mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-28 02:18:15 +00:00
Code Activity

refactor: helm labels management (#6073)

Browse source 
* refactor: helm labels management

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* labels

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* labels

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* labels

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* readme

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix test

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2023-01-24 21:41:24 +01:00 committed by GitHub
parent 90699b313d
commit 6545f64ce1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
31 changed files with 264 additions and 282 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Makefile
View file

@ -445,7 +445,7 @@ codegen-helm-crds: codegen-crds-all ## Generate helm CRDs
| $(SED) -e '/^ creationTimestamp: null/i \ \ \ \ {{- with .Values.crds.annotations }}' \
| $(SED) -e '/^ creationTimestamp: null/i \ \ \ \ {{- toYaml . | nindent 4 }}' \
| $(SED) -e '/^ creationTimestamp: null/i \ \ \ \ {{- end }}' \
| $(SED) -e '/^ creationTimestamp: null/a \ \ \ \ {{- include "kyverno.crd.labels" . | nindent 4 }}' \
| $(SED) -e '/^ creationTimestamp: null/a \ \ \ \ {{- include "kyverno.crds.labels" . | nindent 4 }}' \
| $(SED) -e '/^ creationTimestamp: null/a \ \ labels:' \
| $(SED) -e '/^ creationTimestamp: null/d' \
> ./charts/kyverno/templates/crds/crds.yaml

2
charts/kyverno/README.md
View file

@ -122,6 +122,8 @@ In `v3` chart values changed significantly, please read the instructions below t
- `testResources` has been replaced with `test.resources`
- `testSecurityContext` has been replaced with `test.securityContext`
- Labels and selectors have been reworked and due to immutability, upgrading from `v2` to `v3` is going to be rejected. The easiest solution is to uninstall `v2` and reinstall `v3` once values have been adapted to the changes described above.
## Uninstalling the Chart
To uninstall/delete the `kyverno` deployment:

2
charts/kyverno/README.md.gotmpl
View file

@ -122,6 +122,8 @@ In `v3` chart values changed significantly, please read the instructions below t
- `testResources` has been replaced with `test.resources`
- `testSecurityContext` has been replaced with `test.securityContext`
- Labels and selectors have been reworked and due to immutability, upgrading from `v2` to `v3` is going to be rejected. The easiest solution is to uninstall `v2` and reinstall `v3` once values have been adapted to the changes described above.
## Uninstalling the Chart
To uninstall/delete the `kyverno` deployment:

27
charts/kyverno/templates/_helpers.tpl
View file

@ -33,33 +33,6 @@
{{ default .Release.Namespace .Values.namespaceOverride }}
{{- end -}}
{{- define "kyverno.helmLabels" -}}
{{- if not .Values.templating.enabled -}}
helm.sh/chart: {{ template "kyverno.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{- end -}}
{{- define "kyverno.versionLabels" -}}
app.kubernetes.io/version: {{ template "kyverno.chartVersion" . }}
{{- end -}}
{{- define "kyverno.labels" -}}
app.kubernetes.io/part-of: {{ template "kyverno.name" . }}
{{- with (include "kyverno.helmLabels" .) -}}{{- . | trim | nindent 0 -}}{{- end -}}
{{- with (include "kyverno.matchLabels" .) -}}{{- . | trim | nindent 0 -}}{{- end -}}
{{- with (include "kyverno.versionLabels" .) -}}{{- . | trim | nindent 0 -}}{{- end -}}
{{- if .Values.customLabels }}
{{ toYaml .Values.customLabels }}
{{- end }}
{{- end -}}
{{- define "kyverno.matchLabels" -}}
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: {{ template "kyverno.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{/* Create the name of the service to use */}}
{{- define "kyverno.serviceName" -}}
{{- printf "%s-svc" (include "kyverno.fullname" .) | trunc 63 | trimSuffix "-" -}}

39
charts/kyverno/templates/_helpers/_labels.tpl Normal file
View file

@ -0,0 +1,39 @@
{{/* vim: set filetype=mustache: */}}
{{- define "kyverno.labels.merge" -}}
{{- $labels := dict -}}
{{- range . -}}
{{- $labels = merge $labels (fromYaml .) -}}
{{- end -}}
{{- with $labels -}}
{{- toYaml $labels -}}
{{- end -}}
{{- end -}}
{{- define "kyverno.labels.helm" -}}
{{- if not .Values.templating.enabled -}}
helm.sh/chart: {{ template "kyverno.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{- end -}}
{{- define "kyverno.labels.version" -}}
app.kubernetes.io/version: {{ template "kyverno.chartVersion" . }}
{{- end -}}
{{- define "kyverno.labels.common" -}}
{{- template "kyverno.labels.merge" (list (include "kyverno.labels.helm" .) (include "kyverno.labels.version" .)) -}}
{{- end -}}
{{- define "kyverno.matchLabels.common" -}}
app.kubernetes.io/part-of: {{ template "kyverno.fullname" . }}
app.kubernetes.io/instance: {{ template "kyverno.name" . }}
{{- end -}}
{{- define "kyverno.labels.component" -}}
app.kubernetes.io/component: {{ . }}
{{- end -}}
{{- define "kyverno.labels.name" -}}
app.kubernetes.io/name: {{ . }}
{{- end -}}

