mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-14 11:57:48 +00:00
1040 automate release (#1044)
* add release in make * update release in Makefile * update README.md
This commit is contained in:
parent
632d1fc226
commit
0794084b4d
4 changed files with 840 additions and 3 deletions
11
Makefile
11
Makefile
|
@ -154,4 +154,13 @@ kustomize-crd:
|
|||
# Generate install.yaml that have all resources for kyverno
|
||||
kustomize build ./definitions > ./definitions/install.yaml
|
||||
# Generate install_debug.yaml that for developer testing
|
||||
kustomize build ./definitions/debug > ./definitions/install_debug.yaml
|
||||
kustomize build ./definitions/debug > ./definitions/install_debug.yaml
|
||||
|
||||
# guidance https://github.com/nirmata/kyverno/wiki/Generate-a-Release
|
||||
release:
|
||||
# update image tag
|
||||
cd ./definitions && kustomize edit set image nirmata/kyverno=nirmata/kyverno:$(IMAGE_TAG)
|
||||
cd ./definitions && kustomize edit set image nirmata/kyvernopre=nirmata/kyvernopre:$(IMAGE_TAG)
|
||||
|
||||
kustomize build ./definitions > ./definitions/install.yaml
|
||||
kustomize build ./definitions > ./definitions/release/install.yaml
|
||||
|
|
|
@ -20,7 +20,7 @@ To check the version, enter `kubectl version`.
|
|||
|
||||
Install Kyverno:
|
||||
```console
|
||||
kubectl create -f https://raw.githubusercontent.com/nirmata/kyverno/v1.1.9/definitions/install.yaml
|
||||
kubectl create -f https://raw.githubusercontent.com/nirmata/kyverno/master/definitions/release/install.yaml
|
||||
```
|
||||
|
||||
You can also install Kyverno using a [Helm chart](https://github.com/nirmata/kyverno/blob/master/documentation/installation.md#install-kyverno-using-helm).
|
||||
|
|
|
@ -4,4 +4,11 @@ kind: Kustomization
|
|||
resources:
|
||||
- ./crds/
|
||||
- ./manifest/
|
||||
- ./k8s-resource/
|
||||
- ./k8s-resource/
|
||||
images:
|
||||
- name: nirmata/kyverno
|
||||
newName: nirmata/kyverno
|
||||
newTag: v1.1.9
|
||||
- name: nirmata/kyvernopre
|
||||
newName: nirmata/kyvernopre
|
||||
newTag: v1.1.9
|
||||
|
|
821
definitions/release/install.yaml
Normal file
821
definitions/release/install.yaml
Normal file
|
@ -0,0 +1,821 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: kyverno
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: clusterpolicies.kyverno.io
|
||||
spec:
|
||||
group: kyverno.io
|
||||
names:
|
||||
kind: ClusterPolicy
|
||||
plural: clusterpolicies
|
||||
shortNames:
|
||||
- cpol
|
||||
singular: clusterpolicy
|
||||
scope: Cluster
|
||||
subresources:
|
||||
status: {}
|
||||
validation:
|
||||
openAPIV3Schema:
|
||||
properties:
|
||||
spec:
|
||||
properties:
|
||||
background:
|
||||
type: boolean
|
||||
rules:
|
||||
items:
|
||||
properties:
|
||||
exclude:
|
||||
properties:
|
||||
clusterRoles:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
resources:
|
||||
properties:
|
||||
kinds:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
name:
|
||||
type: string
|
||||
namespaces:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
selector:
|
||||
properties:
|
||||
matchExpressions:
|
||||
items:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
operator:
|
||||
type: string
|
||||
values:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
roles:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
subjects:
|
||||
items:
|
||||
properties:
|
||||
apiGroup:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
required:
|
||||
- kind
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
generate:
|
||||
properties:
|
||||
apiVersion:
|
||||
type: string
|
||||
clone:
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
required:
|
||||
- namespace
|
||||
- name
|
||||
type: object
|
||||
data:
|
||||
AnyValue: {}
|
||||
kind:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
synchronize:
|
||||
type: boolean
|
||||
required:
|
||||
- kind
|
||||
- name
|
||||
type: object
|
||||
match:
|
||||
properties:
|
||||
clusterRoles:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
resources:
|
||||
minProperties: 1
|
||||
properties:
|
||||
kinds:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
name:
|
||||
type: string
|
||||
namespaces:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
selector:
|
||||
properties:
|
||||
matchExpressions:
|
||||
items:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
