- update version to v1.3.6; - split Kustomization manifests; - revert release/install.yaml (#1945)

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
2025-03-31 03:45:17 +00:00 · 2021-06-01 21:58:37 -07:00 · 2021-06-01 21:58:37 -07:00 · 1412c1f84e
commit 1412c1f84e
parent 42131482fa
10 changed files with 772 additions and 2581 deletions
--- a/definitions/install.yaml
+++ b/definitions/install.yaml
--- a/definitions/install_debug.yaml
+++ b/definitions/install_debug.yaml
@ -1,6 +1,8 @@
 apiVersion: v1
 kind: Namespace
 metadata:
+  labels:
+    app: kyverno
  name: kyverno
 ---
 apiVersion: apiextensions.k8s.io/v1
@ -2129,6 +2131,8 @@ status:
 apiVersion: v1
 kind: ServiceAccount
 metadata:
+  labels:
+    app: kyverno
  name: kyverno-service-account
  namespace: kyverno
 ---
@ -2136,6 +2140,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  labels:
+    app: kyverno
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
  name: kyverno:admin-policies
 rules:
@ -2151,6 +2156,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  labels:
+    app: kyverno
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
  name: kyverno:admin-policyreport
 rules:
@ -2166,6 +2172,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  labels:
+    app: kyverno
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
  name: kyverno:admin-reportchangerequest
 rules:
@ -2180,6 +2187,8 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
+  labels:
+    app: kyverno
  name: kyverno:customresources
 rules:
 - apiGroups:
@ -2217,6 +2226,8 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
+  labels:
+    app: kyverno
  name: kyverno:generatecontroller
 rules:
 - apiGroups:
@ -2244,6 +2255,8 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
+  labels:
+    app: kyverno
  name: kyverno:policycontroller
 rules:
 - apiGroups:
@ -2259,6 +2272,8 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
+  labels:
+    app: kyverno
  name: kyverno:userinfo
 rules:
 - apiGroups:
@ -2277,6 +2292,8 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
+  labels:
+    app: kyverno
  name: kyverno:webhook
 rules:
 - apiGroups:
@ -2321,6 +2338,8 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
+  labels:
+    app: kyverno
  name: kyverno:customresources
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -2334,6 +2353,8 @@ subjects:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
+  labels:
+    app: kyverno
  name: kyverno:generatecontroller
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -2347,6 +2368,8 @@ subjects:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
+  labels:
+    app: kyverno
  name: kyverno:policycontroller
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -2360,6 +2383,8 @@ subjects:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
+  labels:
+    app: kyverno
  name: kyverno:userinfo
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -2373,6 +2398,8 @@ subjects:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
+  labels:
+    app: kyverno
  name: kyverno:webhook
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -2389,6 +2416,8 @@ data:
  resourceFilters: '[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][SelfSubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*][ReportChangeRequest,*,*][ClusterReportChangeRequest,*,*][PolicyReport,*,*][ClusterPolicyReport,*,*]'
 kind: ConfigMap
 metadata:
+  labels:
+    app: kyverno
  name: init-config
  namespace: kyverno
 ---
@ -2397,13 +2426,16 @@ kind: Service
 metadata:
  labels:
    app: kyverno
-    app.kubernetes.io/name: kyverno
  name: kyverno-svc
  namespace: kyverno
 spec:
  ports:
-  - port: 443
+  - name: https
+    port: 443
    targetPort: https
+  - name: metrics-port
+    port: 8000
+    targetPort: metrics-port
  selector:
    app: kyverno
    app.kubernetes.io/name: kyverno
--- a/definitions/k8s-resource/clusterroles.yaml
+++ b/definitions/k8s-resource/clusterroles.yaml
@ -1,37 +1,4 @@
 ---
-kind: Namespace
-apiVersion: v1
-metadata:
-  labels:
-    app: kyverno
-  name: kyverno
---
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: kyverno
-  namespace: kyverno
-  name: kyverno-svc
-spec:
-  ports:
-  - port: 443
-    name: https
-    targetPort: https
-  - port: 8000
-    name: metrics-port
-    targetPort: metrics-port
-  selector:
-    app: kyverno
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app: kyverno
-  name: kyverno-service-account
-  namespace: kyverno
---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
--- a/definitions/k8s-resource/kustomization.yaml
+++ b/definitions/k8s-resource/kustomization.yaml
@ -4,4 +4,7 @@ kind: Kustomization
 resources:
 - ./clusterroles.yaml
 - ./clusterrolebindings.yaml
- ./configmap.yaml
+- ./configmap.yaml
+- ./namespace.yaml
+- ./service.yaml
+- ./serviceaccount.yaml
--- a/definitions/k8s-resource/namespace.yaml
+++ b/definitions/k8s-resource/namespace.yaml
@ -0,0 +1,7 @@
+---
+kind: Namespace
+apiVersion: v1
+metadata:
+  labels:
+    app: kyverno
+  name: kyverno
--- a/definitions/k8s-resource/service.yaml
+++ b/definitions/k8s-resource/service.yaml
@ -0,0 +1,20 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: kyverno
+  namespace: kyverno
+  name: kyverno-svc
+spec:
+  ports:
+  - port: 443
+    name: https
+    targetPort: https
+  - port: 8000
+    name: metrics-port
+    targetPort: metrics-port
+  selector:
+    app: kyverno
+    # do not remove
+    app.kubernetes.io/name: kyverno
--- a/definitions/k8s-resource/serviceaccount.yaml
+++ b/definitions/k8s-resource/serviceaccount.yaml
@ -0,0 +1,8 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app: kyverno
+  name: kyverno-service-account
+  namespace: kyverno
--- a/definitions/labels.yaml
+++ b/definitions/labels.yaml
@ -9,7 +9,7 @@ labels:
  app.kubernetes.io/managed-by: Kustomize
  app.kubernetes.io/name: kyverno
  app.kubernetes.io/part-of: kyverno
-  app.kubernetes.io/version: v1.3.6-rc1
+  app.kubernetes.io/version: v1.3.6
 fieldSpecs:
 - path: metadata/labels
  create: true
--- a/definitions/manifest/deployment.yaml
+++ b/definitions/manifest/deployment.yaml
@ -4,17 +4,23 @@ kind: Deployment
 metadata:
  labels:
    app: kyverno
+    # do not remove
+    app.kubernetes.io/name: kyverno
  namespace: kyverno
  name: kyverno
 spec:
  selector:
    matchLabels:
      app: kyverno
+      # do not remove
+      app.kubernetes.io/name: kyverno
  replicas: 1
  template:
    metadata:
      labels:
        app: kyverno
+        # do not remove
+        app.kubernetes.io/name: kyverno
    spec:
      serviceAccountName: kyverno-service-account
      securityContext:
--- a/definitions/release/install.yaml
+++ b/definitions/release/install.yaml