8
charts/kyverno/templates/_templating/_helpers.tpl Normal file
View file

@ -0,0 +1,8 @@
{{/* vim: set filetype=mustache: */}}
{{- define "kyverno.templating.labels" -}}
{{- template "kyverno.labels.merge" (list
(include "kyverno.labels.common" .)
(include "kyverno.matchLabels.common" .)
) -}}
{{- end -}}

4
charts/kyverno/templates/_templating/namespace.yaml
View file

@ -2,7 +2,7 @@
apiVersion: v1
kind: Namespace
metadata:
name: {{ template "kyverno.namespace" . }}
name: {{ include "kyverno.namespace" . }}
labels:
{{- include "kyverno.labels" . | nindent 4 }}
{{- include "kyverno.templating.labels" . | nindent 4 }}
{{- end -}}

15
charts/kyverno/templates/admission-controller/_helpers.tpl Normal file
View file

@ -0,0 +1,15 @@
{{/* vim: set filetype=mustache: */}}
{{- define "kyverno.admission-controller.labels" -}}
{{- template "kyverno.labels.merge" (list
(include "kyverno.labels.common" .)
(include "kyverno.admission-controller.matchLabels" .)
) -}}
{{- end -}}
{{- define "kyverno.admission-controller.matchLabels" -}}
{{- template "kyverno.labels.merge" (list
(include "kyverno.matchLabels.common" .)
(include "kyverno.labels.component" "admission-controller")
) -}}
{{- end -}}

8
charts/kyverno/templates/aggregateroles.yaml
View file

@ -5,7 +5,7 @@ metadata:
name: {{ template "kyverno.fullname" . }}:admin-policies
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
{{- include "kyverno.labels" . | nindent 4 }}
{{- include "kyverno.admission-controller.labels" . | nindent 4 }}
rules:
- apiGroups:
- kyverno.io
@ -27,7 +27,7 @@ metadata:
name: {{ template "kyverno.fullname" . }}:admin-policyreport
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
{{- include "kyverno.labels" . | nindent 4 }}
{{- include "kyverno.admission-controller.labels" . | nindent 4 }}
rules:
- apiGroups:
- wgpolicyk8s.io
@ -49,7 +49,7 @@ metadata:
name: {{ template "kyverno.fullname" . }}:admin-reports
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
{{- include "kyverno.labels" . | nindent 4 }}
{{- include "kyverno.admission-controller.labels" . | nindent 4 }}
rules:
- apiGroups:
- kyverno.io
@ -73,7 +73,7 @@ metadata:
name: {{ template "kyverno.fullname" . }}:admin-updaterequest
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
{{- include "kyverno.labels" . | nindent 4 }}
{{- include "kyverno.admission-controller.labels" . | nindent 4 }}
rules:
- apiGroups:
- kyverno.io

30
charts/kyverno/templates/cleanup-controller/_helpers.tpl
View file

@ -5,22 +5,17 @@
{{- end -}}
{{- define "kyverno.cleanup-controller.labels" -}}
app.kubernetes.io/part-of: {{ template "kyverno.name" . }}
{{- with (include "kyverno.helmLabels" .) }}
{{ . }}
{{- end }}
{{- with (include "kyverno.versionLabels" .) }}
{{ . }}
{{- end }}
{{- with (include "kyverno.cleanup-controller.matchLabels" .) }}
{{ . }}
{{- end }}
{{- template "kyverno.labels.merge" (list
(include "kyverno.labels.common" .)
(include "kyverno.cleanup-controller.matchLabels" .)
) -}}
{{- end -}}
{{- define "kyverno.cleanup-controller.matchLabels" -}}
app.kubernetes.io/component: cleanup-controller
app.kubernetes.io/name: {{ template "kyverno.cleanup-controller.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- template "kyverno.labels.merge" (list
(include "kyverno.matchLabels.common" .)
(include "kyverno.labels.component" "cleanup-controller")
) -}}
{{- end -}}
{{- define "kyverno.cleanup-controller.image" -}}
@ -45,10 +40,10 @@ app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{- define "kyverno.cleanup-controller.securityContext" -}}
{{- if semverCompare "<1.19" .Capabilities.KubeVersion.Version }}
{{ toYaml (omit .Values.cleanupController.securityContext "seccompProfile") }}
{{- else }}
{{ toYaml .Values.cleanupController.securityContext }}
{{- if semverCompare "<1.19" .Capabilities.KubeVersion.Version -}}
{{- toYaml (omit .Values.cleanupController.securityContext "seccompProfile") -}}
{{- else -}}
{{- toYaml .Values.cleanupController.securityContext -}}
{{- end }}
{{- end }}
@ -64,4 +59,3 @@ minAvailable: {{ default 1 .Values.cleanupController.podDisruptionBudget.minAvai
maxUnavailable: {{ .Values.cleanupController.podDisruptionBudget.maxUnavailable }}
{{- end }}
{{- end }}

2
charts/kyverno/templates/cleanup-controller/serviceaccount.yaml
View file

@ -4,8 +4,8 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "kyverno.cleanup-controller.serviceAccountName" . }}
namespace: {{ template "kyverno.namespace" . }}
labels:
{{- include "kyverno.cleanup-controller.labels" . | nindent 4 }}
namespace: {{ template "kyverno.namespace" . }}
{{- end -}}
{{- end -}}

16
charts/kyverno/templates/clusterrole.yaml
View file

@ -4,18 +4,18 @@ kind: ClusterRole
metadata:
name: {{ template "kyverno.fullname" . }}
labels:
{{- include "kyverno.labels" . | nindent 4 }}
{{- include "kyverno.admission-controller.labels" . | nindent 4 }}
aggregationRule:
clusterRoleSelectors:
- matchLabels:
{{- include "kyverno.matchLabels" . | nindent 6 }}
{{- include "kyverno.admission-controller.matchLabels" . | nindent 6 }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "kyverno.fullname" . }}:userinfo
labels:
{{- include "kyverno.labels" . | nindent 4 }}
{{- include "kyverno.admission-controller.labels" . | nindent 4 }}
rules:
- apiGroups:
- rbac.authorization.k8s.io
@ -33,7 +33,7 @@ kind: ClusterRole
metadata:
name: {{ template "kyverno.fullname" . }}:policies
labels:
{{- include "kyverno.labels" . | nindent 4 }}
{{- include "kyverno.admission-controller.labels" . | nindent 4 }}
rules:
- apiGroups:
- kyverno.io
@ -79,7 +79,7 @@ kind: ClusterRole
metadata:
name: {{ template "kyverno.fullname" . }}:view
labels:
{{- include "kyverno.labels" . | nindent 4 }}
{{- include "kyverno.admission-controller.labels" . | nindent 4 }}
rules:
- apiGroups:
- '*'
@ -95,7 +95,7 @@ kind: ClusterRole
metadata:
name: {{ template "kyverno.fullname" . }}:generate
labels:
{{- include "kyverno.labels" . | nindent 4 }}
{{- include "kyverno.admission-controller.labels" . | nindent 4 }}
rules:
- apiGroups:
- networking.k8s.io
@ -149,7 +149,7 @@ kind: ClusterRole
metadata:
name: {{ template "kyverno.fullname" . }}:events
labels:
{{- include "kyverno.labels" . | nindent 4 }}
{{- include "kyverno.admission-controller.labels" . | nindent 4 }}
rules:
- apiGroups:
- ''
@ -167,7 +167,7 @@ kind: ClusterRole
metadata:
name: {{ template "kyverno.fullname" . }}:webhook
labels:
{{- include "kyverno.labels" . | nindent 4 }}
{{- include "kyverno.admission-controller.labels" . | nindent 4 }}
rules:
- apiGroups:
- admissionregistration.k8s.io

2
charts/kyverno/templates/clusterrolebinding.yaml
View file

@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ template "kyverno.fullname" . }}
labels:
{{- include "kyverno.labels" . | nindent 4 }}
{{- include "kyverno.admission-controller.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole

18
charts/kyverno/templates/config/_helpers.tpl
View file

@ -17,13 +17,17 @@
{{- end -}}
{{- define "kyverno.config.labels" -}}
app.kubernetes.io/part-of: {{ template "kyverno.name" . }}
{{- with (include "kyverno.helmLabels" .) -}}{{- . | trim | nindent 0 -}}{{- end -}}
{{- with (include "kyverno.matchLabels" .) -}}{{- . | trim | nindent 0 -}}{{- end -}}
{{- with (include "kyverno.versionLabels" .) -}}{{- . | trim | nindent 0 -}}{{- end -}}
{{- if .Values.customLabels }}
{{ toYaml .Values.customLabels }}
{{- end }}
{{- template "kyverno.labels.merge" (list
(include "kyverno.labels.common" .)
(include "kyverno.config.matchLabels" .)
) -}}
{{- end -}}
{{- define "kyverno.config.matchLabels" -}}
{{- template "kyverno.labels.merge" (list
(include "kyverno.matchLabels.common" .)
(include "kyverno.labels.component" "config")
) -}}
{{- end -}}
{{- define "kyverno.config.resourceFilters" -}}

17
charts/kyverno/templates/crds/_helpers.tpl
View file

@ -1,8 +1,15 @@
{{/* vim: set filetype=mustache: */}}
{{- define "kyverno.crd.labels" -}}
app.kubernetes.io/part-of: {{ template "kyverno.name" . }}
{{- with (include "kyverno.helmLabels" .) -}}{{- . | trim | nindent 0 -}}{{- end -}}
{{- with (include "kyverno.matchLabels" .) -}}{{- . | trim | nindent 0 -}}{{- end -}}
{{- with (include "kyverno.versionLabels" .) -}}{{- . | trim | nindent 0 -}}{{- end -}}
{{- define "kyverno.crds.labels" -}}
{{- template "kyverno.labels.merge" (list
(include "kyverno.labels.common" .)
(include "kyverno.crds.matchLabels" .)
) -}}
{{- end -}}
{{- define "kyverno.crds.matchLabels" -}}
{{- template "kyverno.labels.merge" (list
(include "kyverno.matchLabels.common" .)
(include "kyverno.labels.component" "crds")
) -}}
{{- end -}}

