mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-13 19:28:55 +00:00
allows for configuration of test image through chart values (#2410)
Signed-off-by: Morgan Hoban <morgan.hoban@sage.com>
This commit is contained in:
Morgan Hoban
GitHub
parent
afae554a7b
commit
f52ea45331
4 changed files with 20 additions and 8 deletions
|
|
@ -1,6 +1,6 @@
|
|||
apiVersion: v1
|
||||
name: kyverno
|
||||
version: v2.0.3
|
||||
version: v2.0.4
|
||||
appVersion: v1.4.3
|
||||
icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png
|
||||
description: Kubernetes Native Policy Management
|
||||
|
|
|
|||
|
|
@ -65,7 +65,6 @@ The following table lists the configurable parameters of the kyverno chart and t
|
|||
| Parameter | Description | Default |
|
||||
| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
||||
| `affinity` | node/pod affinities | `nil` |
|
||||
| `topologySpreadConstraints` | node/pod topology spread constrains | `[]` |
|
||||
| `createSelfSignedCert` | generate a self signed cert and certificate authority. Kyverno defaults to using kube-controller-manager CA-signed certificate or existing cert secret if false. | `false` |
|
||||
| `config.existingConfig` | existing Kubernetes configmap to use for the resource filters configuration | `nil` |
|
||||
| `config.resourceFilters` | list of resource types to be skipped by kyverno policy engine. See [documentation](https://kyverno.io/docs/installation/#resource-filters) for details | `[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][SelfSubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*][ReportChangeRequest,*,*][ClusterReportChangeRequest,*,*]` |
|
||||
|
|
@ -93,6 +92,9 @@ The following table lists the configurable parameters of the kyverno chart and t
|
|||
| `podAnnotations` | annotations to add to each pod | `{}` |
|
||||
| `podLabels` | additional labels to add to each pod | `{}` |
|
||||
| `podSecurityContext` | security context for the pod | `{}` |
|
||||
| `podSecurityPolicies` | Policies to include when `podSecurityStandard` is set to `custom` | `[]` |
|
||||
| `podSecuritySeverity` | set desired pod security severity `low`, `medium`, `high`. Used severity level in PolicyReportResults for the selected pod security policies. | `medium` |
|
||||
| `podSecurityStandard` | set desired pod security level `privileged`, `baseline`, `restricted`, `custom`. Set to `restricted` for maximum security for your cluster. See: https://kyverno.io/policies/pod-security/ | `baseline` |
|
||||
| `priorityClassName` | priorityClassName | `nil` |
|
||||
| `rbac.create` | create ClusterRoles, ClusterRoleBindings, and ServiceAccount | `true` |
|
||||
| `rbac.serviceAccount.create` | create a ServiceAccount | `true` |
|
||||
|
|
@ -101,6 +103,7 @@ The following table lists the configurable parameters of the kyverno chart and t
|
|||
| `readinessProbe` | readiness probe configuration | `{}` |
|
||||
| `replicaCount` | desired number of pods | `1` |
|
||||
| `resources` | pod resource requests and limits | `{}` |
|
||||
| `securityContext` | security context configuration | `{}` |
|
||||
| `service.annotations` | annotations to add to the service | `{}` |
|
||||
| `service.nodePort` | node port | `nil` |
|
||||
| `service.port` | port for the service | `443` |
|
||||
|
|
@ -112,11 +115,11 @@ The following table lists the configurable parameters of the kyverno chart and t
|
|||
| `serviceMonitor.scrapeTimeout` | timeout if metrics can't be retrieved in given time interval | `25s` |
|
||||
| `serviceMonitor.secure` | is TLS required for endpoint | `false` |
|
||||
| `serviceMonitor.tlsConfig` | TLS Configuration for endpoint | `[]` |
|
||||
| `testImage.pullPolicy` | image pull policy for test image (defaults to `image.pullPolicy`) | `nil` |
|
||||
| `testImage.repository` | repository for chart test image | `busybox` |
|
||||
| `testImage.tag` | tag for chart test image | `nil` |
|
||||
| `tolerations` | list of node taints to tolerate | `[]` |
|
||||
| `securityContext` | security context configuration | `{}` |
|
||||
| `podSecurityStandard` | set desired pod security level `privileged`, `baseline`, `restricted`, `custom`. Set to `restricted` for maximum security for your cluster. See: https://kyverno.io/policies/pod-security/ | `baseline` |
|
||||
| `podSecuritySeverity` | set desired pod security severity `low`, `medium`, `high`. Used severity level in PolicyReportResults for the selected pod security policies. | `medium` |
|
||||
| `podSecurityPolicies` | Policies to include when `podSecurityStandard` is set to `custom` | `[]` |
|
||||
| `topologySpreadConstraints` | node/pod topology spread constrains | `[]` |
|
||||
| `validationFailureAction` | set to get response in failed validation check. Supported values are `audit` and `enforce`. See: https://kyverno.io/docs/writing-policies/validate/ | `audit` |
|
||||
|
||||
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
|
||||
|
|
|
|||
|
|
@ -10,14 +10,16 @@ spec:
|
|||
restartPolicy: Never
|
||||
containers:
|
||||
- name: wget
|
||||
image: busybox
|
||||
image: {{ .Values.testImage.repository | default "busybox" }}{{- if .Values.testImage.tag }}:{{ .Values.testImage.tag }}{{- end }}
|
||||
imagePullPolicy: {{ default .Values.image.pullPolicy .Values.testImage.pullPolicy }}
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
- |
|
||||
sleep 20 ; wget -O- -S --no-check-certificate https://{{ template "kyverno.serviceName" . }}:{{ .Values.service.port }}/health/liveness
|
||||
- name: wget-metrics
|
||||
image: busybox
|
||||
image: {{ .Values.testImage.repository | default "busybox" }}{{- if .Values.testImage.tag }}:{{ .Values.testImage.tag }}{{- end }}
|
||||
imagePullPolicy: {{ default .Values.image.pullPolicy .Values.testImage.pullPolicy }}
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
|
|
|
|||
|
|
@ -37,6 +37,13 @@ initImage:
|
|||
# If initImage.pullPolicy is missing, defaults to image.pullPolicy
|
||||
pullPolicy:
|
||||
# No pull secrets just for initImage; just add to image.pullSecrets
|
||||
testImage:
|
||||
# testImage.repository defaults to "busybox" if omitted
|
||||
repository:
|
||||
# testImage.tag defaults to "latest" if omitted
|
||||
tag:
|
||||
# testImage.pullPolicy defaults to image.pullPolicy if ommitted
|
||||
pullPolicy:
|
||||
|
||||
replicaCount: 1
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue