init

2025-06-23 23:05:28 +07:00
commit e8f9d2bbe7
42 changed files with 14772 additions and 0 deletions
--- a/talos-k8s-flux/clusters/t8s-demo/install/kyverno.yaml
+++ b/talos-k8s-flux/clusters/t8s-demo/install/kyverno.yaml
@@ -0,0 +1,59 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kyverno
+  labels:
+    app.kubernetes.io/component: kyverno
+    pod-security.kubernetes.io/enforce: privileged
+---
+
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: kyverno
+  namespace: flux-system
+spec:
+  interval: 1h
+  install:
+    createNamespace: true
+  targetNamespace: kyverno
+  chart:
+    spec:
+      chart: kyverno
+      version: 3.4.2
+      sourceRef:
+        kind: HelmRepository
+        name: kyverno-repo
+        namespace: flux-system
+  values:
+    installCRDs: true
+    admissionControler:
+      rbac:
+        clusterRole:
+          extraResources:
+            - apiGroups: [""]
+              resources: ["secrets"]
+              verbs: ["*"]
+    backgroundControler:
+      rbac:
+        clusterRole:
+          extraResources:
+            - apiGroups: [""]
+              resources: ["secrets"]
+              verbs: ["*"]
+---
+
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: kyverno-policies
+  namespace: flux-system
+spec:
+  interval: 5m
+  path: ../../soft/kyverno/
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+    namespace: flux-system
+---