24
charts/kyverno/templates/crds/crds.yaml
View file

@ -9,7 +9,7 @@ metadata:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "kyverno.crd.labels" . | nindent 4 }}
{{- include "kyverno.crds.labels" . | nindent 4 }}
name: admissionreports.kyverno.io
spec:
group: kyverno.io
@ -354,7 +354,7 @@ metadata:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "kyverno.crd.labels" . | nindent 4 }}
{{- include "kyverno.crds.labels" . | nindent 4 }}
name: backgroundscanreports.kyverno.io
spec:
group: kyverno.io
@ -659,7 +659,7 @@ metadata:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "kyverno.crd.labels" . | nindent 4 }}
{{- include "kyverno.crds.labels" . | nindent 4 }}
name: cleanuppolicies.kyverno.io
spec:
group: kyverno.io
@ -1707,7 +1707,7 @@ metadata:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "kyverno.crd.labels" . | nindent 4 }}
{{- include "kyverno.crds.labels" . | nindent 4 }}
name: clusteradmissionreports.kyverno.io
spec:
group: kyverno.io
@ -2053,7 +2053,7 @@ metadata:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "kyverno.crd.labels" . | nindent 4 }}
{{- include "kyverno.crds.labels" . | nindent 4 }}
name: clusterbackgroundscanreports.kyverno.io
spec:
group: kyverno.io
@ -2358,7 +2358,7 @@ metadata:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "kyverno.crd.labels" . | nindent 4 }}
{{- include "kyverno.crds.labels" . | nindent 4 }}
name: clustercleanuppolicies.kyverno.io
spec:
group: kyverno.io
@ -3406,7 +3406,7 @@ metadata:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "kyverno.crd.labels" . | nindent 4 }}
{{- include "kyverno.crds.labels" . | nindent 4 }}
name: clusterpolicies.kyverno.io
spec:
group: kyverno.io
@ -16516,7 +16516,7 @@ metadata:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "kyverno.crd.labels" . | nindent 4 }}
{{- include "kyverno.crds.labels" . | nindent 4 }}
name: policies.kyverno.io
spec:
group: kyverno.io
@ -29629,7 +29629,7 @@ metadata:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "kyverno.crd.labels" . | nindent 4 }}
{{- include "kyverno.crds.labels" . | nindent 4 }}
name: policyexceptions.kyverno.io
spec:
group: kyverno.io
@ -30116,7 +30116,7 @@ metadata:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "kyverno.crd.labels" . | nindent 4 }}
{{- include "kyverno.crds.labels" . | nindent 4 }}
name: updaterequests.kyverno.io
spec:
group: kyverno.io
@ -30507,7 +30507,7 @@ metadata:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "kyverno.crd.labels" . | nindent 4 }}
{{- include "kyverno.crds.labels" . | nindent 4 }}
name: clusterpolicyreports.wgpolicyk8s.io
spec:
group: wgpolicyk8s.io
@ -30874,7 +30874,7 @@ metadata:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "kyverno.crd.labels" . | nindent 4 }}
{{- include "kyverno.crds.labels" . | nindent 4 }}
name: policyreports.wgpolicyk8s.io
spec:
group: wgpolicyk8s.io

6
charts/kyverno/templates/deployment.yaml
View file

@ -4,7 +4,7 @@ kind: Deployment
metadata:
name: {{ template "kyverno.fullname" . }}
labels:
{{- include "kyverno.labels" . | nindent 4 }}
{{- include "kyverno.admission-controller.labels" . | nindent 4 }}
namespace: {{ template "kyverno.namespace" . }}
spec:
{{- with .Values.replicaCount }}
@ -12,7 +12,7 @@ spec:
{{- end }}
selector:
matchLabels:
{{- include "kyverno.matchLabels" . | nindent 6 }}
{{- include "kyverno.admission-controller.matchLabels" . | nindent 6 }}
{{- if .Values.updateStrategy }}
strategy:
{{ toYaml .Values.updateStrategy | nindent 4 | trim }}
@ -20,7 +20,7 @@ spec:
template:
metadata:
labels:
{{- include "kyverno.labels" . | nindent 8 }}
{{- include "kyverno.admission-controller.labels" . | nindent 8 }}
{{- range $key, $value := .Values.podLabels }}
{{ $key }}: {{ $value }}
{{- end }}

2
charts/kyverno/templates/helm-pre-delete-hook.yaml
View file

@ -5,7 +5,7 @@ metadata:
name: {{ template "kyverno.fullname" . }}-hook-pre-delete
namespace: {{ template "kyverno.namespace" . }}
labels:
{{- include "kyverno.labels" . | nindent 4 }}
{{- include "kyverno.admission-controller.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed

4
charts/kyverno/templates/networkpolicy.yaml
View file

@ -3,13 +3,13 @@ apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
{{- include "kyverno.labels" . | nindent 4 }}
{{- include "kyverno.admission-controller.labels" . | nindent 4 }}
name: {{ template "kyverno.fullname" . }}
namespace: {{ template "kyverno.namespace" . }}
spec:
podSelector:
matchLabels:
{{- include "kyverno.matchLabels" . | nindent 6 }}
{{- include "kyverno.admission-controller.matchLabels" . | nindent 6 }}
policyTypes:
- Ingress
{{- if .Values.networkPolicy.ingressFrom }}

4
charts/kyverno/templates/poddisruptionbudget.yaml
View file

@ -8,11 +8,11 @@ kind: PodDisruptionBudget
metadata:
name: {{ template "kyverno.fullname" . }}
labels:
{{- include "kyverno.labels" . | nindent 4 }}
{{- include "kyverno.admission-controller.labels" . | nindent 4 }}
namespace: {{ template "kyverno.namespace" . }}
spec:
{{- include "kyverno.podDisruptionBudget.spec" . | indent 2 }}
selector:
matchLabels:
{{- include "kyverno.matchLabels" . | nindent 6 }}
{{- include "kyverno.admission-controller.matchLabels" . | nindent 6 }}
{{- end }}

21
charts/kyverno/templates/reports-controller/_helpers.tpl
View file

@ -5,22 +5,17 @@
{{- end -}}
{{- define "kyverno.reports-controller.labels" -}}
app.kubernetes.io/part-of: {{ template "kyverno.name" . }}
{{- with (include "kyverno.helmLabels" .) }}
{{ . }}
{{- end }}
{{- with (include "kyverno.versionLabels" .) }}
{{ . }}
{{- end }}
{{- with (include "kyverno.reports-controller.matchLabels" .) }}
{{ . }}
{{- end }}
{{- template "kyverno.labels.merge" (list
(include "kyverno.labels.common" .)
(include "kyverno.reports-controller.matchLabels" .)
) -}}
{{- end -}}
{{- define "kyverno.reports-controller.matchLabels" -}}
app.kubernetes.io/component: reports-controller
app.kubernetes.io/name: {{ template "kyverno.reports-controller.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- template "kyverno.labels.merge" (list
(include "kyverno.matchLabels.common" .)
(include "kyverno.labels.component" "reports-controller")
) -}}
{{- end -}}
{{- define "kyverno.reports-controller.image" -}}

1
charts/kyverno/templates/reports-controller/clusterrole.yaml
View file

@ -17,7 +17,6 @@ metadata:
name: {{ template "kyverno.reports-controller.roleName" . }}:core
labels:
{{- include "kyverno.reports-controller.labels" . | nindent 4 }}
rules:
rules:
- apiGroups:
- '*'

2
charts/kyverno/templates/role.yaml
View file

@ -5,7 +5,7 @@ metadata:
name: {{ template "kyverno.fullname" . }}:leaderelection
namespace: {{ template "kyverno.namespace" . }}
labels:
{{- include "kyverno.labels" . | nindent 4 }}
{{- include "kyverno.admission-controller.labels" . | nindent 4 }}
rules:
- apiGroups:
- coordination.k8s.io

2
charts/kyverno/templates/rolebinding.yaml
View file

@ -5,7 +5,7 @@ metadata:
name: {{ template "kyverno.fullname" . }}:leaderelection
namespace: {{ template "kyverno.namespace" . }}
labels:
{{- include "kyverno.labels" . | nindent 4 }}
{{- include "kyverno.admission-controller.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role

4
charts/kyverno/templates/secret.yaml
View file

@ -8,7 +8,7 @@ metadata:
name: {{ template "kyverno.serviceName" . }}.{{ template "kyverno.namespace" . }}.svc.kyverno-tls-ca
namespace: {{ template "kyverno.namespace" . }}
labels:
{{- include "kyverno.labels" . | nindent 4 }}
{{- include "kyverno.admission-controller.labels" . | nindent 4 }}
type: kubernetes.io/tls
data:
tls.key: {{ $ca.Key | b64enc }}
@ -20,7 +20,7 @@ metadata:
name: {{ template "kyverno.serviceName" . }}.{{ template "kyverno.namespace" . }}.svc.kyverno-tls-pair
namespace: {{ template "kyverno.namespace" . }}
labels:
{{- include "kyverno.labels" . | nindent 4 }}
{{- include "kyverno.admission-controller.labels" . | nindent 4 }}
annotations:
self-signed-cert: "true"
type: kubernetes.io/tls

8
charts/kyverno/templates/service.yaml
View file

@ -3,7 +3,7 @@ kind: Service
metadata:
name: {{ template "kyverno.serviceName" . }}
labels:
{{- include "kyverno.labels" . | nindent 4 }}
{{- include "kyverno.admission-controller.labels" . | nindent 4 }}
namespace: {{ template "kyverno.namespace" . }}
{{- with .Values.service.annotations }}
annotations: {{ tpl (toYaml .) $ | nindent 4 }}
@ -18,7 +18,7 @@ spec:
nodePort: {{ .Values.service.nodePort }}
{{- end }}
selector:
{{- include "kyverno.matchLabels" . | nindent 4 }}
{{- include "kyverno.admission-controller.matchLabels" . | nindent 4 }}
type: {{ .Values.service.type }}
---
{{- if .Values.metricsService.create }}
@ -27,7 +27,7 @@ kind: Service
metadata:
name: {{ template "kyverno.serviceName" . }}-metrics
labels:
{{- include "kyverno.labels" . | nindent 4 }}
{{- include "kyverno.admission-controller.labels" . | nindent 4 }}
namespace: {{ template "kyverno.namespace" . }}
{{- with .Values.metricsService.annotations }}
annotations: {{ tpl (toYaml .) $ | nindent 4 }}
@ -42,6 +42,6 @@ spec:
nodePort: {{ .Values.metricsService.nodePort }}
{{- end }}
selector:
{{- include "kyverno.matchLabels" . | nindent 4 }}
{{- include "kyverno.admission-controller.matchLabels" . | nindent 4 }}
type: {{ .Values.metricsService.type }}
{{- end -}}

2
charts/kyverno/templates/serviceaccount.yaml
View file

@ -4,7 +4,7 @@ kind: ServiceAccount
metadata:
name: {{ template "kyverno.serviceAccountName" . }}
labels:
{{- include "kyverno.labels" . | nindent 4 }}
{{- include "kyverno.admission-controller.labels" . | nindent 4 }}
{{- if .Values.rbac.serviceAccount.annotations }}
annotations: {{ toYaml .Values.rbac.serviceAccount.annotations | nindent 4 }}
{{- end }}

4
charts/kyverno/templates/servicemonitor.yaml
View file

@ -3,7 +3,7 @@ apiVersion: "monitoring.coreos.com/v1"
kind: ServiceMonitor
metadata:
labels:
{{- include "kyverno.labels" . | nindent 4 }}
{{- include "kyverno.admission-controller.labels" . | nindent 4 }}
{{- if .Values.serviceMonitor.additionalLabels }}
{{ toYaml .Values.serviceMonitor.additionalLabels | indent 4 }}
{{- end }}
@ -16,7 +16,7 @@ metadata:
spec:
selector:
matchLabels:
{{- include "kyverno.matchLabels" . | nindent 6 }}
{{- include "kyverno.admission-controller.matchLabels" . | nindent 6 }}
namespaceSelector:
matchNames:
- {{ template "kyverno.namespace" . }}

16
charts/kyverno/templates/tests/_helpers.tpl
View file

@ -1,17 +1,17 @@
{{/* vim: set filetype=mustache: */}}
{{- define "kyverno.test.labels" -}}
app.kubernetes.io/part-of: {{ template "kyverno.name" . }}
app.kubernetes.io/component: test
{{- with (include "kyverno.helmLabels" .) -}}{{- . | trim | nindent 0 -}}{{- end -}}
{{- with (include "kyverno.test.matchLabels" .) -}}{{- . | trim | nindent 0 -}}{{- end -}}
{{- with (include "kyverno.versionLabels" .) -}}{{- . | trim | nindent 0 -}}{{- end -}}
{{- template "kyverno.labels.merge" (list
(include "kyverno.labels.common" .)
(include "kyverno.test.matchLabels" .)
) -}}
{{- end -}}
{{- define "kyverno.test.matchLabels" -}}
app.kubernetes.io/component: test
app.kubernetes.io/name: {{ template "kyverno.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- template "kyverno.labels.merge" (list
(include "kyverno.matchLabels.common" .)
(include "kyverno.labels.component" "test")
) -}}
{{- end -}}
{{- define "kyverno.test.annotations" -}}

