mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

fix(helm): add values for declaratively enabling PDBs (#8652)

Browse source 
* fix(helm): add values for declaratively enabling PDBs

Signed-off-by: Erik Godding Boye <egboye@gmail.com>

* update codegen docs

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: Erik Godding Boye <egboye@gmail.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: ShutingZhao <shuting@nirmata.com>
This commit is contained in:
Erik Godding Boye 2023-10-16 10:44:20 +02:00 committed by GitHub
parent dbc55c1c05
commit 1be3e6d763
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 20 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
charts/kyverno/README.md
View file

@ -352,6 +352,7 @@ The chart values are organised per component.
| admissionController.nodeAffinity | object | `{}` | Node affinity constraints. | | admissionController.nodeAffinity | object | `{}` | Node affinity constraints. |
| admissionController.topologySpreadConstraints | list | `[]` | Topology spread constraints. | | admissionController.topologySpreadConstraints | list | `[]` | Topology spread constraints. |
| admissionController.podSecurityContext | object | `{}` | Security context for the pod | | admissionController.podSecurityContext | object | `{}` | Security context for the pod |
| admissionController.podDisruptionBudget.enabled | bool | `false` | Enable PodDisruptionBudget. Will always be enabled if replicas > 1. This non-declarative behavior should ideally be avoided, but changing it now would be breaking. |
| admissionController.podDisruptionBudget.minAvailable | int | `1` | Configures the minimum available pods for disruptions. Cannot be used if `maxUnavailable` is set. | | admissionController.podDisruptionBudget.minAvailable | int | `1` | Configures the minimum available pods for disruptions. Cannot be used if `maxUnavailable` is set. |
| admissionController.podDisruptionBudget.maxUnavailable | string | `nil` | Configures the maximum unavailable pods for disruptions. Cannot be used if `minAvailable` is set. | | admissionController.podDisruptionBudget.maxUnavailable | string | `nil` | Configures the maximum unavailable pods for disruptions. Cannot be used if `minAvailable` is set. |
| admissionController.tufRootMountPath | string | `"/.sigstore"` | A writable volume to use for the TUF root initialization. | | admissionController.tufRootMountPath | string | `"/.sigstore"` | A writable volume to use for the TUF root initialization. |
@ -443,6 +444,7 @@ The chart values are organised per component.
| backgroundController.topologySpreadConstraints | list | `[]` | Topology spread constraints. | | backgroundController.topologySpreadConstraints | list | `[]` | Topology spread constraints. |
| backgroundController.podSecurityContext | object | `{}` | Security context for the pod | | backgroundController.podSecurityContext | object | `{}` | Security context for the pod |
| backgroundController.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the containers | | backgroundController.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the containers |
| backgroundController.podDisruptionBudget.enabled | bool | `false` | Enable PodDisruptionBudget. Will always be enabled if replicas > 1. This non-declarative behavior should ideally be avoided, but changing it now would be breaking. |
| backgroundController.podDisruptionBudget.minAvailable | int | `1` | Configures the minimum available pods for disruptions. Cannot be used if `maxUnavailable` is set. | | backgroundController.podDisruptionBudget.minAvailable | int | `1` | Configures the minimum available pods for disruptions. Cannot be used if `maxUnavailable` is set. |
