mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-15 17:51:20 +00:00
Code Activity

fix: configmap resource filters generated by helm does not account for namespace (#3358)

Browse source 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
This commit is contained in:
Charles-Edouard Brétéché 2022-03-08 19:04:25 +01:00 committed by GitHub
parent 51501cce9d
commit 2987647692
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
charts/kyverno/README.md
View file

@ -105,7 +105,7 @@ The command removes all the Kubernetes components associated with the chart and
| livenessProbe | object | See [values.yaml](values.yaml) | Liveness probe. The block is directly forwarded into the deployment, so you can use whatever livenessProbe configuration you want. ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ |
| readinessProbe | object | See [values.yaml](values.yaml) | Readiness Probe. The block is directly forwarded into the deployment, so you can use whatever readinessProbe configuration you want. ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ |
| generatecontrollerExtraResources | string | `nil` | |
| config.resourceFilters | list | See [values.yaml](values.yaml) | Resource types to be skipped by the Kyverno policy engine. Make sure to surround each entry in quotes so that it doesn't get parsed as a nested YAML list. These are joined together without spaces in the config map. |
| config.resourceFilters | list | See [values.yaml](values.yaml) | Resource types to be skipped by the Kyverno policy engine. Make sure to surround each entry in quotes so that it doesn't get parsed as a nested YAML list. These are joined together without spaces, run through `tpl`, and the result is set in the config map. |
| config.existingConfig | string | `""` | Name of an existing config map (ignores default/provided resourceFilters) |
| config.excludeGroupRole | string | `nil` | Exclude group role |
| config.excludeUsername | string | `nil` | Exclude username |

2
charts/kyverno/templates/configmap.yaml
View file

@ -9,7 +9,7 @@ metadata:
data:
# resource types to be skipped by kyverno policy engine
{{- if .Values.config.resourceFilters }}
resourceFilters: {{ join "" .Values.config.resourceFilters | quote }}
resourceFilters: {{ tpl (join "" .Values.config.resourceFilters) . | quote }}
{{- end -}}
{{- if .Values.config.excludeGroupRole }}
excludeGroupRole: {{ join "," .Values.config.excludeGroupRole | quote }}

4
charts/kyverno/values.yaml
View file

@ -204,7 +204,7 @@ generatecontrollerExtraResources:
config:
# -- Resource types to be skipped by the Kyverno policy engine.
# Make sure to surround each entry in quotes so that it doesn't get parsed as a nested YAML list.
# These are joined together without spaces in the config map.
# These are joined together without spaces, run through `tpl`, and the result is set in the config map.
# @default -- See [values.yaml](values.yaml)
resourceFilters:
- '[Event,*,*]'
@ -216,7 +216,7 @@ config:
- '[TokenReview,*,*]'
- '[SubjectAccessReview,*,*]'
- '[SelfSubjectAccessReview,*,*]'
- '[*,kyverno,kyverno*]'
- '[*,{{ include "kyverno.namespace" . }},kyverno*]'
- '[Binding,*,*]'
- '[ReplicaSet,*,*]'
- '[ReportChangeRequest,*,*]'