mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-05 15:37:19 +00:00
Code Activity

fix: do not exclude kube-system service accounts by default (#7225)

Browse source 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2023-05-18 00:23:30 +02:00 committed by GitHub
parent d99c000b17
commit 6cf0f36339
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 5 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
charts/kyverno/README.md
View file

@ -258,8 +258,8 @@ The chart values are organised per component.
| config.annotations | object | `{}` | Additional annotations to add to the configmap. |
| config.enableDefaultRegistryMutation | bool | `true` | Enable registry mutation for container images. Enabled by default. |
| config.defaultRegistry | string | `"docker.io"` | The registry hostname used for the image mutation. |
| config.excludeGroups | list | `["system:serviceaccounts:kube-system","system:nodes"]` | Exclude groups |
| config.excludeUsernames | list | `["!system:kube-scheduler"]` | Exclude usernames |
| config.excludeGroups | list | `["system:nodes"]` | Exclude groups |
| config.excludeUsernames | list | `[]` | Exclude usernames |
| config.excludeRoles | list | `[]` | Exclude roles |
| config.excludeClusterRoles | list | `[]` | Exclude roles |
| config.generateSuccessEvents | bool | `false` | Generate success events. |

5
charts/kyverno/values.yaml
View file

@ -55,12 +55,11 @@ config:
# -- Exclude groups
excludeGroups:
- system:serviceaccounts:kube-system
- system:nodes
# -- Exclude usernames
excludeUsernames:
- '!system:kube-scheduler'
excludeUsernames: []
# - '!system:kube-scheduler'
# -- Exclude roles
excludeRoles: []

3
config/install-latest-testing.yaml
View file

@ -76,8 +76,7 @@ data:
enableDefaultRegistryMutation: "true"
defaultRegistry: "docker.io"
generateSuccessEvents: "false"
excludeGroups: "system:serviceaccounts:kube-system,system:nodes"
excludeUsernames: "!system:kube-scheduler"
excludeGroups: "system:nodes"
resourceFilters: >-
[*/*,kyverno,*]
[Event,*,*]