| backgroundController.podDisruptionBudget.maxUnavailable | string | `nil` | Configures the maximum unavailable pods for disruptions. Cannot be used if `minAvailable` is set. | | backgroundController.podDisruptionBudget.maxUnavailable | string | `nil` | Configures the maximum unavailable pods for disruptions. Cannot be used if `minAvailable` is set. |
| backgroundController.metricsService.create | bool | `true` | Create service. | | backgroundController.metricsService.create | bool | `true` | Create service. |
@ -510,6 +512,7 @@ The chart values are organised per component.
| cleanupController.topologySpreadConstraints | list | `[]` | Topology spread constraints. | | cleanupController.topologySpreadConstraints | list | `[]` | Topology spread constraints. |
| cleanupController.podSecurityContext | object | `{}` | Security context for the pod | | cleanupController.podSecurityContext | object | `{}` | Security context for the pod |
| cleanupController.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the containers | | cleanupController.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the containers |
| cleanupController.podDisruptionBudget.enabled | bool | `false` | Enable PodDisruptionBudget. Will always be enabled if replicas > 1. This non-declarative behavior should ideally be avoided, but changing it now would be breaking. |
| cleanupController.podDisruptionBudget.minAvailable | int | `1` | Configures the minimum available pods for disruptions. Cannot be used if `maxUnavailable` is set. | | cleanupController.podDisruptionBudget.minAvailable | int | `1` | Configures the minimum available pods for disruptions. Cannot be used if `maxUnavailable` is set. |
| cleanupController.podDisruptionBudget.maxUnavailable | string | `nil` | Configures the maximum unavailable pods for disruptions. Cannot be used if `minAvailable` is set. | | cleanupController.podDisruptionBudget.maxUnavailable | string | `nil` | Configures the maximum unavailable pods for disruptions. Cannot be used if `minAvailable` is set. |
| cleanupController.service.port | int | `443` | Service port. | | cleanupController.service.port | int | `443` | Service port. |
@ -579,6 +582,7 @@ The chart values are organised per component.
| reportsController.topologySpreadConstraints | list | `[]` | Topology spread constraints. | | reportsController.topologySpreadConstraints | list | `[]` | Topology spread constraints. |
| reportsController.podSecurityContext | object | `{}` | Security context for the pod | | reportsController.podSecurityContext | object | `{}` | Security context for the pod |
| reportsController.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the containers | | reportsController.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the containers |
| reportsController.podDisruptionBudget.enabled | bool | `false` | Enable PodDisruptionBudget. Will always be enabled if replicas > 1. This non-declarative behavior should ideally be avoided, but changing it now would be breaking. |
| reportsController.podDisruptionBudget.minAvailable | int | `1` | Configures the minimum available pods for disruptions. Cannot be used if `maxUnavailable` is set. | | reportsController.podDisruptionBudget.minAvailable | int | `1` | Configures the minimum available pods for disruptions. Cannot be used if `maxUnavailable` is set. |
| reportsController.podDisruptionBudget.maxUnavailable | string | `nil` | Configures the maximum unavailable pods for disruptions. Cannot be used if `minAvailable` is set. | | reportsController.podDisruptionBudget.maxUnavailable | string | `nil` | Configures the maximum unavailable pods for disruptions. Cannot be used if `minAvailable` is set. |
| reportsController.tufRootMountPath | string | `"/.sigstore"` | A writable volume to use for the TUF root initialization. | | reportsController.tufRootMountPath | string | `"/.sigstore"` | A writable volume to use for the TUF root initialization. |

