mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-14 11:57:48 +00:00
b17e76493e
* update roles and rolebindings Signed-off-by: Jim Bugwadia <jim@nirmata.com> * revert label and fix perms Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * restrict role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix whitespace Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests and roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove ingress extensions/v1beta1 Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix chart Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * tighten and clarify Kyverno roles and permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fake commit to trigger workflows Signed-off-by: Jim Bugwadia <jim@nirmata.com> * revert tests and update test role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add newlines Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove update role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove invalid param Signed-off-by: Jim Bugwadia <jim@nirmata.com> * cleanup roles in Helm templates Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove `mutate` cluster role binding Signed-off-by: Jim Bugwadia <jim@nirmata.com> |
||
|---|---|---|
| .. | ||
| boilerplate.go.txt | ||
| create-e2e-infrastruture.sh | ||
| deploy-controller-debug.sh | ||
| deploy-controller.sh | ||
| generate-self-signed-cert-and-k8secrets-debug.sh | ||
| generate-self-signed-cert-and-k8secrets.sh | ||
| generate-server-cert.sh | ||
| install-cli.sh | ||
| README.md | ||
| update-codegen.sh | ||
| verify-deployment.sh | ||
Use these scripts to prepare the controller for work. All these scripts should be launched from the root folder of the project.
generate-server-cert.sh
Generates TLS certificate and key that used by webhook server. Example:
scripts/generate-server-cert.sh --service=kyverno-svc --namespace=my_namespace --serverIp=192.168.10.117
--serviceidentifies the service for in-cluster webhook server. Do not specify it if you plan to run webhook server outside the cluster, or cpecify 'localhost' if you want to run controller locally.--namespaceidentifies the namespace for in-cluster webhook server. Do not specify it if you plan to run controller locally.--serverIpis the IP of master node, it can be found in~/.kube/config: clusters.cluster[0].server. You should explicitly specify it.
deploy-controller.sh
Prepares controller for free (local) or in-cluster use. Uses generate-server-cert.sh inside and has the same parameters with almost same meaning:
--service- the name of the service which will be created for the controller. Use 'localhost' value to deploy controller locally. The default is 'kube-policu-svc'--namespace- the target namespace to deploy the controller. Do not specify it if you want to depoloy controller locally.--serverIpmeans the same as forgenerate-server-cert.shExamples:scripts/deploy-controller.sh --service=my-kyverno --namespace=my_namespace --serverIp=192.168.10.117- deploy controller to the cluster with master node '192.168.10.117' to the namespace 'my_namespace' as a service 'my-kyverno'scripts/deploy-controller.sh --service=localhost --serverIp=192.168.10.117- deploy controller locally for usage in cluster with master node at '192.168.10.117'
update-codegen.sh
Generates additional code for controller object. You should resolve all dependencies before using it, see main Readme for details.