- name: INIT_CONFIG`
			`value: init-config`
			`- name: KYVERNO_NAMESPACE`
			`valueFrom:`
			`fieldRef:`
			`fieldPath: metadata.namespace`
			`- name: KYVERNO_SVC`
			`value: kyverno-svc`
update pod security context and ports 2020-10-22 11:26:22 -07:00			`securityContext:`
			`runAsUser: 1000`
			`runAsNonRoot: true`
			`privileged: false`
			`allowPrivilegeEscalation: false`
			`readOnlyRootFilesystem: true`
			`capabilities:`
			`drop:`
			`- all`
remove duplicate crd changes 2020-06-05 13:42:53 -07:00			`resources:`
			`requests:`
			`memory: "50Mi"`
			`cpu: "100m"`
			`limits:`
			`memory: "128Mi"`
			`livenessProbe:`
			`httpGet:`
			`path: /health/liveness`
fix ports 2020-10-22 12:48:04 -07:00			`port: 9443`
remove duplicate crd changes 2020-06-05 13:42:53 -07:00			`scheme: HTTPS`
			`initialDelaySeconds: 5`
			`periodSeconds: 10`
			`timeoutSeconds: 5`
			`failureThreshold: 4`
			`successThreshold: 1`
			`readinessProbe:`
			`httpGet:`
			`path: /health/readiness`
fix ports 2020-10-22 12:48:04 -07:00			`port: 9443`
remove duplicate crd changes 2020-06-05 13:42:53 -07:00			`scheme: HTTPS`
			`initialDelaySeconds: 5`
			`periodSeconds: 10`
			`timeoutSeconds: 5`
			`failureThreshold: 4`
configrable rules added (#1017) * configrable rules added * fix exclude group logic from code * flag added in yaml * exclude username added * exclude username added * config interface implimented * configure exclude username * get role ref * test case fixed * panic fix * move from interface to slice * exclude added in mutate * trim strings * configmap changes added * kustomize changes for configmap * k8s resources added 2020-08-07 17:09:24 -07:00			`successThreshold: 1`