apiVersion: v1
kind: Namespace
metadata:
  name: kyverno
  labels:
    app.kubernetes.io/component: kyverno
    pod-security.kubernetes.io/enforce: privileged
---

apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: kyverno
  namespace: flux-system
spec:
  interval: 1h
  dependsOn:
    - name: monitoring
    - name: piraeus
  targetNamespace: kyverno
  chart:
    spec:
      chart: kyverno
      version: 3.4.2
      sourceRef:
        kind: HelmRepository
        name: kyverno-repo
        namespace: flux-system
  values:
    installCRDs: true
    admissionControler:
      rbac:
        clusterRole:
          extraResources:
            - apiGroups: [""]
              resources: ["secrets"]
              verbs: ["*"]
    backgroundControler:
      rbac:
        clusterRole:
          extraResources:
            - apiGroups: [""]
              resources: ["secrets"]
              verbs: ["*"]
---

apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: kyverno-policies
  namespace: flux-system
spec:
  interval: 5m
  path: ../../../soft/kyverno/
  prune: true
  sourceRef:
    kind: GitRepository
    name: flux-system
    namespace: flux-system
---