mirrors/policy-reporter
1
0
Fork 0
mirror of https://github.com/kyverno/policy-reporter.git synced 2024-12-14 11:57:32 +00:00
Code Activity
policy-reporter/manifests/policy-reporter-kyverno-ui-ha/install.yaml
Frank Jogeleit 6d10f6b4e1
Prepare Release v3.0.0-rc.12 (#612) 
Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
2024-12-02 11:20:05 +00:00

747 lines
27 KiB
YAML
Raw Permalink Blame History

---
# Source: policy-reporter/templates/plugins/kyverno/poddisruptionbudget.yaml
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: policy-reporter-kyverno-plugin
labels:
app.kubernetes.io/name: policy-reporter-kyverno-plugin
app.kubernetes.io/instance: policy-reporter
app.kubernetes.io/version: "3.0.0-rc.7"
spec:
minAvailable: 1
selector:
matchLabels:
app.kubernetes.io/name: policy-reporter-kyverno-plugin
app.kubernetes.io/instance: policy-reporter
---
# Source: policy-reporter/templates/poddisruptionbudget.yaml
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: policy-reporter
namespace: policy-reporter
labels:
app.kubernetes.io/name: policy-reporter
app.kubernetes.io/instance: policy-reporter
app.kubernetes.io/version: "3.0.0-rc.7"
app.kubernetes.io/component: reporting
app.kubernetes.io/part-of: policy-reporter
spec:
minAvailable: 1
selector:
matchLabels:
app.kubernetes.io/name: policy-reporter
app.kubernetes.io/instance: policy-reporter
---
# Source: policy-reporter/templates/ui/poddisruptionbudget.yaml
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: policy-reporter-ui
namespace: policy-reporter
labels:
app.kubernetes.io/name: policy-reporter-ui
app.kubernetes.io/instance: policy-reporter
app.kubernetes.io/version: "3.0.0-rc.7"
spec:
minAvailable: 1
selector:
matchLabels:
app.kubernetes.io/name: policy-reporter-ui
app.kubernetes.io/instance: policy-reporter
---
# Source: policy-reporter/templates/plugins/kyverno/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: policy-reporter-kyverno-plugin
namespace: policy-reporter
labels:
app.kubernetes.io/name: policy-reporter-kyverno-plugin
app.kubernetes.io/instance: policy-reporter
app.kubernetes.io/version: "3.0.0-rc.7"
automountServiceAccountToken: true
---
# Source: policy-reporter/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: policy-reporter
namespace: policy-reporter
labels:
app.kubernetes.io/name: policy-reporter
app.kubernetes.io/instance: policy-reporter
app.kubernetes.io/version: "3.0.0-rc.7"
app.kubernetes.io/component: reporting
app.kubernetes.io/part-of: policy-reporter
---
# Source: policy-reporter/templates/ui/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: policy-reporter-ui
namespace: policy-reporter
labels:
app.kubernetes.io/name: policy-reporter-ui
app.kubernetes.io/instance: policy-reporter
app.kubernetes.io/version: "3.0.0-rc.7"
automountServiceAccountToken: true
---
# Source: policy-reporter/templates/cluster-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: policy-reporter-ui-default-cluster
namespace: policy-reporter
labels:
app.kubernetes.io/name: policy-reporter
app.kubernetes.io/instance: policy-reporter
app.kubernetes.io/version: "3.0.0-rc.7"
app.kubernetes.io/component: reporting
app.kubernetes.io/part-of: policy-reporter
type: Opaque
data:
host: aHR0cDovL3BvbGljeS1yZXBvcnRlcjo4MDgw
username:
password:
plugin.kyverno: eyJob3N0IjoiaHR0cDovL3BvbGljeS1yZXBvcnRlci1reXZlcm5vLXBsdWdpbjo4MDgwIiwgIm5hbWUiOiJreXZlcm5vIiwgInVzZXJuYW1lIjoiIiwgInBhc3N3b3JkIjoiIn0=
---
# Source: policy-reporter/templates/config-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: policy-reporter-config
namespace: policy-reporter
labels:
app.kubernetes.io/name: policy-reporter
app.kubernetes.io/instance: policy-reporter
app.kubernetes.io/version: "3.0.0-rc.7"
app.kubernetes.io/component: reporting
app.kubernetes.io/part-of: policy-reporter
type: Opaque
data:
config.yaml: dGFyZ2V0OgogIGxva2k6CiAgICBjb25maWc6CiAgICAgIGhvc3Q6ICIiCiAgICAgIGNlcnRpZmljYXRlOiAiIgogICAgICBza2lwVExTOiBmYWxzZQogICAgICBwYXRoOiAiIgogICAgbmFtZTogCiAgICBzZWNyZXRSZWY6ICIiCiAgICBtb3VudGVkU2VjcmV0OiAiIgogICAgbWluaW11bVNldmVyaXR5OiAiIgogICAgc2tpcEV4aXN0aW5nT25TdGFydHVwOiB0cnVlCgogIGVsYXN0aWNzZWFyY2g6CiAgICBjb25maWc6CiAgICAgIGhvc3Q6ICIiCiAgICAgIGNlcnRpZmljYXRlOiAiIgogICAgICBza2lwVExTOiBmYWxzZQogICAgICB1c2VybmFtZTogIiIKICAgICAgcGFzc3dvcmQ6ICIiCiAgICAgIGFwaUtleTogIiIKICAgICAgaW5kZXg6ICJwb2xpY3ktcmVwb3J0ZXIiCiAgICAgIHJvdGF0aW9uOiAiZGFpbHkiCiAgICAgIHR5cGVsZXNzQXBpOiAiZmFsc2UiCiAgICBuYW1lOiAKICAgIHNlY3JldFJlZjogIiIKICAgIG1vdW50ZWRTZWNyZXQ6ICIiCiAgICBtaW5pbXVtU2V2ZXJpdHk6ICIiCiAgICBza2lwRXhpc3RpbmdPblN0YXJ0dXA6IHRydWUKCiAgc2xhY2s6CiAgICBjb25maWc6CiAgICAgIHdlYmhvb2s6ICIiCiAgICAgIGNoYW5uZWw6ICIiCiAgICAgIGNlcnRpZmljYXRlOiAKICAgICAgc2tpcFRMUzogCiAgICBuYW1lOiAKICAgIHNlY3JldFJlZjogIiIKICAgIG1vdW50ZWRTZWNyZXQ6ICIiCiAgICBtaW5pbXVtU2V2ZXJpdHk6ICIiCiAgICBza2lwRXhpc3RpbmdPblN0YXJ0dXA6IHRydWUKCiAgZGlzY29yZDoKICAgIGNvbmZpZzoKICAgICAgd2ViaG9vazogIiIKICAgICAgY2VydGlmaWNhdGU6ICIiCiAgICAgIHNraXBUTFM6IGZhbHNlCiAgICBuYW1lOiAKICAgIHNlY3JldFJlZjogIiIKICAgIG1vdW50ZWRTZWNyZXQ6ICIiCiAgICBtaW5pbXVtU2V2ZXJpdHk6ICIiCiAgICBza2lwRXhpc3RpbmdPblN0YXJ0dXA6IHRydWUKCiAgdGVhbXM6CiAgICBjb25maWc6CiAgICAgIHdlYmhvb2s6ICIiCiAgICAgIGNlcnRpZmljYXRlOiAiIgogICAgICBza2lwVExTOiBmYWxzZQogICAgbmFtZTogCiAgICBzZWNyZXRSZWY6ICIiCiAgICBtb3VudGVkU2VjcmV0OiAiIgogICAgbWluaW11bVNldmVyaXR5OiAiIgogICAgc2tpcEV4aXN0aW5nT25TdGFydHVwOiB0cnVlCgogIHdlYmhvb2s6CiAgICBjb25maWc6CiAgICAgIHdlYmhvb2s6ICIiCiAgICAgIGNlcnRpZmljYXRlOiAiIgogICAgICBza2lwVExTOiBmYWxzZQogICAgbmFtZTogCiAgICBzZWNyZXRSZWY6ICIiCiAgICBtb3VudGVkU2VjcmV0OiAiIgogICAgbWluaW11bVNldmVyaXR5OiAiIgogICAgc2tpcEV4aXN0aW5nT25TdGFydHVwOiB0cnVlCgogIHRlbGVncmFtOgogICAgY29uZmlnOgogICAgICBjaGF0SWQ6ICIiCiAgICAgIHRva2VuOiAiIgogICAgICB3ZWJob29rOiAKICAgICAgY2VydGlmaWNhdGU6ICIiCiAgICAgIHNraXBUTFM6IGZhbHNlCiAgICBuYW1lOiAKICAgIHNlY3JldFJlZjogIiIKICAgIG1vdW50ZWRTZWNyZXQ6ICIiCiAgICBtaW5pbXVtU2V2ZXJpdHk6ICIiCiAgICBza2lwRXhpc3RpbmdPblN0YXJ0dXA6IHRydWUKCiAgZ29vZ2xlQ2hhdDoKICAgIGNvbmZpZzoKICAgICAgd2ViaG9vazogIiIKICAgICAgY2VydGlmaWNhdGU6ICIiCiAgICAgIHNraXBUTFM6IGZhbHNlCiAgICBuYW1lOiAKICAgIHNlY3JldFJlZjogIiIKICAgIG1vdW50ZWRTZWNyZXQ6ICIiCiAgICBtaW5pbXVtU2V2ZXJpdHk6ICIiCiAgICBza2lwRXhpc3RpbmdPblN0YXJ0dXA6IHRydWUKCiAgczM6CiAgICBjb25maWc6CiAgICAgIGFjY2Vzc0tleUlkOiAKICAgICAgc2VjcmV0QWNjZXNzS2V5OiAgCiAgICAgIHJlZ2lvbjogCiAgICAgIGVuZHBvaW50OiAKICAgICAgYnVja2V0OiAKICAgICAgYnVja2V0S2V5RW5hYmxlZDogZmFsc2UKICAgICAga21zS2V5SWQ6IAogICAgICBzZXJ2ZXJTaWRlRW5jcnlwdGlvbjogCiAgICAgIHBhdGhTdHlsZTogZmFsc2UKICAgICAgcHJlZml4OiAKICAgIG5hbWU6IAogICAgc2VjcmV0UmVmOiAiIgogICAgbW91bnRlZFNlY3JldDogIiIKICAgIG1pbmltdW1TZXZlcml0eTogIiIKICAgIHNraXBFeGlzdGluZ09uU3RhcnR1cDogdHJ1ZQoKICBraW5lc2lzOgogICAgY29uZmlnOgogICAgICBhY2Nlc3NLZXlJZDogCiAgICAgIHNlY3JldEFjY2Vzc0tleTogIAogICAgICByZWdpb246IAogICAgICBlbmRwb2ludDogCiAgICAgIHN0cmVhbU5hbWU6IAogICAgbmFtZTogCiAgICBzZWNyZXRSZWY6ICIiCiAgICBtb3VudGVkU2VjcmV0OiAiIgogICAgbWluaW11bVNldmVyaXR5OiAiIgogICAgc2tpcEV4aXN0aW5nT25TdGFydHVwOiB0cnVlCgogIHNlY3VyaXR5SHViOgogICAgY29uZmlnOgogICAgICBhY2Nlc3NLZXlJZDogIiIKICAgICAgc2VjcmV0QWNjZXNzS2V5OiAgIiIKICAgICAgcmVnaW9uOiAKICAgICAgZW5kcG9pbnQ6IAogICAgICBhY2NvdW50SWQ6ICIiCiAgICAgIHByb2R1Y3ROYW1lOiAKICAgICAgY29tcGFueU5hbWU6IAogICAgICBkZWxheUluU2Vjb25kczogMgogICAgICBzeW5jaHJvbml6ZTogdHJ1ZQogICAgbmFtZTogCiAgICBzZWNyZXRSZWY6ICIiCiAgICBtb3VudGVkU2VjcmV0OiAiIgogICAgbWluaW11bVNldmVyaXR5OiAiIgogICAgc2tpcEV4aXN0aW5nT25TdGFydHVwOiB0cnVlCgogIGdjczoKICAgIGNvbmZpZzoKICAgICAgY3JlZGVudGlhbHM6IAogICAgICBidWNrZXQ6IAogICAgICBwcmVmaXg6IAogICAgbmFtZTogCiAgICBzZWNyZXRSZWY6ICIiCiAgICBtb3VudGVkU2VjcmV0OiAiIgogICAgbWluaW11bVNldmVyaXR5OiAiIgogICAgc2tpcEV4aXN0aW5nT25TdGFydHVwOiB0cnVlCgp3b3JrZXI6IDUKbWV0cmljczoKICBjdXN0b21MYWJlbHM6IFtdCiAgZW5hYmxlZDogdHJ1ZQogIGZpbHRlcjoge30KICBtb2RlOiBkZXRhaWxlZApzb3VyY2VGaWx0ZXJzOgogIC0gZGlzYWJsZUNsdXN0ZXJSZXBvcnRzOiBmYWxzZQogICAga2luZHM6CiAgICAgIGV4Y2x1ZGU6CiAgICAgIC0gUmVwbGljYVNldAogICAgc2VsZWN0b3I6CiAgICAgIHNvdXJjZToga3l2ZXJubwogICAgdW5jb250cm9sbGVkT25seTogdHJ1ZQoKbGVhZGVyRWxlY3Rpb246CiAgZW5hYmxlZDogdHJ1ZQogIHJlbGVhc2VPbkNhbmNlbDogdHJ1ZQogIGxlYXNlRHVyYXRpb246IDE1CiAgcmVuZXdEZWFkbGluZTogMTAKICByZXRyeVBlcmlvZDogMgpyZWRpczoKICBhZGRyZXNzOiAiIgogIGRhdGFiYXNlOiAwCiAgZW5hYmxlZDogZmFsc2UKICBwYXNzd29yZDogIiIKICBwcmVmaXg6IHBvbGljeS1yZXBvcnRlcgogIHVzZXJuYW1lOiAiIgoKbG9nZ2luZzoKICBzZXJ2ZXI6IGZhbHNlCiAgZW5jb2Rpbmc6IGNvbnNvbGUKICBsb2dMZXZlbDogMAoKYXBpOgogIGJhc2ljQXV0aDoKICAgIHVzZXJuYW1lOiAKICAgIHBhc3N3b3JkOiAKICAgIHNlY3JldFJlZjogCgpkYXRhYmFzZToKICB0eXBlOiAKICBkYXRhYmFzZTogCiAgdXNlcm5hbWU6IAogIHBhc3N3b3JkOiAKICBob3N0OiAKICBlbmFibGVTU0w6IGZhbHNlCiAgZHNuOiAKICBzZWNyZXRSZWY6IAogIG1vdW50ZWRTZWNyZXQ6IAo=
---
# Source: policy-reporter/templates/plugins/kyverno/config-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: policy-reporter-kyverno-plugin-config
namespace: policy-reporter
labels:
app.kubernetes.io/name: policy-reporter-kyverno-plugin
app.kubernetes.io/instance: policy-reporter
app.kubernetes.io/version: "3.0.0-rc.7"
type: Opaque
data:
config.yaml: bGVhZGVyRWxlY3Rpb246CiAgZW5hYmxlZDogdHJ1ZQogIHJlbGVhc2VPbkNhbmNlbDogdHJ1ZQogIGxlYXNlRHVyYXRpb246IDE1CiAgcmVuZXdEZWFkbGluZTogMTAKICByZXRyeVBlcmlvZDogMgogIGxvY2tOYW1lOiBreXZlcm5vLXBsdWdpbgoKbG9nZ2luZzoKICBhcGk6IGZhbHNlCiAgc2VydmVyOiBmYWxzZQogIGVuY29kaW5nOiBjb25zb2xlCiAgbG9nTGV2ZWw6IDAKCnNlcnZlcjoKICBiYXNpY0F1dGg6CiAgICB1c2VybmFtZTogCiAgICBwYXNzd29yZDogCiAgICBzZWNyZXRSZWY6IAoKY29yZToKICBob3N0OiBodHRwOi8vcG9saWN5LXJlcG9ydGVyOjgwODAKYmxvY2tSZXBvcnRzOgogICAgZW5hYmxlZDogZmFsc2UKICAgIGV2ZW50TmFtZXNwYWNlOiBkZWZhdWx0CiAgICBwb2xpY3lSZXBvcnQ6CiAgICAgIGFubm90YXRpb25zOiBbXQogICAgICBsYWJlbHM6IFtdCiAgICByZXN1bHRzOgogICAgICBrZWVwT25seUxhdGVzdDogZmFsc2UKICAgICAgbWF4UGVyUmVwb3J0OiAyMDAKICAgIHNvdXJjZTogS3l2ZXJubyBFdmVudAo=
---
# Source: policy-reporter/templates/ui/config-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: policy-reporter-ui-config
namespace: policy-reporter
labels:
app.kubernetes.io/name: policy-reporter-ui
app.kubernetes.io/instance: policy-reporter
app.kubernetes.io/version: "3.0.0-rc.7"
type: Opaque
data:
config.yaml: bmFtZXNwYWNlOiBwb2xpY3ktcmVwb3J0ZXIKCnRlbXBEaXI6IC90bXAKCmxvZ2dpbmc6CiAgYXBpOiBmYWxzZQogIHNlcnZlcjogZmFsc2UKICBlbmNvZGluZzogY29uc29sZQogIGxvZ0xldmVsOiAwCgpzZXJ2ZXI6CiAgcG9ydDogODA4MAogIGNvcnM6IHRydWUKICBvdmVyd3JpdGVIb3N0OiB0cnVlCgp1aToKICBkaXNwbGF5TW9kZTogCiAgYmFubmVyOiAKCmNsdXN0ZXJzOgogIC0gbmFtZTogRGVmYXVsdAogICAgc2VjcmV0UmVmOiBwb2xpY3ktcmVwb3J0ZXItdWktZGVmYXVsdC1jbHVzdGVyCgpzb3VyY2VzOgogIC0gbmFtZToga3l2ZXJubwogICAgY2hhcnRUeXBlOiByZXN1bHQKICAgIGV4Y2VwdGlvbnM6IGZhbHNlCiAgICBleGNsdWRlczoKICAgICAgcmVzdWx0czoKICAgICAgLSB3YXJuCiAgICAgIC0gZXJyb3IKb3BlbklEQ29ubmVjdDoKICAgIGNhbGxiYWNrVXJsOiAiIgogICAgY2xpZW50SWQ6ICIiCiAgICBjbGllbnRTZWNyZXQ6ICIiCiAgICBkaXNjb3ZlcnlVcmw6ICIiCiAgICBlbmFibGVkOiBmYWxzZQogICAgZ3JvdXBDbGFpbTogIiIKICAgIHNjb3BlczogW10KICAgIHNlY3JldFJlZjogIiIKb2F1dGg6CiAgICBjYWxsYmFja1VybDogIiIKICAgIGNsaWVudElkOiAiIgogICAgY2xpZW50U2VjcmV0OiAiIgogICAgZW5hYmxlZDogZmFsc2UKICAgIHByb3ZpZGVyOiAiIgogICAgc2NvcGVzOiBbXQogICAgc2VjcmV0UmVmOiAiIgo=
---
# Source: policy-reporter/templates/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
app.kubernetes.io/name: policy-reporter
app.kubernetes.io/instance: policy-reporter
app.kubernetes.io/version: "3.0.0-rc.7"
app.kubernetes.io/component: reporting
app.kubernetes.io/part-of: policy-reporter
name: policy-reporter
rules:
- apiGroups:
- '*'
resources:
- policyreports
- policyreports/status
- clusterpolicyreports
- clusterpolicyreports/status
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- namespaces
verbs:
- list
- apiGroups:
- ''
resources:
- pods
verbs:
- get
- apiGroups:
- 'batch'
resources:
- jobs
verbs:
- get
---
# Source: policy-reporter/templates/plugins/kyverno/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
app.kubernetes.io/name: policy-reporter-kyverno-plugin
app.kubernetes.io/instance: policy-reporter
app.kubernetes.io/version: "3.0.0-rc.7"
name: policy-reporter-kyverno-plugin
rules:
- apiGroups:
- '*'
resources:
- policies
- policies/status
- clusterpolicies
- clusterpolicies/status
verbs:
- get
- list
---
# Source: policy-reporter/templates/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: policy-reporter
labels:
app.kubernetes.io/name: policy-reporter
app.kubernetes.io/instance: policy-reporter
app.kubernetes.io/version: "3.0.0-rc.7"
app.kubernetes.io/component: reporting
app.kubernetes.io/part-of: policy-reporter
roleRef:
kind: ClusterRole
name: policy-reporter
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: "ServiceAccount"
name: policy-reporter
namespace: policy-reporter
---
# Source: policy-reporter/templates/plugins/kyverno/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: policy-reporter-kyverno-plugin
labels:
app.kubernetes.io/name: policy-reporter-kyverno-plugin
app.kubernetes.io/instance: policy-reporter
app.kubernetes.io/version: "3.0.0-rc.7"
roleRef:
kind: ClusterRole
name: policy-reporter-kyverno-plugin
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: "ServiceAccount"
name: policy-reporter-kyverno-plugin
namespace: policy-reporter
---
# Source: policy-reporter/templates/plugins/kyverno/secret-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/name: policy-reporter-kyverno-plugin
app.kubernetes.io/instance: policy-reporter
app.kubernetes.io/version: "3.0.0-rc.7"
name: policy-reporter-kyverno-plugin-secret-reader
namespace: policy-reporter
rules:
- apiGroups: ['']
resources:
- secrets
verbs:
- get
---
# Source: policy-reporter/templates/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/name: policy-reporter
app.kubernetes.io/instance: policy-reporter
app.kubernetes.io/version: "3.0.0-rc.7"
app.kubernetes.io/component: reporting
app.kubernetes.io/part-of: policy-reporter
name: policy-reporter-leaderelection
namespace: policy-reporter
rules:
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- delete
- get
- patch
- update
---
# Source: policy-reporter/templates/secret-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/name: policy-reporter
app.kubernetes.io/instance: policy-reporter
app.kubernetes.io/version: "3.0.0-rc.7"
app.kubernetes.io/component: reporting
app.kubernetes.io/part-of: policy-reporter
name: policy-reporter-secret-reader
namespace: policy-reporter
rules:
- apiGroups: ['']
resources:
- secrets
verbs:
- get
- list
- watch
---
# Source: policy-reporter/templates/ui/secret-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/name: policy-reporter-ui
app.kubernetes.io/instance: policy-reporter
app.kubernetes.io/version: "3.0.0-rc.7"
name: policy-reporter-ui-secret-reader
namespace: policy-reporter
rules:
- apiGroups: ['']
resources:
- secrets
verbs:
- get
---
# Source: policy-reporter/templates/plugins/kyverno/secret-rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: policy-reporter-kyverno-plugin-secret-reader
namespace: policy-reporter
labels:
app.kubernetes.io/name: policy-reporter-kyverno-plugin
app.kubernetes.io/instance: policy-reporter
app.kubernetes.io/version: "3.0.0-rc.7"
roleRef:
kind: Role
name: policy-reporter-kyverno-plugin-secret-reader
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: "ServiceAccount"
name: policy-reporter-kyverno-plugin
namespace: policy-reporter
---
# Source: policy-reporter/templates/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: policy-reporter-leaderelection
namespace: policy-reporter
labels:
app.kubernetes.io/name: policy-reporter
app.kubernetes.io/instance: policy-reporter
app.kubernetes.io/version: "3.0.0-rc.7"
app.kubernetes.io/component: reporting
app.kubernetes.io/part-of: policy-reporter
roleRef:
kind: Role
name: policy-reporter-leaderelection
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: "ServiceAccount"
name: policy-reporter
namespace: policy-reporter
---
# Source: policy-reporter/templates/secret-rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: policy-reporter-secret-reader
namespace: policy-reporter
labels:
app.kubernetes.io/name: policy-reporter
app.kubernetes.io/instance: policy-reporter
app.kubernetes.io/version: "3.0.0-rc.7"
app.kubernetes.io/component: reporting
app.kubernetes.io/part-of: policy-reporter
roleRef:
kind: Role
name: policy-reporter-secret-reader
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: "ServiceAccount"
name: policy-reporter
namespace: policy-reporter
---
# Source: policy-reporter/templates/ui/secret-rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: policy-reporter-ui-secret-reader
namespace: policy-reporter
labels:
app.kubernetes.io/name: policy-reporter-ui
app.kubernetes.io/instance: policy-reporter
app.kubernetes.io/version: "3.0.0-rc.7"
roleRef:
kind: Role
name: policy-reporter-ui-secret-reader
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: "ServiceAccount"
name: policy-reporter-ui
namespace: policy-reporter
---
# Source: policy-reporter/templates/plugins/kyverno/service.yaml
apiVersion: v1
kind: Service
metadata:
name: policy-reporter-kyverno-plugin
namespace: policy-reporter
labels:
app.kubernetes.io/name: policy-reporter-kyverno-plugin
app.kubernetes.io/instance: policy-reporter
app.kubernetes.io/version: "3.0.0-rc.7"
spec:
type: ClusterIP
ports:
- port: 8080
targetPort: http
protocol: TCP
name: http
selector:
app.kubernetes.io/name: policy-reporter-kyverno-plugin
app.kubernetes.io/instance: policy-reporter
---
# Source: policy-reporter/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: policy-reporter
namespace: policy-reporter
labels:
app.kubernetes.io/name: policy-reporter
app.kubernetes.io/instance: policy-reporter
app.kubernetes.io/version: "3.0.0-rc.7"
app.kubernetes.io/component: reporting
app.kubernetes.io/part-of: policy-reporter
spec:
type: ClusterIP
ports:
- port: 8080
targetPort: http
protocol: TCP
name: http
selector:
app.kubernetes.io/name: policy-reporter
app.kubernetes.io/instance: policy-reporter
---
# Source: policy-reporter/templates/ui/service.yaml
apiVersion: v1
kind: Service
metadata:
name: policy-reporter-ui
namespace: policy-reporter
labels:
app.kubernetes.io/name: policy-reporter-ui
app.kubernetes.io/instance: policy-reporter
app.kubernetes.io/version: "3.0.0-rc.7"
spec:
type: ClusterIP
ports:
- port: 8080
targetPort: http
protocol: TCP
name: http
selector:
app.kubernetes.io/name: policy-reporter-ui
app.kubernetes.io/instance: policy-reporter
---
# Source: policy-reporter/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: policy-reporter
namespace: policy-reporter
labels:
app.kubernetes.io/name: policy-reporter
app.kubernetes.io/instance: policy-reporter
app.kubernetes.io/version: "3.0.0-rc.7"
app.kubernetes.io/component: reporting
app.kubernetes.io/part-of: policy-reporter
spec:
replicas: 2
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/name: policy-reporter
app.kubernetes.io/instance: policy-reporter
template:
metadata:
labels:
app.kubernetes.io/name: policy-reporter
app.kubernetes.io/instance: policy-reporter
app.kubernetes.io/version: "3.0.0-rc.7"
app.kubernetes.io/part-of: policy-reporter
annotations:
checksum/secret: "6a02966bee0724f8254766413135e0ba4dda517d1076d8913426e0352d407a7e"
spec:
serviceAccountName: policy-reporter
automountServiceAccountToken: true
securityContext:
fsGroup: 1234
containers:
- name: policy-reporter
image: "ghcr.io/kyverno/policy-reporter:3.0.0-rc.7"
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1234
seccompProfile:
type: RuntimeDefault
args:
- --port=8080
- --config=/app/config.yaml
- --dbfile=/sqlite/database.db
- --metrics-enabled=true
- --rest-enabled=true
- --profile=false
- --lease-name=policy-reporter
- --template-dir=/app/templates
ports:
- name: http
containerPort: 8080
protocol: TCP
livenessProbe:
httpGet:
path: /ready
port: http
readinessProbe:
httpGet:
path: /healthz
port: http
resources:
{}
volumeMounts:
- name: sqlite
mountPath: /sqlite
- name: config-file
mountPath: /app/config.yaml
subPath: config.yaml
readOnly: true
- name: tmp
mountPath: /tmp
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
volumes:
- name: sqlite
emptyDir: {}
- name: config-file
secret:
secretName: policy-reporter-config
optional: true
- name: tmp
emptyDir: {}
---
# Source: policy-reporter/templates/plugins/kyverno/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: policy-reporter-kyverno-plugin
namespace: policy-reporter
labels:
app.kubernetes.io/name: policy-reporter-kyverno-plugin
app.kubernetes.io/instance: policy-reporter
app.kubernetes.io/version: "3.0.0-rc.7"
spec:
replicas: 2
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/name: policy-reporter-kyverno-plugin
app.kubernetes.io/instance: policy-reporter
template:
metadata:
annotations:
checksum/secret: "28dc68395302056d0dc854c8bf1f92dfd9b203560f35c1acb23e7e33cc317c57"
labels:
app.kubernetes.io/name: policy-reporter-kyverno-plugin
app.kubernetes.io/instance: policy-reporter
app.kubernetes.io/version: "3.0.0-rc.7"
spec:
serviceAccountName: policy-reporter-kyverno-plugin
automountServiceAccountToken: true
securityContext:
runAsGroup: 1234
runAsUser: 1234
containers:
- name: policy-reporter-kyverno-plugin
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1234
seccompProfile:
type: RuntimeDefault
image: "ghcr.io/kyverno/policy-reporter/kyverno-plugin:0.4.0"
imagePullPolicy: IfNotPresent
args:
- run
- --config=/app/config.yaml
- --port=8080
ports:
- name: http
containerPort: 8080
protocol: TCP
livenessProbe:
httpGet:
path: /v1/policies
port: http
readinessProbe:
httpGet:
path: /v1/policies
port: http
resources:
{}
volumeMounts:
- name: config-file
mountPath: /app/config.yaml
subPath: config.yaml
readOnly: true
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
volumes:
- name: config-file
secret:
secretName: policy-reporter-kyverno-plugin-config
optional: true
---
# Source: policy-reporter/templates/ui/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: policy-reporter-ui
namespace: policy-reporter
labels:
app.kubernetes.io/name: policy-reporter-ui
app.kubernetes.io/instance: policy-reporter
app.kubernetes.io/version: "3.0.0-rc.7"
spec:
replicas: 2
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/name: policy-reporter-ui
app.kubernetes.io/instance: policy-reporter
template:
metadata:
annotations:
checksum/secret: "c336e3fc53788dec3d2dd67957cdbba64ac9a7d19271f13c51ae6de1b1ede213"
checksum/cluster-secret: "103aa626cc0599d7252bb79b0e24738bd359f6231cf85f5bdb8894659099c79f"
labels:
app.kubernetes.io/name: policy-reporter-ui
app.kubernetes.io/instance: policy-reporter
app.kubernetes.io/version: "3.0.0-rc.7"
spec:
serviceAccountName: policy-reporter-ui
automountServiceAccountToken: true
securityContext:
runAsGroup: 1234
runAsUser: 1234
containers:
- name: policy-reporter-ui
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1234
seccompProfile:
type: RuntimeDefault
image: "ghcr.io/kyverno/policy-reporter-ui:2.0.0-rc.4"
imagePullPolicy: IfNotPresent
args:
- run
- --config=/app/config.yaml
- --port=8080
ports:
- name: http
containerPort: 8080
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
port: http
readinessProbe:
httpGet:
path: /healthz
port: http
resources:
{}
volumeMounts:
- name: config-file
mountPath: /app/config.yaml
subPath: config.yaml
readOnly: true
- name: tmp
mountPath: /tmp
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumes:
- name: config-file
secret:
secretName: policy-reporter-ui-config
optional: true
- name: tmp
emptyDir: {}
View git blame Copy permalink