Enable adding annotations to configmaps in the helm chart (#4984)

* fix: add user info in admission request logs (#4969)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Brian Provenzano <bproven@gmail.com>

* fix: missing autogen rules in status (#4971)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Brian Provenzano <bproven@gmail.com>

* fix: config reloading not working correctly (#4951)

* fix: config reloading not working correctly

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* nits

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Brian Provenzano <bproven@gmail.com>

* enable adding annotations to configmaps in the helm chart

Signed-off-by: Brian Provenzano <bproven@gmail.com>

* add entry to artifacthub.io release notes in Chart.yaml

Signed-off-by: Brian Provenzano <bproven@gmail.com>

* change name of annotation keys; codegen the readme docs

Signed-off-by: Brian Provenzano <bproven@gmail.com>

* feat: Add container registry setting on Helm Chart (#4281)

To make the customization of the container registries easier, eg.
a custom private registry, this change adds a new property on the
images configuration to allow setting a custom image registry
without needing to customize the repository of the image.

Signed-off-by: Samuel Torres <samuelpirestorres@gmail.com>
Signed-off-by: Brian Provenzano <bproven@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Brian Provenzano <bproven@gmail.com>
Signed-off-by: Samuel Torres <samuelpirestorres@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Samuel Torres <samuelpirestorres@gmail.com>

charts/kyverno/Chart.yaml

@@ -42,7 +42,9 @@ annotations:
       description: Extra args support for init container.
     - kind: added
       description: Allow overriding of test security context and resource block.
-    - kind: added
-      description: Add startup probes support
     - kind: added
       description: Added possibility to define custom image registries
+    - kind: added
+      description: Enable adding optional annotations to configmaps
+    - kind: added
+      description: Add startup probes support

charts/kyverno/README.md

@@ -178,11 +178,13 @@ The command removes all the Kubernetes components associated with the chart and
 | resourceFiltersExcludeNamespaces | list | `[]` | resourceFilter namespace exclude Namespaces to exclude from the default resourceFilters |
 | config.resourceFilters | list | See [values.yaml](values.yaml) | Resource types to be skipped by the Kyverno policy engine. Make sure to surround each entry in quotes so that it doesn't get parsed as a nested YAML list. These are joined together without spaces, run through `tpl`, and the result is set in the config map. |
 | config.existingConfig | string | `""` | Name of an existing config map (ignores default/provided resourceFilters) |
+| config.annotations | object | `{}` | Additional annotations to add to the configmap |
 | config.excludeGroupRole | string | `nil` | Exclude group role |
 | config.excludeUsername | string | `nil` | Exclude username |
 | config.webhooks | string | `nil` | Defines the `namespaceSelector` in the webhook configurations. Note that it takes a list of `namespaceSelector` and/or `objectSelector` in the JSON format, and only the first element will be forwarded to the webhook configurations. The Kyverno namespace is excluded if `excludeKyvernoNamespace` is `true` (default) |
 | config.generateSuccessEvents | bool | `false` | Generate success events. |
-| config.metricsConfig | object | `{"namespaces":{"exclude":[],"include":[]}}` | Metrics config. |
+| config.metricsConfig | object | `{"annotations":{},"namespaces":{"exclude":[],"include":[]}}` | Metrics config. |
+| config.metricsConfig.annotations | object | `{}` | Additional annotations to add to the metricsconfigmap |
 | updateStrategy | object | See [values.yaml](values.yaml) | Deployment update strategy. Ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy |
 | service.port | int | `443` | Service port. |
 | service.type | string | `"ClusterIP"` | Service type. |

charts/kyverno/templates/configmap.yaml

@@ -4,6 +4,10 @@ kind: ConfigMap
 metadata:
   labels: {{ include "kyverno.labels" . | nindent 4 }}
     app: kyverno
+  {{- with .Values.config.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
   name: {{ template "kyverno.configMapName" . }}
   namespace: {{ template "kyverno.namespace" . }}
 data:

charts/kyverno/templates/metricsconfigmap.yaml

@@ -4,6 +4,10 @@ kind: ConfigMap
 metadata:
   labels: {{ include "kyverno.labels" . | nindent 4 }}
     app: kyverno
+  {{- with .Values.config.metricsConfig.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
   name: {{ template "kyverno.metricsConfigMapName" . }}
   namespace: {{ template "kyverno.namespace" . }}
 {{- if .Values.config.metricsConfig }}

charts/kyverno/values.yaml

@@ -329,6 +329,9 @@ config:
 
   # -- Name of an existing config map (ignores default/provided resourceFilters)
   existingConfig: ''
+  # -- Additional annotations to add to the configmap
+  annotations: {}
+    # example.com/annotation: foo
   # -- Exclude group role
   excludeGroupRole:
   # - ''
@@ -358,6 +361,9 @@ config:
   generateSuccessEvents: false
   # -- Metrics config.
   metricsConfig:
+    # -- Additional annotations to add to the metricsconfigmap
+    annotations: {}
+      # example.com/annotation: foo
     namespaces: {
       "include": [],
       "exclude": []