From 0ffb38228242384baa3e7e3bf8a8e766b3b74e4f Mon Sep 17 00:00:00 2001
From: Brian Dunnigan <bdunnigan@clarityinnovates.com>
Date: Fri, 26 Jan 2024 17:46:20 -0500
Subject: [PATCH] #9529 Support adding extra elements to the default
 resourceFilters list (#9530)

Signed-off-by: Brian Dunnigan <bdunnigan@clarityinnovates.com>
Co-authored-by: treydock <tdockendorf@osc.edu>
---
 charts/kyverno/README.md                             | 4 ++++
 charts/kyverno/README.md.gotmpl                      | 2 ++
 charts/kyverno/ci/resourceFiltersInclude-values.yaml | 7 +++++++
 charts/kyverno/templates/config/_helpers.tpl         | 4 ++++
 charts/kyverno/values.yaml                           | 8 ++++++++
 5 files changed, 25 insertions(+)
 create mode 100644 charts/kyverno/ci/resourceFiltersInclude-values.yaml

diff --git a/charts/kyverno/README.md b/charts/kyverno/README.md
index 5c18893f40..86c17e3713 100644
--- a/charts/kyverno/README.md
+++ b/charts/kyverno/README.md
@@ -293,6 +293,8 @@ The chart values are organised per component.
 | config.excludeKyvernoNamespace | bool | `true` | Exclude Kyverno namespace Determines if default Kyverno namespace exclusion is enabled for webhooks and resourceFilters |
 | config.resourceFiltersExcludeNamespaces | list | `[]` | resourceFilter namespace exclude Namespaces to exclude from the default resourceFilters |
 | config.resourceFiltersExclude | list | `[]` | resourceFilters exclude list Items to exclude from config.resourceFilters |
+| config.resourceFiltersIncludeNamespaces | list | `[]` | resourceFilter namespace include Namespaces to include to the default resourceFilters |
+| config.resourceFiltersInclude | list | `[]` | resourceFilters include list Items to include to config.resourceFilters |
 
 ### Metrics config
 
@@ -822,6 +824,8 @@ Please consult the [values.yaml](./values.yaml) file before overriding `config.r
 
 Add entries to `config.resourceFiltersExclude` that you wish to omit from `config.resourceFilters`.
 
+Add entries to `config.resourceFiltersInclude` that you with to add to `config.resourceFilters`.
+
 ## High availability
 
 Running a highly-available Kyverno installation is crucial in a production environment.
diff --git a/charts/kyverno/README.md.gotmpl b/charts/kyverno/README.md.gotmpl
index 9ba39bf4d2..045d38b1f1 100644
--- a/charts/kyverno/README.md.gotmpl
+++ b/charts/kyverno/README.md.gotmpl
@@ -388,6 +388,8 @@ Please consult the [values.yaml](./values.yaml) file before overriding `config.r
 
 Add entries to `config.resourceFiltersExclude` that you wish to omit from `config.resourceFilters`.
 
+Add entries to `config.resourceFiltersInclude` that you with to add to `config.resourceFilters`.
+
 ## High availability
 
 Running a highly-available Kyverno installation is crucial in a production environment.
diff --git a/charts/kyverno/ci/resourceFiltersInclude-values.yaml b/charts/kyverno/ci/resourceFiltersInclude-values.yaml
new file mode 100644
index 0000000000..1fc0cf51f8
--- /dev/null
+++ b/charts/kyverno/ci/resourceFiltersInclude-values.yaml
@@ -0,0 +1,7 @@
+---
+config:
+  resourceFiltersInclude:
+    - '[MyCRD,*,*]'
+    - '[MyCRD/*,*,*]'
+  resourceFiltersIncludeNamespaces:
+    - "my-namespace"
diff --git a/charts/kyverno/templates/config/_helpers.tpl b/charts/kyverno/templates/config/_helpers.tpl
index 4b1d40d729..097aa451bc 100644
--- a/charts/kyverno/templates/config/_helpers.tpl
+++ b/charts/kyverno/templates/config/_helpers.tpl
@@ -45,6 +45,10 @@
     {{- end -}}
   {{- end -}}
 {{- end -}}
+{{- $resourceFilters = concat $resourceFilters .Values.config.resourceFiltersInclude -}}
+{{- range $include := .Values.config.resourceFiltersIncludeNamespaces -}}
+  {{- $resourceFilters = append $resourceFilters (printf "[*/*,%s,*]" $include) -}}
+{{- end -}}
 {{- range $resourceFilter := $resourceFilters }}
 {{ tpl $resourceFilter $ }}
 {{- end -}}
diff --git a/charts/kyverno/values.yaml b/charts/kyverno/values.yaml
index bb320092d4..994b8080b4 100644
--- a/charts/kyverno/values.yaml
+++ b/charts/kyverno/values.yaml
@@ -325,6 +325,14 @@ config:
   # Items to exclude from config.resourceFilters
   resourceFiltersExclude: []
 
+  # -- resourceFilter namespace include
+  # Namespaces to include to the default resourceFilters
+  resourceFiltersIncludeNamespaces: []
+
+  # -- resourceFilters include list
+  # Items to include to config.resourceFilters
+  resourceFiltersInclude: []
+
 # Metrics configuration
 metricsConfig: