mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-29 02:45:06 +00:00
Code Activity

taf v1.4.2-rc1

Browse source 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
This commit is contained in:
Shuting Zhao 2021-07-23 14:43:28 -07:00
parent a0bac26308
commit d3e47b8e48
5 changed files with 121 additions and 73 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
charts/kyverno/Chart.yaml
View file

@ -1,7 +1,7 @@
apiVersion: v1
name: kyverno
version: v1.4.2
appVersion: v1.4.1
version: v1.4.3-rc1
appVersion: v1.4.2-rc1
icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png
description: Kubernetes Native Policy Management
keywords:

62
definitions/install.yaml
View file

@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: kyverno
---
apiVersion: apiextensions.k8s.io/v1
@ -23,7 +23,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: clusterpolicies.kyverno.io
spec:
group: kyverno.io
@ -540,7 +540,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: clusterpolicyreports.wgpolicyk8s.io
spec:
group: wgpolicyk8s.io
@ -793,7 +793,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: clusterreportchangerequests.kyverno.io
spec:
group: kyverno.io
@ -1046,7 +1046,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: generaterequests.kyverno.io
spec:
group: kyverno.io
@ -1218,7 +1218,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: policies.kyverno.io
spec:
group: kyverno.io
@ -1735,7 +1735,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: policyreports.wgpolicyk8s.io
spec:
group: wgpolicyk8s.io
@ -1988,7 +1988,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: reportchangerequests.kyverno.io
spec:
group: kyverno.io
@ -2239,7 +2239,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: kyverno-service-account
namespace: kyverno
---
@ -2253,7 +2253,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: kyverno:admin-policies
rules:
@ -2275,7 +2275,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: kyverno:admin-policyreport
rules:
@ -2297,7 +2297,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: kyverno:admin-reportchangerequest
rules:
@ -2319,7 +2319,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: kyverno:customresources
rules:
- apiGroups:
@ -2365,7 +2365,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: kyverno:generatecontroller
rules:
- apiGroups:
@ -2400,7 +2400,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: kyverno:leaderelection
rules:
- apiGroups:
@ -2424,7 +2424,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: kyverno:policycontroller
rules:
- apiGroups:
@ -2447,7 +2447,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: kyverno:userinfo
rules:
- apiGroups:
@ -2473,7 +2473,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: kyverno:webhook
rules:
- apiGroups:
@ -2525,7 +2525,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: kyverno:customresources
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -2546,7 +2546,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: kyverno:generatecontroller
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -2567,7 +2567,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: kyverno:leaderelection
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -2588,7 +2588,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: kyverno:policycontroller
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -2609,7 +2609,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: kyverno:userinfo
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -2630,7 +2630,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: kyverno:webhook
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -2655,7 +2655,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: init-config
namespace: kyverno
---
@ -2669,7 +2669,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: kyverno-svc
namespace: kyverno
spec:
@ -2691,7 +2691,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: kyverno-svc-metrics
namespace: kyverno
spec:
@ -2713,7 +2713,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: kyverno
namespace: kyverno
spec:
@ -2731,7 +2731,7 @@ spec:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
spec:
containers:
- args:
@ -2746,7 +2746,7 @@ spec:
fieldPath: metadata.namespace
- name: KYVERNO_SVC
value: kyverno-svc
image: ghcr.io/kyverno/kyverno:v1.4.1
image: ghcr.io/kyverno/kyverno:v1.4.2-rc1
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 2
@ -2791,7 +2791,7 @@ spec:
readOnlyRootFilesystem: true
runAsNonRoot: true
initContainers:
- image: ghcr.io/kyverno/kyvernopre:v1.4.1
- image: ghcr.io/kyverno/kyvernopre:v1.4.2-rc1
imagePullPolicy: IfNotPresent
name: kyverno-pre
resources:

4
definitions/kustomization.yaml
View file

@ -12,7 +12,7 @@ resources:
images:
- name: ghcr.io/kyverno/kyverno
newName: ghcr.io/kyverno/kyverno
newTag: v1.4.1
newTag: v1.4.2-rc1
- name: ghcr.io/kyverno/kyvernopre
newName: ghcr.io/kyverno/kyvernopre
newTag: v1.4.1
newTag: v1.4.2-rc1

2
definitions/labels.yaml
View file

@ -9,7 +9,7 @@ labels:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
fieldSpecs:
- path: metadata/labels
create: true

122
definitions/release/install.yaml
View file

@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: kyverno
---
apiVersion: apiextensions.k8s.io/v1
@ -23,7 +23,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: clusterpolicies.kyverno.io
spec:
group: kyverno.io
@ -125,6 +125,11 @@ spec:
name:
description: Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character).
type: string
names:
description: 'Names are the names of the resources. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). NOTE: "Name" is being deprecated in favor of "Names".'
items:
type: string
type: array
namespaceSelector:
description: 'NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.'
properties:
@ -275,6 +280,11 @@ spec:
name:
description: Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character).
type: string
names:
description: 'Names are the names of the resources. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). NOTE: "Name" is being deprecated in favor of "Names".'
items:
type: string
type: array
namespaceSelector:
description: 'NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.'
properties:
@ -405,7 +415,7 @@ spec:
maxLength: 63
type: string
preconditions:
description: AnyAllConditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation. This too can be made to happen in a logical-manner where in some situation all the conditions need to pass and in some other situation, atleast one condition is enough to pass. For the sake of backwards compatibility, it can be populated with []kyverno.Condition.
description: 'Preconditions are used to determine if a policy rule should be applied by evaluating a set of conditions. The declaration can contain nested `any` or `all` statements. A direct list of conditions (without `any` or `all` statements is supported for backwards compatibility but will be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
validate:
description: Validation is used to validate matching resources.
@ -414,10 +424,10 @@ spec:
description: AnyPattern specifies list of validation patterns. At least one of the patterns must be satisfied for the validation rule to succeed.
x-kubernetes-preserve-unknown-fields: true
deny:
description: Deny defines conditions to fail the validation rule.
description: Deny defines conditions used to pass or fail a validation rule.
properties:
conditions:
description: specifies the set of conditions to deny in a logical manner For the sake of backwards compatibility, it can be populated with []kyverno.Condition.
description: 'Multiple conditions can be declared under an `any` or `all` statement. A direct list of conditions (without `any` or `all` statements) is also supported for backwards compatibility but will be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/validate/#deny-rules'
x-kubernetes-preserve-unknown-fields: true
type: object
message:
@ -427,6 +437,19 @@ spec:
description: Pattern specifies an overlay-style pattern used to check resources.
x-kubernetes-preserve-unknown-fields: true
type: object
verifyImages:
description: VerifyImages is used to verify image signatures and mutate them to add a digest
items:
description: ImageVerification validates that images that match the specified pattern are signed with the supplied public key. Once the image is verified it is mutated to include the SHA digest retrieved during the registration.
properties:
image:
description: 'Image is the image name consisting of the registry address, repository, image, and tag. Wildcards (''*'' and ''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.'
type: string
key:
description: Key is the PEM encoded public key that the image is signed with.
type: string
type: object
type: array
type: object
type: array
validationFailureAction:
@ -517,7 +540,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: clusterpolicyreports.wgpolicyk8s.io
spec:
group: wgpolicyk8s.io
@ -770,7 +793,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: clusterreportchangerequests.kyverno.io
spec:
group: kyverno.io
@ -1023,7 +1046,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: generaterequests.kyverno.io
spec:
group: kyverno.io
@ -1195,7 +1218,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: policies.kyverno.io
spec:
group: kyverno.io
@ -1297,6 +1320,11 @@ spec:
name:
description: Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character).
type: string
names:
description: 'Names are the names of the resources. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). NOTE: "Name" is being deprecated in favor of "Names".'
items:
type: string
type: array
namespaceSelector:
description: 'NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.'
properties:
@ -1447,6 +1475,11 @@ spec:
name:
description: Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character).
type: string
names:
description: 'Names are the names of the resources. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). NOTE: "Name" is being deprecated in favor of "Names".'
items:
type: string
type: array
namespaceSelector:
description: 'NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.'
properties:
@ -1577,7 +1610,7 @@ spec:
maxLength: 63
type: string
preconditions:
description: AnyAllConditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation. This too can be made to happen in a logical-manner where in some situation all the conditions need to pass and in some other situation, atleast one condition is enough to pass. For the sake of backwards compatibility, it can be populated with []kyverno.Condition.
description: 'Preconditions are used to determine if a policy rule should be applied by evaluating a set of conditions. The declaration can contain nested `any` or `all` statements. A direct list of conditions (without `any` or `all` statements is supported for backwards compatibility but will be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
validate:
description: Validation is used to validate matching resources.
@ -1586,10 +1619,10 @@ spec:
description: AnyPattern specifies list of validation patterns. At least one of the patterns must be satisfied for the validation rule to succeed.
x-kubernetes-preserve-unknown-fields: true
deny:
description: Deny defines conditions to fail the validation rule.
description: Deny defines conditions used to pass or fail a validation rule.
properties:
conditions:
description: specifies the set of conditions to deny in a logical manner For the sake of backwards compatibility, it can be populated with []kyverno.Condition.
description: 'Multiple conditions can be declared under an `any` or `all` statement. A direct list of conditions (without `any` or `all` statements) is also supported for backwards compatibility but will be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/validate/#deny-rules'
x-kubernetes-preserve-unknown-fields: true
type: object
message:
@ -1599,6 +1632,19 @@ spec:
description: Pattern specifies an overlay-style pattern used to check resources.
x-kubernetes-preserve-unknown-fields: true
type: object
verifyImages:
description: VerifyImages is used to verify image signatures and mutate them to add a digest
items:
description: ImageVerification validates that images that match the specified pattern are signed with the supplied public key. Once the image is verified it is mutated to include the SHA digest retrieved during the registration.
properties:
image:
description: 'Image is the image name consisting of the registry address, repository, image, and tag. Wildcards (''*'' and ''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.'
type: string
key:
description: Key is the PEM encoded public key that the image is signed with.
type: string
type: object
type: array
type: object
type: array
validationFailureAction:
@ -1689,7 +1735,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: policyreports.wgpolicyk8s.io
spec:
group: wgpolicyk8s.io
@ -1942,7 +1988,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: reportchangerequests.kyverno.io
spec:
group: kyverno.io
@ -2193,7 +2239,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: kyverno-service-account
namespace: kyverno
---
@ -2207,7 +2253,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: kyverno:admin-policies
rules:
@ -2229,7 +2275,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: kyverno:admin-policyreport
rules:
@ -2251,7 +2297,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: kyverno:admin-reportchangerequest
rules:
@ -2273,7 +2319,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: kyverno:customresources
rules:
- apiGroups:
@ -2301,6 +2347,7 @@ rules:
- patch
- update
- watch
- deletecollection
- apiGroups:
- apiextensions.k8s.io
resources:
@ -2318,7 +2365,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: kyverno:generatecontroller
rules:
- apiGroups:
@ -2353,7 +2400,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: kyverno:leaderelection
rules:
- apiGroups:
@ -2377,7 +2424,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: kyverno:policycontroller
rules:
- apiGroups:
@ -2400,7 +2447,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: kyverno:userinfo
rules:
- apiGroups:
@ -2426,7 +2473,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: kyverno:webhook
rules:
- apiGroups:
@ -2478,7 +2525,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: kyverno:customresources
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -2499,7 +2546,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: kyverno:generatecontroller
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -2520,7 +2567,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: kyverno:leaderelection
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -2541,7 +2588,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: kyverno:policycontroller
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -2562,7 +2609,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: kyverno:userinfo
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -2583,7 +2630,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: kyverno:webhook
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -2597,6 +2644,7 @@ subjects:
apiVersion: v1
data:
excludeGroupRole: system:serviceaccounts:kube-system,system:nodes,system:kube-scheduler
generateSuccessEvents: "false"
resourceFilters: '[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][SelfSubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*][ReportChangeRequest,*,*][ClusterReportChangeRequest,*,*][PolicyReport,*,*][ClusterPolicyReport,*,*]'
kind: ConfigMap
metadata:
@ -2607,7 +2655,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: init-config
namespace: kyverno
---
@ -2621,7 +2669,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: kyverno-svc
namespace: kyverno
spec:
@ -2643,7 +2691,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: kyverno-svc-metrics
namespace: kyverno
spec:
@ -2665,7 +2713,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
name: kyverno
namespace: kyverno
spec:
@ -2683,7 +2731,7 @@ spec:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.4.1
app.kubernetes.io/version: v1.4.2-rc1
spec:
containers:
- args:
@ -2698,7 +2746,7 @@ spec:
fieldPath: metadata.namespace
- name: KYVERNO_SVC
value: kyverno-svc
image: ghcr.io/kyverno/kyverno:v1.4.1
image: ghcr.io/kyverno/kyverno:v1.4.2-rc1
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 2
@ -2743,7 +2791,7 @@ spec:
readOnlyRootFilesystem: true
runAsNonRoot: true
initContainers:
- image: ghcr.io/kyverno/kyvernopre:v1.4.1
- image: ghcr.io/kyverno/kyvernopre:v1.4.2-rc1
imagePullPolicy: IfNotPresent
name: kyverno-pre
resources: