1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
kyverno/scripts
Raúl Garcia Sanchez 9b0343d836
Allow setting verbs for clusterrole extraresources on backgroundController (#7380)
* fix webhookCleanup enable switch syntax

Signed-off-by: Raul Garcia Sanchez <info@raulgarcia.de>

* chore: cleanup codecov workflow (#5829)

* chore: cleanup codecov workflow

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* chore: cleanup codecov workflow

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
Signed-off-by: Raul Garcia Sanchez <info@raulgarcia.de>

* updated template file to match with syntax fix

Signed-off-by: Raul Garcia Sanchez <info@raulgarcia.de>

* align definition of clusterRole extraResources for
backgroundController with adminissionController

Signed-off-by: Raul Garcia Sanchez <info@raulgarcia.de>

* update test routine clusterRole definition

Signed-off-by: Raul Garcia Sanchez <info@raulgarcia.de>

* Update scripts/config/standard/kyverno.yaml

fine for me

Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Raúl Garcia Sanchez <info@raulgarcia.de>

* Update charts/kyverno/values.yaml

fine for me 👍

Co-authored-by: shuting <shutting06@gmail.com>
Signed-off-by: Raúl Garcia Sanchez <info@raulgarcia.de>

---------

Signed-off-by: Raul Garcia Sanchez <info@raulgarcia.de>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Raúl Garcia Sanchez <info@raulgarcia.de>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shutting06@gmail.com>
2023-06-02 09:47:38 +00:00
..
config Allow setting verbs for clusterrole extraresources on backgroundController (#7380) 2023-06-02 09:47:38 +00:00
labs/argocd chore: update argocd lab (#6698) 2023-03-27 22:35:46 +08:00
boilerplate.go.txt feat: enable autogen from makefile (#4467) 2022-09-01 14:14:56 +08:00
create-e2e-infrastruture.sh [Feature] Pin Dependencies by Hash (#5168) 2022-11-07 08:59:26 +00:00
deploy-controller-debug.sh remove extra line for local debug 2019-07-03 14:11:18 -07:00
deploy-controller.sh refactor: shell to prevent globbing and word splitting (#3829) 2022-05-07 16:46:50 +01:00
generate-self-signed-cert-and-k8secrets-debug.sh Restructure project to follow standards (#2632) 2021-10-29 18:13:20 +02:00
generate-self-signed-cert-and-k8secrets.sh refact:update script of generate-self-signed-cert-and-k8secrets.sh to supports custom namespace (#4758) 2022-10-03 18:21:46 +05:30
generate-server-cert.sh refactor: shell to prevent globbing and word splitting (#3829) 2022-05-07 16:46:50 +01:00
README.md 420 init container (#501) 2019-11-18 11:41:37 -08:00
verify-deployment.sh tighten and clarify Kyverno roles and permissions (#2799) 2021-12-10 04:34:06 +00:00

Use these scripts to prepare the controller for work. All these scripts should be launched from the root folder of the project.

generate-server-cert.sh

Generates TLS certificate and key that used by webhook server. Example: scripts/generate-server-cert.sh --service=kyverno-svc --namespace=my_namespace --serverIp=192.168.10.117

  • --service identifies the service for in-cluster webhook server. Do not specify it if you plan to run webhook server outside the cluster, or cpecify 'localhost' if you want to run controller locally.
  • --namespace identifies the namespace for in-cluster webhook server. Do not specify it if you plan to run controller locally.
  • --serverIp is the IP of master node, it can be found in ~/.kube/config: clusters.cluster[0].server. You should explicitly specify it.

deploy-controller.sh

Prepares controller for free (local) or in-cluster use. Uses generate-server-cert.sh inside and has the same parameters with almost same meaning:

  • --service - the name of the service which will be created for the controller. Use 'localhost' value to deploy controller locally. The default is 'kube-policu-svc'
  • --namespace - the target namespace to deploy the controller. Do not specify it if you want to depoloy controller locally.
  • --serverIp means the same as for generate-server-cert.sh Examples: scripts/deploy-controller.sh --service=my-kyverno --namespace=my_namespace --serverIp=192.168.10.117 - deploy controller to the cluster with master node '192.168.10.117' to the namespace 'my_namespace' as a service 'my-kyverno' scripts/deploy-controller.sh --service=localhost --serverIp=192.168.10.117 - deploy controller locally for usage in cluster with master node at '192.168.10.117'

update-codegen.sh

Generates additional code for controller object. You should resolve all dependencies before using it, see main Readme for details.