#9529 Support adding extra elements to the default resourceFilters list (#9530)

Signed-off-by: Brian Dunnigan <bdunnigan@clarityinnovates.com> Co-authored-by: treydock <tdockendorf@osc.edu>
2025-03-29 10:55:05 +00:00 · 2024-01-26 17:46:20 -05:00 · 2024-01-26 17:46:20 -05:00 · 0ffb382282
commit 0ffb382282
parent f01f0d6dc4
5 changed files with 25 additions and 0 deletions
--- a/charts/kyverno/README.md
+++ b/charts/kyverno/README.md
@ -293,6 +293,8 @@ The chart values are organised per component.
 | config.excludeKyvernoNamespace | bool | `true` | Exclude Kyverno namespace Determines if default Kyverno namespace exclusion is enabled for webhooks and resourceFilters |
 | config.resourceFiltersExcludeNamespaces | list | `[]` | resourceFilter namespace exclude Namespaces to exclude from the default resourceFilters |
 | config.resourceFiltersExclude | list | `[]` | resourceFilters exclude list Items to exclude from config.resourceFilters |
+| config.resourceFiltersIncludeNamespaces | list | `[]` | resourceFilter namespace include Namespaces to include to the default resourceFilters |
+| config.resourceFiltersInclude | list | `[]` | resourceFilters include list Items to include to config.resourceFilters |

 ### Metrics config

@ -822,6 +824,8 @@ Please consult the [values.yaml](./values.yaml) file before overriding `config.r

 Add entries to `config.resourceFiltersExclude` that you wish to omit from `config.resourceFilters`.

+Add entries to `config.resourceFiltersInclude` that you with to add to `config.resourceFilters`.
+
 ## High availability

 Running a highly-available Kyverno installation is crucial in a production environment.
--- a/charts/kyverno/README.md.gotmpl
+++ b/charts/kyverno/README.md.gotmpl
@ -388,6 +388,8 @@ Please consult the [values.yaml](./values.yaml) file before overriding `config.r

 Add entries to `config.resourceFiltersExclude` that you wish to omit from `config.resourceFilters`.

+Add entries to `config.resourceFiltersInclude` that you with to add to `config.resourceFilters`.
+
 ## High availability

 Running a highly-available Kyverno installation is crucial in a production environment.
--- a/charts/kyverno/ci/resourceFiltersInclude-values.yaml
+++ b/charts/kyverno/ci/resourceFiltersInclude-values.yaml
@ -0,0 +1,7 @@
+---
+config:
+  resourceFiltersInclude:
+    - '[MyCRD,*,*]'
+    - '[MyCRD/*,*,*]'
+  resourceFiltersIncludeNamespaces:
+    - "my-namespace"
--- a/charts/kyverno/templates/config/_helpers.tpl
+++ b/charts/kyverno/templates/config/_helpers.tpl
@ -45,6 +45,10 @@
    {{- end -}}
  {{- end -}}
 {{- end -}}
+{{- $resourceFilters = concat $resourceFilters .Values.config.resourceFiltersInclude -}}
+{{- range $include := .Values.config.resourceFiltersIncludeNamespaces -}}
+  {{- $resourceFilters = append $resourceFilters (printf "[*/*,%s,*]" $include) -}}
+{{- end -}}
 {{- range $resourceFilter := $resourceFilters }}
 {{ tpl $resourceFilter $ }}
 {{- end -}}
--- a/charts/kyverno/values.yaml
+++ b/charts/kyverno/values.yaml
@ -325,6 +325,14 @@ config:
  # Items to exclude from config.resourceFilters
  resourceFiltersExclude: []

+  # -- resourceFilter namespace include
+  # Namespaces to include to the default resourceFilters
+  resourceFiltersIncludeNamespaces: []
+
+  # -- resourceFilters include list
+  # Items to include to config.resourceFilters
+  resourceFiltersInclude: []
+
 # Metrics configuration
 metricsConfig: