mirror of
https://github.com/kyverno/kyverno.git
synced 2025-04-16 01:07:14 +00:00
4e0d8ca612
* Update kyverno-policies chart with latest pod-security policies Fixes #3063 Fixes #2277 Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update README to have better example Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use chart testing during e2e to test against ci values Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Fix e2e tests for Helm chart Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Fix Kyverno chart testing to actually test values, and fix networkpolicy template Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update README for exclusion Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Allow adding 'other' policies via Helm Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update Chart.yaml for kyverno-policies Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Bump minimum Kubernetes version in charts Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update kyverno-policies chart readme Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use version that should catch all pre-releases Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use version that should catch all pre-releases (part 2) Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use same logic to get git tag by using Makefile target for updating Helm values Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com>
55 lines
1.8 KiB
YAML
55 lines
1.8 KiB
YAML
{{- if .Values.networkPolicy.enabled }}
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
labels: {{ include "kyverno.labels" . | nindent 4 }}
|
|
app: kyverno
|
|
name: {{ template "kyverno.fullname" . }}
|
|
namespace: {{ template "kyverno.namespace" . }}
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
app: kyverno
|
|
policyTypes:
|
|
- Ingress
|
|
{{- if or .Values.networkPolicy.namespaceExpressions .Values.networkPolicy.namespaceLabels .Values.networkPolicy.podExpressions .Values.networkPolicy.podLabels }}
|
|
ingress:
|
|
- from:
|
|
{{- if or .Values.networkPolicy.namespaceExpressions .Values.networkPolicy.namespaceLabels }}
|
|
- namespaceSelector:
|
|
{{- with .Values.networkPolicy.namespaceExpressions }}
|
|
matchExpressions:
|
|
{{- toYaml . | nindent 10 }}
|
|
{{- end }}
|
|
{{- with .Values.networkPolicy.namespaceLabels }}
|
|
matchLabels:
|
|
{{- range $key, $value := . }}
|
|
{{ $key | quote }}: {{ $value | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if or .Values.networkPolicy.podExpressions .Values.networkPolicy.podLabels }}
|
|
podSelector:
|
|
{{- with .Values.networkPolicy.podExpressions }}
|
|
matchExpressions:
|
|
{{- toYaml . | nindent 10 }}
|
|
{{- end }}
|
|
{{- with .Values.networkPolicy.podLabels }}
|
|
matchLabels:
|
|
{{- range $key, $value := . }}
|
|
{{ $key | quote }}: {{ $value | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|
|
ports:
|
|
- protocol: TCP
|
|
port: 9443 # webhook access
|
|
# Allow prometheus scrapes for metrics
|
|
{{- if .Values.metricsService.create }}
|
|
- protocol: TCP
|
|
port: {{ .Values.metricsService.port }}
|
|
{{- end }}
|
|
{{- else }}
|
|
ingress: []
|
|
{{- end }}
|
|
{{- end }}
|