252
config/install.yaml
View file

@ -4,34 +4,30 @@ kind: Namespace
metadata:
name: kyverno
labels:
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kyverno-cleanup-controller
namespace: kyverno
labels:
app.kubernetes.io/component: cleanup-controller
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
app.kubernetes.io/component: cleanup-controller
app.kubernetes.io/name: kyverno-cleanup-controller
app.kubernetes.io/instance: kyverno
namespace: kyverno
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kyverno-reports-controller
labels:
app.kubernetes.io/component: reports-controller
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
app.kubernetes.io/component: reports-controller
app.kubernetes.io/name: kyverno-reports-controller
app.kubernetes.io/instance: kyverno
namespace: kyverno
---
apiVersion: v1
@ -39,10 +35,9 @@ kind: ServiceAccount
metadata:
name: kyverno
labels:
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
namespace: kyverno
---
@ -52,10 +47,9 @@ metadata:
name: kyverno
namespace: kyverno
labels:
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/component: config
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
data:
enableDefaultRegistryMutation: "true"
@ -70,10 +64,9 @@ metadata:
name: kyverno-metrics
namespace: kyverno
labels:
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/component: config
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
data:
namespaces: "{\"exclude\":[],\"include\":[]}"
@ -84,10 +77,9 @@ metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
labels:
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/component: crds
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
name: admissionreports.kyverno.io
spec:
@ -430,10 +422,9 @@ metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
labels:
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/component: crds
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
name: backgroundscanreports.kyverno.io
spec:
@ -736,10 +727,9 @@ metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
labels:
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/component: crds
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
name: cleanuppolicies.kyverno.io
spec:
@ -1785,10 +1775,9 @@ metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
labels:
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/component: crds
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
name: clusteradmissionreports.kyverno.io
spec:
@ -2132,10 +2121,9 @@ metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
labels:
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/component: crds
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
name: clusterbackgroundscanreports.kyverno.io
spec:
@ -2438,10 +2426,9 @@ metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
labels:
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/component: crds
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
name: clustercleanuppolicies.kyverno.io
spec:
@ -3487,10 +3474,9 @@ metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
labels:
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/component: crds
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
name: clusterpolicies.kyverno.io
spec:
@ -16598,10 +16584,9 @@ metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
labels:
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/component: crds
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
name: policies.kyverno.io
spec:
@ -29712,10 +29697,9 @@ metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
labels:
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/component: crds
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
name: policyexceptions.kyverno.io
spec:
@ -30200,10 +30184,9 @@ metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
labels:
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/component: crds
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
name: updaterequests.kyverno.io
spec:
@ -30592,10 +30575,9 @@ metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
labels:
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/component: crds
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
name: clusterpolicyreports.wgpolicyk8s.io
spec:
@ -30960,10 +30942,9 @@ metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
labels:
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/component: crds
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
name: policyreports.wgpolicyk8s.io
spec:
@ -31327,10 +31308,9 @@ metadata:
name: kyverno:admin-policies
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
rules:
- apiGroups:
@ -31353,10 +31333,9 @@ metadata:
name: kyverno:admin-policyreport
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
rules:
- apiGroups:
@ -31379,10 +31358,9 @@ metadata:
name: kyverno:admin-reports
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
rules:
- apiGroups:
@ -31407,10 +31385,9 @@ metadata:
name: kyverno:admin-updaterequest
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
rules:
- apiGroups:
@ -31431,28 +31408,26 @@ kind: ClusterRole
metadata:
name: kyverno:cleanup-controller
labels:
app.kubernetes.io/component: cleanup-controller
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
app.kubernetes.io/component: cleanup-controller
app.kubernetes.io/name: kyverno-cleanup-controller
app.kubernetes.io/instance: kyverno
aggregationRule:
clusterRoleSelectors:
- matchLabels:
app.kubernetes.io/component: cleanup-controller
app.kubernetes.io/name: kyverno-cleanup-controller
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kyverno:cleanup-controller:core
labels:
app.kubernetes.io/component: cleanup-controller
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
app.kubernetes.io/component: cleanup-controller
app.kubernetes.io/name: kyverno-cleanup-controller
app.kubernetes.io/instance: kyverno
rules:
- apiGroups:
- admissionregistration.k8s.io
@ -31513,27 +31488,25 @@ kind: ClusterRole
metadata:
name: kyverno
labels:
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
aggregationRule:
clusterRoleSelectors:
- matchLabels:
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kyverno:userinfo
labels:
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
rules:
- apiGroups:
@ -31552,10 +31525,9 @@ kind: ClusterRole
metadata:
name: kyverno:policies
labels:
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
rules:
- apiGroups:
@ -31602,10 +31574,9 @@ kind: ClusterRole
metadata:
name: kyverno:view
labels:
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
rules:
- apiGroups:
@ -31622,10 +31593,9 @@ kind: ClusterRole
metadata:
name: kyverno:generate
labels:
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
rules:
- apiGroups:
@ -31668,10 +31638,9 @@ kind: ClusterRole
metadata:
name: kyverno:events
labels:
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
rules:
- apiGroups:
@ -31690,10 +31659,9 @@ kind: ClusterRole
metadata:
name: kyverno:webhook
labels:
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
rules:
- apiGroups:
@ -31716,29 +31684,26 @@ kind: ClusterRole
metadata:
name: kyverno:reports-controller
labels:
app.kubernetes.io/component: reports-controller
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
app.kubernetes.io/component: reports-controller
app.kubernetes.io/name: kyverno-reports-controller
app.kubernetes.io/instance: kyverno
aggregationRule:
clusterRoleSelectors:
- matchLabels:
app.kubernetes.io/component: reports-controller
app.kubernetes.io/name: kyverno-reports-controller
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kyverno:reports-controller:core
labels:
app.kubernetes.io/component: reports-controller
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
app.kubernetes.io/component: reports-controller
app.kubernetes.io/name: kyverno-reports-controller
app.kubernetes.io/instance: kyverno
rules:
rules:
- apiGroups:
- '*'
@ -31793,11 +31758,10 @@ apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: kyverno:cleanup-controller
labels:
app.kubernetes.io/component: cleanup-controller
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
app.kubernetes.io/component: cleanup-controller
app.kubernetes.io/name: kyverno-cleanup-controller
app.kubernetes.io/instance: kyverno
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
@ -31812,10 +31776,9 @@ apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: kyverno
labels:
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -31831,11 +31794,10 @@ apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: kyverno:reports-controller
labels:
app.kubernetes.io/component: reports-controller
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
app.kubernetes.io/component: reports-controller
app.kubernetes.io/name: kyverno-reports-controller
app.kubernetes.io/instance: kyverno
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
@ -31850,11 +31812,10 @@ kind: Role
metadata:
name: kyverno:cleanup-controller
labels:
app.kubernetes.io/component: cleanup-controller
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
app.kubernetes.io/component: cleanup-controller
app.kubernetes.io/name: kyverno-cleanup-controller
app.kubernetes.io/instance: kyverno
namespace: kyverno
rules:
- apiGroups:
@ -31891,11 +31852,10 @@ kind: Role
metadata:
name: kyverno:reports-controller
labels:
app.kubernetes.io/component: reports-controller
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
app.kubernetes.io/component: reports-controller
app.kubernetes.io/name: kyverno-reports-controller
app.kubernetes.io/instance: kyverno
namespace: kyverno
rules:
- apiGroups:
@ -31923,10 +31883,9 @@ metadata:
name: kyverno:leaderelection
namespace: kyverno
labels:
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
rules:
- apiGroups:
@ -31955,11 +31914,10 @@ apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: kyverno:cleanup-controller
labels:
app.kubernetes.io/component: cleanup-controller
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
app.kubernetes.io/component: cleanup-controller
app.kubernetes.io/name: kyverno-cleanup-controller
app.kubernetes.io/instance: kyverno
namespace: kyverno
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -31975,11 +31933,10 @@ apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: kyverno:reports-controller
labels:
app.kubernetes.io/component: reports-controller
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
app.kubernetes.io/component: reports-controller
app.kubernetes.io/name: kyverno-reports-controller
app.kubernetes.io/instance: kyverno
namespace: kyverno
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -31996,10 +31953,9 @@ metadata:
name: kyverno:leaderelection
namespace: kyverno
labels:
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -32016,11 +31972,10 @@ metadata:
name: kyverno-cleanup-controller
namespace: kyverno
labels:
app.kubernetes.io/component: cleanup-controller
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
app.kubernetes.io/component: cleanup-controller
app.kubernetes.io/name: kyverno-cleanup-controller
app.kubernetes.io/instance: kyverno
spec:
ports:
- port: 443
@ -32029,8 +31984,8 @@ spec:
name: https
selector:
app.kubernetes.io/component: cleanup-controller
app.kubernetes.io/name: kyverno-cleanup-controller
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
type: ClusterIP
---
apiVersion: v1
@ -32039,11 +31994,10 @@ metadata:
name: kyverno-cleanup-controller-metrics
namespace: kyverno
labels:
app.kubernetes.io/component: cleanup-controller
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
app.kubernetes.io/component: cleanup-controller
app.kubernetes.io/name: kyverno-cleanup-controller
app.kubernetes.io/instance: kyverno
spec:
ports:
- port: 8000
@ -32052,8 +32006,8 @@ spec:
name: metrics-port
selector:
app.kubernetes.io/component: cleanup-controller
app.kubernetes.io/name: kyverno-cleanup-controller
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
type: ClusterIP
---
apiVersion: v1
@ -32062,11 +32016,10 @@ metadata:
name: kyverno-reports-controller-metrics
namespace: kyverno
labels:
app.kubernetes.io/component: reports-controller
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
app.kubernetes.io/component: reports-controller
app.kubernetes.io/name: kyverno-reports-controller
app.kubernetes.io/instance: kyverno
spec:
ports:
- port: 8000
@ -32075,8 +32028,8 @@ spec:
name: metrics-port
selector:
app.kubernetes.io/component: reports-controller
app.kubernetes.io/name: kyverno-reports-controller
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
type: ClusterIP
---
apiVersion: v1
@ -32084,10 +32037,9 @@ kind: Service
metadata:
name: kyverno-svc
labels:
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
namespace: kyverno
spec:
@ -32098,8 +32050,8 @@ spec:
name: https
selector:
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
type: ClusterIP
---
apiVersion: v1
@ -32107,10 +32059,9 @@ kind: Service
metadata:
name: kyverno-svc-metrics
labels:
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
namespace: kyverno
spec:
@ -32121,8 +32072,8 @@ spec:
name: metrics-port
selector:
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
type: ClusterIP
---
apiVersion: apps/v1
@ -32130,11 +32081,10 @@ kind: Deployment
metadata:
name: kyverno-cleanup-controller
labels:
app.kubernetes.io/component: cleanup-controller
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
app.kubernetes.io/component: cleanup-controller
app.kubernetes.io/name: kyverno-cleanup-controller
app.kubernetes.io/instance: kyverno
namespace: kyverno
spec:
strategy:
@ -32145,16 +32095,15 @@ spec:
selector:
matchLabels:
app.kubernetes.io/component: cleanup-controller
app.kubernetes.io/name: kyverno-cleanup-controller
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
template:
metadata:
labels:
app.kubernetes.io/component: cleanup-controller
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
app.kubernetes.io/component: cleanup-controller
app.kubernetes.io/name: kyverno-cleanup-controller
app.kubernetes.io/instance: kyverno
spec:
dnsPolicy: ClusterFirst
affinity:
@ -32205,7 +32154,6 @@ spec:
cpu: 100m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
@ -32249,18 +32197,17 @@ kind: Deployment
metadata:
name: kyverno
labels:
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
namespace: kyverno
spec:
selector:
matchLabels:
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
strategy:
rollingUpdate:
maxSurge: 1
@ -32269,10 +32216,9 @@ spec:
template:
metadata:
labels:
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: kyverno
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
spec:
affinity:
@ -32427,11 +32373,10 @@ kind: Deployment
metadata:
name: kyverno-reports-controller
labels:
app.kubernetes.io/component: reports-controller
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
app.kubernetes.io/component: reports-controller
app.kubernetes.io/name: kyverno-reports-controller
app.kubernetes.io/instance: kyverno
namespace: kyverno
spec:
strategy:
@ -32442,16 +32387,15 @@ spec:
selector:
matchLabels:
app.kubernetes.io/component: reports-controller
app.kubernetes.io/name: kyverno-reports-controller
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
template:
metadata:
labels:
app.kubernetes.io/component: reports-controller
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
app.kubernetes.io/component: reports-controller
app.kubernetes.io/name: kyverno-reports-controller
app.kubernetes.io/instance: kyverno
spec:
dnsPolicy: ClusterFirst
affinity:

2
test/conformance/kuttl/mutate/clusterpolicy/standard/existing/mutate-existing-node-status/01-manifests.yaml
View file

@ -27,7 +27,7 @@ metadata:
labels:
app.kubernetes.io/component: admission-controller
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
name: kyverno:modify-nodes
rules:
- apiGroups: