58 lines
1.1 KiB
YAML
58 lines
1.1 KiB
YAML
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: kyverno
|
|
labels:
|
|
app.kubernetes.io/component: kyverno
|
|
pod-security.kubernetes.io/enforce: privileged
|
|
---
|
|
|
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: kyverno
|
|
namespace: flux-system
|
|
spec:
|
|
interval: 1h
|
|
targetNamespace: kyverno
|
|
chart:
|
|
spec:
|
|
chart: kyverno
|
|
version: 3.4.2
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: kyverno-repo
|
|
namespace: flux-system
|
|
values:
|
|
installCRDs: true
|
|
admissionControler:
|
|
rbac:
|
|
clusterRole:
|
|
extraResources:
|
|
- apiGroups: [""]
|
|
resources: ["secrets"]
|
|
verbs: ["*"]
|
|
backgroundControler:
|
|
rbac:
|
|
clusterRole:
|
|
extraResources:
|
|
- apiGroups: [""]
|
|
resources: ["secrets"]
|
|
verbs: ["*"]
|
|
---
|
|
|
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
|
kind: Kustomization
|
|
metadata:
|
|
name: kyverno-policies
|
|
namespace: flux-system
|
|
spec:
|
|
interval: 1m
|
|
path: talos-k8s-flux/soft/kyverno
|
|
prune: true
|
|
sourceRef:
|
|
kind: GitRepository
|
|
name: flux-system
|
|
namespace: flux-system
|
|
---
|