2
charts/kyverno/templates/admission-controller/poddisruptionbudget.yaml
View file

@ -1,4 +1,4 @@
{{- if (gt (int .Values.admissionController.replicas) 1) -}} {{- if or .Values.admissionController.podDisruptionBudget.enabled (gt (int .Values.admissionController.replicas) 1) -}}
apiVersion: {{ template "kyverno.pdb.apiVersion" . }} apiVersion: {{ template "kyverno.pdb.apiVersion" . }}
kind: PodDisruptionBudget kind: PodDisruptionBudget
metadata: metadata:

2
charts/kyverno/templates/background-controller/poddisruptionbudget.yaml
View file

@ -1,5 +1,5 @@
{{- if .Values.backgroundController.enabled -}} {{- if .Values.backgroundController.enabled -}}
{{- if (gt (int .Values.backgroundController.replicas) 1) -}} {{- if or .Values.backgroundController.podDisruptionBudget.enabled (gt (int .Values.backgroundController.replicas) 1) -}}
apiVersion: {{ template "kyverno.pdb.apiVersion" . }} apiVersion: {{ template "kyverno.pdb.apiVersion" . }}
kind: PodDisruptionBudget kind: PodDisruptionBudget
metadata: metadata:

2
charts/kyverno/templates/cleanup-controller/poddisruptionbudget.yaml
View file

@ -1,5 +1,5 @@
{{- if .Values.cleanupController.enabled -}} {{- if .Values.cleanupController.enabled -}}
{{- if (gt (int .Values.cleanupController.replicas) 1) -}} {{- if or .Values.cleanupController.podDisruptionBudget.enabled (gt (int .Values.cleanupController.replicas) 1) -}}
apiVersion: {{ template "kyverno.pdb.apiVersion" . }} apiVersion: {{ template "kyverno.pdb.apiVersion" . }}
kind: PodDisruptionBudget kind: PodDisruptionBudget
metadata: metadata:

2
charts/kyverno/templates/reports-controller/poddisruptionbudget.yaml
View file

@ -1,5 +1,5 @@
{{- if .Values.reportsController.enabled -}} {{- if .Values.reportsController.enabled -}}
{{- if (gt (int .Values.reportsController.replicas) 1) -}} {{- if or .Values.reportsController.podDisruptionBudget.enabled (gt (int .Values.reportsController.replicas) 1) -}}
apiVersion: {{ template "kyverno.pdb.apiVersion" . }} apiVersion: {{ template "kyverno.pdb.apiVersion" . }}
kind: PodDisruptionBudget kind: PodDisruptionBudget
metadata: metadata:

12
charts/kyverno/values.yaml
View file

@ -781,6 +781,9 @@ admissionController:
podSecurityContext: {} podSecurityContext: {}
podDisruptionBudget: podDisruptionBudget:
# -- Enable PodDisruptionBudget.
# Will always be enabled if replicas > 1. This non-declarative behavior should ideally be avoided, but changing it now would be breaking.
enabled: false
# -- Configures the minimum available pods for disruptions. # -- Configures the minimum available pods for disruptions.
# Cannot be used if `maxUnavailable` is set. # Cannot be used if `maxUnavailable` is set.
minAvailable: 1 minAvailable: 1
@ -1161,6 +1164,9 @@ backgroundController:
type: RuntimeDefault type: RuntimeDefault
podDisruptionBudget: podDisruptionBudget:
# -- Enable PodDisruptionBudget.
# Will always be enabled if replicas > 1. This non-declarative behavior should ideally be avoided, but changing it now would be breaking.
enabled: false
# -- Configures the minimum available pods for disruptions. # -- Configures the minimum available pods for disruptions.
# Cannot be used if `maxUnavailable` is set. # Cannot be used if `maxUnavailable` is set.
minAvailable: 1 minAvailable: 1
@ -1426,6 +1432,9 @@ cleanupController:
type: RuntimeDefault type: RuntimeDefault
podDisruptionBudget: podDisruptionBudget:
# -- Enable PodDisruptionBudget.
# Will always be enabled if replicas > 1. This non-declarative behavior should ideally be avoided, but changing it now would be breaking.
enabled: false
# -- Configures the minimum available pods for disruptions. # -- Configures the minimum available pods for disruptions.
# Cannot be used if `maxUnavailable` is set. # Cannot be used if `maxUnavailable` is set.
minAvailable: 1 minAvailable: 1
@ -1669,6 +1678,9 @@ reportsController:
type: RuntimeDefault type: RuntimeDefault
podDisruptionBudget: podDisruptionBudget:
# -- Enable PodDisruptionBudget.
# Will always be enabled if replicas > 1. This non-declarative behavior should ideally be avoided, but changing it now would be breaking.
enabled: false
# -- Configures the minimum available pods for disruptions. # -- Configures the minimum available pods for disruptions.
# Cannot be used if `maxUnavailable` is set. # Cannot be used if `maxUnavailable` is set.
minAvailable: 1 minAvailable: 1