operator:
|
||||
type: string
|
||||
values:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
roles:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
subjects:
|
||||
items:
|
||||
properties:
|
||||
apiGroup:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
required:
|
||||
- kind
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
required:
|
||||
- resources
|
||||
type: object
|
||||
mutate:
|
||||
properties:
|
||||
overlay:
|
||||
AnyValue: {}
|
||||
patchStrategicMerge:
|
||||
AnyValue: {}
|
||||
patches:
|
||||
items:
|
||||
properties:
|
||||
op:
|
||||
enum:
|
||||
- add
|
||||
- replace
|
||||
- remove
|
||||
type: string
|
||||
path:
|
||||
type: string
|
||||
value:
|
||||
AnyValue: {}
|
||||
required:
|
||||
- path
|
||||
- op
|
||||
type: object
|
||||
type: array
|
||||
patchesJson6902:
|
||||
type: string
|
||||
type: object
|
||||
name:
|
||||
type: string
|
||||
preconditions:
|
||||
items:
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
- value
|
||||
type: object
|
||||
type: array
|
||||
validate:
|
||||
properties:
|
||||
anyPattern:
|
||||
AnyValue: {}
|
||||
deny:
|
||||
properties:
|
||||
conditions:
|
||||
items:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
operator:
|
||||
enum:
|
||||
- Equal
|
||||
- Equals
|
||||
- NotEqual
|
||||
- NotEquals
|
||||
- In
|
||||
- NotIn
|
||||
type: string
|
||||
value:
|
||||
anyOf:
|
||||
- type: string
|
||||
- items: {}
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
- value
|
||||
type: object
|
||||
type: array
|
||||
message:
|
||||
type: string
|
||||
pattern:
|
||||
AnyValue: {}
|
||||
type: object
|
||||
required:
|
||||
- name
|
||||
- match
|
||||
type: object
|
||||
type: array
|
||||
validationFailureAction:
|
||||
enum:
|
||||
- enforce
|
||||
- audit
|
||||
type: string
|
||||
required:
|
||||
- rules
|
||||
status: {}
|
||||
versions:
|
||||
- name: v1
|
||||
served: true
|
||||
storage: true
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: clusterpolicyviolations.kyverno.io
|
||||
spec:
|
||||
additionalPrinterColumns:
|
||||
- JSONPath: .spec.policy
|
||||
description: The policy that resulted in the violation
|
||||
name: Policy
|
||||
type: string
|
||||
- JSONPath: .spec.resource.kind
|
||||
description: The resource kind that cause the violation
|
||||
name: ResourceKind
|
||||
type: string
|
||||
- JSONPath: .spec.resource.name
|
||||
description: The resource name that caused the violation
|
||||
name: ResourceName
|
||||
type: string
|
||||
- JSONPath: .metadata.creationTimestamp
|
||||
name: Age
|
||||
type: date
|
||||
group: kyverno.io
|
||||
names:
|
||||
kind: ClusterPolicyViolation
|
||||
plural: clusterpolicyviolations
|
||||
shortNames:
|
||||
- cpolv
|
||||
singular: clusterpolicyviolation
|
||||
scope: Cluster
|
||||
subresources:
|
||||
status: {}
|
||||
validation:
|
||||
openAPIV3Schema:
|
||||
properties:
|
||||
spec:
|
||||
properties:
|
||||
policy:
|
||||
type: string
|
||||
resource:
|
||||
properties:
|
||||
kind:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
required:
|
||||
- kind
|
||||
- name
|
||||
type: object
|
||||
rules:
|
||||
items:
|
||||
properties:
|
||||
message:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
type:
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
- type
|
||||
- message
|
||||
type: object
|
||||
type: array
|
||||
required:
|
||||
- policy
|
||||
- resource
|
||||
- rules
|
||||
versions:
|
||||
- name: v1
|
||||
served: true
|
||||
storage: true
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: generaterequests.kyverno.io
|
||||
spec:
|
||||
additionalPrinterColumns:
|
||||
- JSONPath: .spec.policy
|
||||
description: The policy that resulted in the violation
|
||||
name: Policy
|
||||
type: string
|
||||
- JSONPath: .spec.resource.kind
|
||||
description: The resource kind that cause the violation
|
||||
name: ResourceKind
|
||||
type: string
|
||||
- JSONPath: .spec.resource.name
|
||||
description: The resource name that caused the violation
|
||||
name: ResourceName
|
||||
type: string
|
||||
- JSONPath: .spec.resource.namespace
|
||||
description: The resource namespace that caused the violation
|
||||
name: ResourceNamespace
|
||||
type: string
|
||||
- JSONPath: .status.state
|
||||
description: Current state of generate request
|
||||
name: status
|
||||
type: string
|
||||
- JSONPath: .metadata.creationTimestamp
|
||||
name: Age
|
||||
type: date
|
||||
group: kyverno.io
|
||||
names:
|
||||
kind: GenerateRequest
|
||||
plural: generaterequests
|
||||
shortNames:
|
||||
- gr
|
||||
singular: generaterequest
|
||||
scope: Namespaced
|
||||
subresources:
|
||||
status: {}
|
||||
validation:
|
||||
openAPIV3Schema:
|
||||
properties:
|
||||
spec:
|
||||
properties:
|
||||
policy:
|
||||
type: string
|
||||
resource:
|
||||
properties:
|
||||
kind:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
required:
|
||||
- kind
|
||||
- name
|
||||
type: object
|
||||
required:
|
||||
- policy
|
||||
- resource
|
||||
versions:
|
||||
- name: v1
|
||||
served: true
|
||||
storage: true
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: policyviolations.kyverno.io
|
||||
spec:
|
||||
additionalPrinterColumns:
|
||||
- JSONPath: .spec.policy
|
||||
description: The policy that resulted in the violation
|
||||
name: Policy
|
||||
type: string
|
||||
- JSONPath: .spec.resource.kind
|
||||
description: The resource kind that cause the violation
|
||||
name: ResourceKind
|
||||
type: string
|
||||
- JSONPath: .spec.resource.name
|
||||
description: The resource name that caused the violation
|
||||
name: ResourceName
|
||||
type: string
|
||||
- JSONPath: .metadata.creationTimestamp
|
||||
name: Age
|
||||
type: date
|
||||
group: kyverno.io
|
||||
names:
|
||||
kind: PolicyViolation
|
||||
plural: policyviolations
|
||||
shortNames:
|
||||
- polv
|
||||
singular: policyviolation
|
||||
scope: Namespaced
|
||||
subresources:
|
||||
status: {}
|
||||
validation:
|
||||
openAPIV3Schema:
|
||||
properties:
|
||||
spec:
|
||||
properties:
|
||||
policy:
|
||||
type: string
|
||||
resource:
|
||||
properties:
|
||||
kind:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
required:
|
||||
- kind
|
||||
- name
|
||||
type: object
|
||||
rules:
|
||||
items:
|
||||
properties:
|
||||
message:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
type:
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
- type
|
||||
- message
|
||||
type: object
|
||||
type: array
|
||||
required:
|
||||
- policy
|
||||
- resource
|
||||
- rules
|
||||
versions:
|
||||
- name: v1
|
||||
served: true
|
||||
storage: true
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: kyverno-service-account
|
||||
namespace: kyverno
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: kyverno:customresources
|
||||
rules:
|
||||
- apiGroups:
|
||||
- '*'
|
||||
resources:
|
||||
- clusterpolicies
|
||||
- clusterpolicies/status
|
||||
- clusterpolicyviolations
|
||||
- clusterpolicyviolations/status
|
||||
- policyviolations
|
||||
- policyviolations/status
|
||||
- generaterequests
|
||||
- generaterequests/status
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: kyverno:generatecontroller
|
||||
rules:
|
||||
- apiGroups:
|
||||
- '*'
|
||||
resources:
|
||||
- namespaces
|
||||
- networkpolicies
|
||||
- secrets
|
||||
- configmaps
|
||||
- resourcequotas
|
||||
- limitranges
|
||||
- clusterroles
|
||||
- rolebindings
|
||||
- clusterrolebindings
|
||||
verbs:
|
||||
- create
|
||||
- update
|
||||
- delete
|
||||
- get
|
||||
- apiGroups:
|
||||
- '*'
|
||||
resources:
|
||||
- namespaces
|
||||
verbs:
|
||||
- watch
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: kyverno:policycontroller
|
||||
rules:
|
||||
- apiGroups:
|
||||
- '*'
|
||||
resources:
|
||||
- '*'
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- update
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: kyverno:userinfo
|
||||
rules:
|
||||
- apiGroups:
|
||||
- '*'
|
||||
resources:
|
||||
- roles
|
||||
- clusterroles
|
||||
- rolebindings
|
||||
- clusterrolebindings
|
||||
- configmaps
|
||||
verbs:
|
||||
- watch
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: kyverno:webhook
|
||||
rules:
|
||||
- apiGroups:
|
||||
- '*'
|
||||
resources:
|
||||
- events
|
||||
- mutatingwebhookconfigurations
|
||||
- validatingwebhookconfigurations
|
||||
- certificatesigningrequests
|
||||
- certificatesigningrequests/approval
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- certificates.k8s.io
|
||||
resourceNames:
|
||||
- kubernetes.io/legacy-unknown
|
||||
resources:
|
||||
- certificatesigningrequests
|
||||
- certificatesigningrequests/approval
|
||||
- certificatesigningrequests/status
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- certificates.k8s.io
|
||||
resourceNames:
|
||||
- kubernetes.io/legacy-unknown
|
||||
resources:
|
||||
- signers
|
||||
verbs:
|
||||
- approve
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: kyverno:policyviolations
|
||||
rules:
|
||||
- apiGroups:
|
||||
- kyverno.io
|
||||
resources:
|
||||
- policyviolations
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
rbac.authorization.k8s.io/aggregate-to-admin: "true"
|
||||
name: kyverno:view-clusterpolicyviolations
|
||||
rules:
|
||||
- apiGroups:
|
||||
- kyverno.io
|
||||
resources:
|
||||
- clusterpolicyviolations
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
rbac.authorization.k8s.io/aggregate-to-view: "true"
|
||||
name: kyverno:view-policyviolations
|
||||
rules:
|
||||
- apiGroups:
|
||||
- kyverno.io
|
||||
resources:
|
||||
- policyviolations
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: kyverno:customresources
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: kyverno:customresources
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: kyverno-service-account
|
||||
namespace: kyverno
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: kyverno:generatecontroller
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: kyverno:generatecontroller
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: kyverno-service-account
|
||||
namespace: kyverno
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: kyverno:policycontroller
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: kyverno:policycontroller
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: kyverno-service-account
|
||||
namespace: kyverno
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: kyverno:userinfo
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: kyverno:userinfo
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: kyverno-service-account
|
||||
namespace: kyverno
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: kyverno:webhook
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: kyverno:webhook
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: kyverno-service-account
|
||||
namespace: kyverno
|
||||
---
|
||||
apiVersion: v1
|
||||
data:
|
||||
excludeGroupRole: system:serviceaccounts:kube-system,system:nodes,system:kube-scheduler
|
||||
resourceFilters: '[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*]'
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: init-config
|
||||
namespace: kyverno
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
app: kyverno
|
||||
name: kyverno-svc
|
||||
namespace: kyverno
|
||||
spec:
|
||||
ports:
|
||||
- port: 443
|
||||
targetPort: 443
|
||||
selector:
|
||||
app: kyverno
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
app: kyverno
|
||||
name: kyverno
|
||||
namespace: kyverno
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: kyverno
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: kyverno
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- --filterK8Resources=[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*]
|
||||
- --excludeGroupRole="system:serviceaccounts:kube-system,system:nodes,system:kube-scheduler"
|
||||
- -v=2
|
||||
env:
|
||||
- name: INIT_CONFIG
|
||||
value: init-config
|
||||
- name: KYVERNO_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: KYVERNO_SVC
|
||||
value: kyverno-svc
|
||||
image: nirmata/kyverno:v1.1.9
|
||||
imagePullPolicy: Always
|
||||
livenessProbe:
|
||||
failureThreshold: 4
|
||||
httpGet:
|
||||
path: /health/liveness
|
||||
port: 443
|
||||
scheme: HTTPS
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 5
|
||||
name: kyverno
|
||||
ports:
|
||||
- containerPort: 443
|
||||
readinessProbe:
|
||||
failureThreshold: 4
|
||||
httpGet:
|
||||
path: /health/readiness
|
||||
port: 443
|
||||
scheme: HTTPS
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 5
|
||||
resources:
|
||||
limits:
|
||||
memory: 128Mi
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 50Mi
|
||||
initContainers:
|
||||
- image: nirmata/kyvernopre:v1.1.9
|
||||
imagePullPolicy: Always
|
||||
name: kyverno-pre
|
||||
serviceAccountName: kyverno-service-account
|
Loading…
Reference in a new issue