diff --git a/apps/kyverno/crds.yaml b/apps/kyverno/crds.yaml index addc6ebc..67e85f40 100644 --- a/apps/kyverno/crds.yaml +++ b/apps/kyverno/crds.yaml @@ -7,8 +7,8 @@ metadata: app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kyverno-crds - app.kubernetes.io/version: 3.7.1 - helm.sh/chart: crds-3.7.1 + app.kubernetes.io/version: 3.8.0 + helm.sh/chart: crds-3.8.0 annotations: controller-gen.kubebuilder.io/version: v0.20.0 name: cleanuppolicies.kyverno.io @@ -309,7 +309,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -1535,7 +1536,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -2486,8 +2488,8 @@ metadata: app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kyverno-crds - app.kubernetes.io/version: 3.7.1 - helm.sh/chart: crds-3.7.1 + app.kubernetes.io/version: 3.8.0 + helm.sh/chart: crds-3.8.0 annotations: controller-gen.kubebuilder.io/version: v0.20.0 name: clustercleanuppolicies.kyverno.io @@ -2788,7 +2790,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -4014,7 +4017,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -4965,8 +4969,8 @@ metadata: app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kyverno-crds - app.kubernetes.io/version: 3.7.1 - helm.sh/chart: crds-3.7.1 + app.kubernetes.io/version: 3.8.0 + helm.sh/chart: crds-3.8.0 annotations: controller-gen.kubebuilder.io/version: v0.20.0 name: clusterpolicies.kyverno.io @@ -5300,7 +5304,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -6268,7 +6273,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -7281,7 +7287,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -7637,7 +7644,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -8286,7 +8294,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -9467,7 +9476,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -9918,7 +9928,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -10886,7 +10897,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -11899,7 +11911,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -12255,7 +12268,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -12904,7 +12918,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -14085,7 +14100,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -14593,7 +14609,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -15366,7 +15383,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -16184,7 +16202,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -16540,7 +16559,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -17350,7 +17370,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -18513,7 +18534,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -18952,7 +18974,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -19920,7 +19943,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -20933,7 +20957,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -21289,7 +21314,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -21938,7 +21964,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -23119,7 +23146,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -23320,8 +23348,8 @@ metadata: app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kyverno-crds - app.kubernetes.io/version: 3.7.1 - helm.sh/chart: crds-3.7.1 + app.kubernetes.io/version: 3.8.0 + helm.sh/chart: crds-3.8.0 annotations: controller-gen.kubebuilder.io/version: v0.20.0 name: globalcontextentries.kyverno.io @@ -24081,8 +24109,8 @@ metadata: app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kyverno-crds - app.kubernetes.io/version: 3.7.1 - helm.sh/chart: crds-3.7.1 + app.kubernetes.io/version: 3.8.0 + helm.sh/chart: crds-3.8.0 annotations: controller-gen.kubebuilder.io/version: v0.20.0 name: policies.kyverno.io @@ -24418,7 +24446,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -25386,7 +25415,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -26399,7 +26429,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -26755,7 +26786,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -27404,7 +27436,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -28585,7 +28618,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -29036,7 +29070,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -30004,7 +30039,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -31017,7 +31053,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -31373,7 +31410,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -32022,7 +32060,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -33203,7 +33242,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -33713,7 +33753,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -34486,7 +34527,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -35304,7 +35346,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -35660,7 +35703,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -36470,7 +36514,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -37633,7 +37678,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -38072,7 +38118,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -39040,7 +39087,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -40053,7 +40101,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -40409,7 +40458,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -41058,7 +41108,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -42239,7 +42290,8 @@ spec: secrets: description: |- Secrets specifies a list of secrets that are provided for credentials. - Secrets must live in the Kyverno namespace. + Secrets can be specified as a name (Kyverno namespace) or namespace/name. + imagePullSecrets from the resource namespace are also used. items: type: string type: array @@ -42440,8 +42492,8 @@ metadata: app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kyverno-crds - app.kubernetes.io/version: 3.7.1 - helm.sh/chart: crds-3.7.1 + app.kubernetes.io/version: 3.8.0 + helm.sh/chart: crds-3.8.0 annotations: controller-gen.kubebuilder.io/version: v0.20.0 name: policyexceptions.kyverno.io @@ -43685,8 +43737,8 @@ metadata: app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kyverno-crds - app.kubernetes.io/version: 3.7.1 - helm.sh/chart: crds-3.7.1 + app.kubernetes.io/version: 3.8.0 + helm.sh/chart: crds-3.8.0 annotations: controller-gen.kubebuilder.io/version: v0.20.0 name: updaterequests.kyverno.io @@ -44483,8 +44535,8 @@ metadata: app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kyverno-crds - app.kubernetes.io/version: 3.7.1 - helm.sh/chart: crds-3.7.1 + app.kubernetes.io/version: 3.8.0 + helm.sh/chart: crds-3.8.0 annotations: controller-gen.kubebuilder.io/version: v0.20.0 name: clusterephemeralreports.reports.kyverno.io @@ -44812,8 +44864,8 @@ metadata: app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kyverno-crds - app.kubernetes.io/version: 3.7.1 - helm.sh/chart: crds-3.7.1 + app.kubernetes.io/version: 3.8.0 + helm.sh/chart: crds-3.8.0 annotations: controller-gen.kubebuilder.io/version: v0.20.0 name: ephemeralreports.reports.kyverno.io @@ -45142,8 +45194,8 @@ metadata: app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kyverno-crds - app.kubernetes.io/version: 3.7.1 - helm.sh/chart: crds-3.7.1 + app.kubernetes.io/version: 3.8.0 + helm.sh/chart: crds-3.8.0 annotations: controller-gen.kubebuilder.io/version: v0.20.0 name: clusterpolicyreports.wgpolicyk8s.io @@ -45493,8 +45545,8 @@ metadata: app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kyverno-crds - app.kubernetes.io/version: 3.7.1 - helm.sh/chart: crds-3.7.1 + app.kubernetes.io/version: 3.8.0 + helm.sh/chart: crds-3.8.0 annotations: controller-gen.kubebuilder.io/version: v0.20.0 name: policyreports.wgpolicyk8s.io diff --git a/apps/kyverno/manifests/ClusterRole-kyverno:admission-controller.yml b/apps/kyverno/manifests/ClusterRole-kyverno:admission-controller.yml index cbbb184b..0274df7f 100644 --- a/apps/kyverno/manifests/ClusterRole-kyverno:admission-controller.yml +++ b/apps/kyverno/manifests/ClusterRole-kyverno:admission-controller.yml @@ -8,6 +8,7 @@ metadata: app.kubernetes.io/component: admission-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-admission-controller app.kubernetes.io/part-of: kyverno aggregationRule: clusterRoleSelectors: diff --git a/apps/kyverno/manifests/ClusterRole-kyverno:admission-controller:core.yml b/apps/kyverno/manifests/ClusterRole-kyverno:admission-controller:core.yml index 9fb7d1ba..02f0aac8 100644 --- a/apps/kyverno/manifests/ClusterRole-kyverno:admission-controller:core.yml +++ b/apps/kyverno/manifests/ClusterRole-kyverno:admission-controller:core.yml @@ -8,6 +8,7 @@ metadata: app.kubernetes.io/component: admission-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-admission-controller app.kubernetes.io/part-of: kyverno rules: - apiGroups: diff --git a/apps/kyverno/manifests/ClusterRole-kyverno:background-controller.yml b/apps/kyverno/manifests/ClusterRole-kyverno:background-controller.yml index 17aa8c4c..8502a8dd 100644 --- a/apps/kyverno/manifests/ClusterRole-kyverno:background-controller.yml +++ b/apps/kyverno/manifests/ClusterRole-kyverno:background-controller.yml @@ -8,6 +8,7 @@ metadata: app.kubernetes.io/component: background-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-background-controller app.kubernetes.io/part-of: kyverno aggregationRule: clusterRoleSelectors: diff --git a/apps/kyverno/manifests/ClusterRole-kyverno:background-controller:core.yml b/apps/kyverno/manifests/ClusterRole-kyverno:background-controller:core.yml index 2b02a07e..a48b1813 100644 --- a/apps/kyverno/manifests/ClusterRole-kyverno:background-controller:core.yml +++ b/apps/kyverno/manifests/ClusterRole-kyverno:background-controller:core.yml @@ -8,6 +8,7 @@ metadata: app.kubernetes.io/component: background-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-background-controller app.kubernetes.io/part-of: kyverno rules: - apiGroups: diff --git a/apps/kyverno/manifests/ClusterRole-kyverno:cleanup-controller.yml b/apps/kyverno/manifests/ClusterRole-kyverno:cleanup-controller.yml index 29d7db3d..c31d413f 100644 --- a/apps/kyverno/manifests/ClusterRole-kyverno:cleanup-controller.yml +++ b/apps/kyverno/manifests/ClusterRole-kyverno:cleanup-controller.yml @@ -8,6 +8,7 @@ metadata: app.kubernetes.io/component: cleanup-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-cleanup-controller app.kubernetes.io/part-of: kyverno aggregationRule: clusterRoleSelectors: diff --git a/apps/kyverno/manifests/ClusterRole-kyverno:cleanup-controller:core.yml b/apps/kyverno/manifests/ClusterRole-kyverno:cleanup-controller:core.yml index b222288a..12d25894 100644 --- a/apps/kyverno/manifests/ClusterRole-kyverno:cleanup-controller:core.yml +++ b/apps/kyverno/manifests/ClusterRole-kyverno:cleanup-controller:core.yml @@ -8,6 +8,7 @@ metadata: app.kubernetes.io/component: cleanup-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-cleanup-controller app.kubernetes.io/part-of: kyverno rules: - apiGroups: diff --git a/apps/kyverno/manifests/ClusterRole-kyverno:migrate-resources.yml b/apps/kyverno/manifests/ClusterRole-kyverno:migrate-resources.yml index f0b8a20c..a17e5cae 100644 --- a/apps/kyverno/manifests/ClusterRole-kyverno:migrate-resources.yml +++ b/apps/kyverno/manifests/ClusterRole-kyverno:migrate-resources.yml @@ -8,6 +8,7 @@ metadata: app.kubernetes.io/component: hooks app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-hooks app.kubernetes.io/part-of: kyverno annotations: helm.sh/hook: post-upgrade diff --git a/apps/kyverno/manifests/ClusterRole-kyverno:reports-controller.yml b/apps/kyverno/manifests/ClusterRole-kyverno:reports-controller.yml index c9386ef7..b528d185 100644 --- a/apps/kyverno/manifests/ClusterRole-kyverno:reports-controller.yml +++ b/apps/kyverno/manifests/ClusterRole-kyverno:reports-controller.yml @@ -8,6 +8,7 @@ metadata: app.kubernetes.io/component: reports-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-reports-controller app.kubernetes.io/part-of: kyverno aggregationRule: clusterRoleSelectors: diff --git a/apps/kyverno/manifests/ClusterRole-kyverno:reports-controller:core.yml b/apps/kyverno/manifests/ClusterRole-kyverno:reports-controller:core.yml index 513ec32d..e42edbc7 100644 --- a/apps/kyverno/manifests/ClusterRole-kyverno:reports-controller:core.yml +++ b/apps/kyverno/manifests/ClusterRole-kyverno:reports-controller:core.yml @@ -8,6 +8,7 @@ metadata: app.kubernetes.io/component: reports-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-reports-controller app.kubernetes.io/part-of: kyverno rules: - apiGroups: diff --git a/apps/kyverno/manifests/ClusterRoleBinding-kyverno:admission-controller.yml b/apps/kyverno/manifests/ClusterRoleBinding-kyverno:admission-controller.yml index 6076aa21..4d46e070 100644 --- a/apps/kyverno/manifests/ClusterRoleBinding-kyverno:admission-controller.yml +++ b/apps/kyverno/manifests/ClusterRoleBinding-kyverno:admission-controller.yml @@ -8,6 +8,7 @@ metadata: app.kubernetes.io/component: admission-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-admission-controller app.kubernetes.io/part-of: kyverno roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/apps/kyverno/manifests/ClusterRoleBinding-kyverno:admission-controller:view.yml b/apps/kyverno/manifests/ClusterRoleBinding-kyverno:admission-controller:view.yml index 5ff87eaa..6d9cda36 100644 --- a/apps/kyverno/manifests/ClusterRoleBinding-kyverno:admission-controller:view.yml +++ b/apps/kyverno/manifests/ClusterRoleBinding-kyverno:admission-controller:view.yml @@ -8,6 +8,7 @@ metadata: app.kubernetes.io/component: admission-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-admission-controller app.kubernetes.io/part-of: kyverno roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/apps/kyverno/manifests/ClusterRoleBinding-kyverno:background-controller.yml b/apps/kyverno/manifests/ClusterRoleBinding-kyverno:background-controller.yml index 0693977e..43a2260f 100644 --- a/apps/kyverno/manifests/ClusterRoleBinding-kyverno:background-controller.yml +++ b/apps/kyverno/manifests/ClusterRoleBinding-kyverno:background-controller.yml @@ -8,6 +8,7 @@ metadata: app.kubernetes.io/component: background-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-background-controller app.kubernetes.io/part-of: kyverno roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/apps/kyverno/manifests/ClusterRoleBinding-kyverno:background-controller:view.yml b/apps/kyverno/manifests/ClusterRoleBinding-kyverno:background-controller:view.yml index 0bab21e6..f4598c84 100644 --- a/apps/kyverno/manifests/ClusterRoleBinding-kyverno:background-controller:view.yml +++ b/apps/kyverno/manifests/ClusterRoleBinding-kyverno:background-controller:view.yml @@ -8,6 +8,7 @@ metadata: app.kubernetes.io/component: background-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-background-controller app.kubernetes.io/part-of: kyverno roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/apps/kyverno/manifests/ClusterRoleBinding-kyverno:cleanup-controller.yml b/apps/kyverno/manifests/ClusterRoleBinding-kyverno:cleanup-controller.yml index 506e0a21..7dccef01 100644 --- a/apps/kyverno/manifests/ClusterRoleBinding-kyverno:cleanup-controller.yml +++ b/apps/kyverno/manifests/ClusterRoleBinding-kyverno:cleanup-controller.yml @@ -8,6 +8,7 @@ metadata: app.kubernetes.io/component: cleanup-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-cleanup-controller app.kubernetes.io/part-of: kyverno roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/apps/kyverno/manifests/ClusterRoleBinding-kyverno:migrate-resources.yml b/apps/kyverno/manifests/ClusterRoleBinding-kyverno:migrate-resources.yml index 92328e7d..6495e8c8 100644 --- a/apps/kyverno/manifests/ClusterRoleBinding-kyverno:migrate-resources.yml +++ b/apps/kyverno/manifests/ClusterRoleBinding-kyverno:migrate-resources.yml @@ -8,6 +8,7 @@ metadata: app.kubernetes.io/component: hooks app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-hooks app.kubernetes.io/part-of: kyverno annotations: helm.sh/hook: post-upgrade diff --git a/apps/kyverno/manifests/ClusterRoleBinding-kyverno:reports-controller.yml b/apps/kyverno/manifests/ClusterRoleBinding-kyverno:reports-controller.yml index 03953b0d..61670cd7 100644 --- a/apps/kyverno/manifests/ClusterRoleBinding-kyverno:reports-controller.yml +++ b/apps/kyverno/manifests/ClusterRoleBinding-kyverno:reports-controller.yml @@ -8,6 +8,7 @@ metadata: app.kubernetes.io/component: reports-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-reports-controller app.kubernetes.io/part-of: kyverno roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/apps/kyverno/manifests/ClusterRoleBinding-kyverno:reports-controller:view.yml b/apps/kyverno/manifests/ClusterRoleBinding-kyverno:reports-controller:view.yml index e904741b..c3625727 100644 --- a/apps/kyverno/manifests/ClusterRoleBinding-kyverno:reports-controller:view.yml +++ b/apps/kyverno/manifests/ClusterRoleBinding-kyverno:reports-controller:view.yml @@ -8,6 +8,7 @@ metadata: app.kubernetes.io/component: reports-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-reports-controller app.kubernetes.io/part-of: kyverno roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/apps/kyverno/manifests/Deployment-kyverno-admission-controller.yml b/apps/kyverno/manifests/Deployment-kyverno-admission-controller.yml index b5fd7eda..010b3b86 100644 --- a/apps/kyverno/manifests/Deployment-kyverno-admission-controller.yml +++ b/apps/kyverno/manifests/Deployment-kyverno-admission-controller.yml @@ -9,6 +9,7 @@ metadata: app.kubernetes.io/component: admission-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-admission-controller app.kubernetes.io/part-of: kyverno spec: replicas: 3 @@ -29,6 +30,7 @@ spec: app.kubernetes.io/component: admission-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-admission-controller app.kubernetes.io/part-of: kyverno spec: nodeSelector: @@ -51,7 +53,7 @@ spec: automountServiceAccountToken: true initContainers: - name: kyverno-pre - image: "reg.kyverno.io/kyverno/kyvernopre:v1.17.1" + image: "reg.kyverno.io/kyverno/kyvernopre:v1.18.0" imagePullPolicy: IfNotPresent args: - --loggingFormat=text @@ -71,7 +73,9 @@ spec: - ALL privileged: false readOnlyRootFilesystem: true + runAsGroup: 65534 runAsNonRoot: true + runAsUser: 65534 seccompProfile: type: RuntimeDefault env: @@ -97,7 +101,7 @@ spec: value: kyverno-svc containers: - name: kyverno - image: "reg.kyverno.io/kyverno/kyverno:v1.17.1" + image: "reg.kyverno.io/kyverno/kyverno:v1.18.0" imagePullPolicy: IfNotPresent args: - --caSecretName=kyverno-svc.kyverno.svc.kyverno-tls-ca @@ -124,6 +128,7 @@ spec: - --generateMutatingAdmissionPolicy=false - --dumpPatches=false - --maxAPICallResponseLength=2000000 + - --apiCallTimeout=30s - --loggingFormat=text - --v=2 - --omitEvents=PolicyViolation,PolicyApplied,PolicySkipped @@ -145,7 +150,9 @@ spec: - ALL privileged: false readOnlyRootFilesystem: true + runAsGroup: 65534 runAsNonRoot: true + runAsUser: 65534 seccompProfile: type: RuntimeDefault ports: @@ -209,6 +216,17 @@ spec: volumeMounts: - mountPath: /.sigstore name: sigstore + - name: apicall-token + mountPath: /var/run/secrets/kyverno/apicall + readOnly: true volumes: - name: sigstore emptyDir: {} + - name: apicall-token + projected: + defaultMode: 0444 + sources: + - serviceAccountToken: + path: token + expirationSeconds: 3600 + audience: kyverno-svc.kyverno.io diff --git a/apps/kyverno/manifests/Deployment-kyverno-background-controller.yml b/apps/kyverno/manifests/Deployment-kyverno-background-controller.yml index c27fd5fb..c053cd2b 100644 --- a/apps/kyverno/manifests/Deployment-kyverno-background-controller.yml +++ b/apps/kyverno/manifests/Deployment-kyverno-background-controller.yml @@ -9,6 +9,7 @@ metadata: app.kubernetes.io/component: background-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-background-controller app.kubernetes.io/part-of: kyverno spec: replicas: @@ -29,6 +30,7 @@ spec: app.kubernetes.io/component: background-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-background-controller app.kubernetes.io/part-of: kyverno spec: nodeSelector: @@ -51,7 +53,7 @@ spec: automountServiceAccountToken: true containers: - name: controller - image: "reg.kyverno.io/kyverno/background-controller:v1.17.1" + image: "reg.kyverno.io/kyverno/background-controller:v1.18.0" imagePullPolicy: IfNotPresent ports: - containerPort: 9443 @@ -66,8 +68,10 @@ spec: - --metricsPort=8000 - --resyncPeriod=15m - --enableConfigMapCaching=true + - --controllerRuntimeMetricsAddress=:8080 - --enableDeferredLoading=true - --maxAPICallResponseLength=2000000 + - --apiCallTimeout=30s - --loggingFormat=text - --v=2 - --omitEvents=PolicyViolation,PolicyApplied,PolicySkipped @@ -103,6 +107,21 @@ spec: - ALL privileged: false readOnlyRootFilesystem: true + runAsGroup: 65534 runAsNonRoot: true + runAsUser: 65534 seccompProfile: type: RuntimeDefault + volumeMounts: + - name: apicall-token + mountPath: /var/run/secrets/kyverno/apicall + readOnly: true + volumes: + - name: apicall-token + projected: + defaultMode: 0444 + sources: + - serviceAccountToken: + path: token + expirationSeconds: 3600 + audience: kyverno-svc.kyverno.io diff --git a/apps/kyverno/manifests/Deployment-kyverno-cleanup-controller.yml b/apps/kyverno/manifests/Deployment-kyverno-cleanup-controller.yml index 2263b1da..5fc3188a 100644 --- a/apps/kyverno/manifests/Deployment-kyverno-cleanup-controller.yml +++ b/apps/kyverno/manifests/Deployment-kyverno-cleanup-controller.yml @@ -9,6 +9,7 @@ metadata: app.kubernetes.io/component: cleanup-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-cleanup-controller app.kubernetes.io/part-of: kyverno spec: replicas: @@ -29,6 +30,7 @@ spec: app.kubernetes.io/component: cleanup-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-cleanup-controller app.kubernetes.io/part-of: kyverno spec: nodeSelector: @@ -51,7 +53,7 @@ spec: automountServiceAccountToken: true containers: - name: controller - image: "reg.kyverno.io/kyverno/cleanup-controller:v1.17.1" + image: "reg.kyverno.io/kyverno/cleanup-controller:v1.18.0" imagePullPolicy: IfNotPresent ports: - containerPort: 9443 @@ -73,6 +75,7 @@ spec: - --enableDeferredLoading=true - --dumpPayload=false - --maxAPICallResponseLength=2000000 + - --apiCallTimeout=30s - --loggingFormat=text - --v=2 - --protectManagedResources=false @@ -111,7 +114,9 @@ spec: - ALL privileged: false readOnlyRootFilesystem: true + runAsGroup: 65534 runAsNonRoot: true + runAsUser: 65534 seccompProfile: type: RuntimeDefault startupProbe: @@ -142,3 +147,16 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 + volumeMounts: + - name: apicall-token + mountPath: /var/run/secrets/kyverno/apicall + readOnly: true + volumes: + - name: apicall-token + projected: + defaultMode: 0444 + sources: + - serviceAccountToken: + path: token + expirationSeconds: 3600 + audience: kyverno-svc.kyverno.io diff --git a/apps/kyverno/manifests/Deployment-kyverno-reports-controller.yml b/apps/kyverno/manifests/Deployment-kyverno-reports-controller.yml index b9316a4e..a850abf0 100644 --- a/apps/kyverno/manifests/Deployment-kyverno-reports-controller.yml +++ b/apps/kyverno/manifests/Deployment-kyverno-reports-controller.yml @@ -9,6 +9,7 @@ metadata: app.kubernetes.io/component: reports-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-reports-controller app.kubernetes.io/part-of: kyverno spec: replicas: @@ -29,6 +30,7 @@ spec: app.kubernetes.io/component: reports-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-reports-controller app.kubernetes.io/part-of: kyverno spec: nodeSelector: @@ -51,7 +53,7 @@ spec: automountServiceAccountToken: true containers: - name: controller - image: "reg.kyverno.io/kyverno/reports-controller:v1.17.1" + image: "reg.kyverno.io/kyverno/reports-controller:v1.18.0" imagePullPolicy: IfNotPresent ports: - containerPort: 9443 @@ -78,6 +80,7 @@ spec: - --enableConfigMapCaching=true - --enableDeferredLoading=true - --maxAPICallResponseLength=2000000 + - --apiCallTimeout=30s - --loggingFormat=text - --v=2 - --omitEvents=PolicyViolation,PolicyApplied,PolicySkipped @@ -117,12 +120,25 @@ spec: - ALL privileged: false readOnlyRootFilesystem: true + runAsGroup: 65534 runAsNonRoot: true + runAsUser: 65534 seccompProfile: type: RuntimeDefault volumeMounts: - mountPath: /.sigstore name: sigstore + - name: apicall-token + mountPath: /var/run/secrets/kyverno/apicall + readOnly: true volumes: - name: sigstore emptyDir: {} + - name: apicall-token + projected: + defaultMode: 0444 + sources: + - serviceAccountToken: + path: token + expirationSeconds: 3600 + audience: kyverno-svc.kyverno.io diff --git a/apps/kyverno/manifests/Job-kyverno-migrate-resources.yml b/apps/kyverno/manifests/Job-kyverno-migrate-resources.yml index 7480d98a..28324988 100644 --- a/apps/kyverno/manifests/Job-kyverno-migrate-resources.yml +++ b/apps/kyverno/manifests/Job-kyverno-migrate-resources.yml @@ -9,6 +9,7 @@ metadata: app.kubernetes.io/component: hooks app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-hooks app.kubernetes.io/part-of: kyverno annotations: helm.sh/hook: post-upgrade @@ -22,8 +23,8 @@ spec: automountServiceAccountToken: true restartPolicy: Never containers: - - name: kubectl - image: "reg.kyverno.io/kyverno/kyverno-cli:v1.17.1" + - name: kyverno-cli + image: "reg.kyverno.io/kyverno/kyverno-cli:v1.18.0" imagePullPolicy: IfNotPresent args: - migrate diff --git a/apps/kyverno/manifests/Job-kyverno-rm-validatingwhconfig.yml b/apps/kyverno/manifests/Job-kyverno-rm-validatingwhconfig.yml deleted file mode 100644 index 654bcf3b..00000000 --- a/apps/kyverno/manifests/Job-kyverno-rm-validatingwhconfig.yml +++ /dev/null @@ -1,52 +0,0 @@ ---- -# Source: kyverno/templates/hooks/pre-delete-remove-validatingwebhookconfiguration.yaml -apiVersion: batch/v1 -kind: Job -metadata: - name: kyverno-rm-validatingwhconfig - namespace: kyverno - labels: - app.kubernetes.io/component: hooks - app.kubernetes.io/instance: kyverno - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: kyverno - annotations: - helm.sh/hook: pre-delete - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded,hook-failed - helm.sh/hook-weight: "100" -spec: - backoffLimit: 2 - template: - spec: - serviceAccountName: kyverno-admission-controller - automountServiceAccountToken: true - restartPolicy: Never - containers: - - name: kubectl - image: "registry.k8s.io/kubectl:v1.34.3" - imagePullPolicy: - command: - - kubectl - - delete - - validatingwebhookconfiguration - - -l - - webhook.kyverno.io/managed-by=kyverno - resources: - limits: - cpu: 100m - memory: 256Mi - requests: - cpu: 10m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 65534 - runAsNonRoot: true - runAsUser: 65534 - seccompProfile: - type: RuntimeDefault diff --git a/apps/kyverno/manifests/Job-kyverno-rm-mutatingwhconfig.yml b/apps/kyverno/manifests/Job-kyverno-rm-webhooks.yml similarity index 76% rename from apps/kyverno/manifests/Job-kyverno-rm-mutatingwhconfig.yml rename to apps/kyverno/manifests/Job-kyverno-rm-webhooks.yml index 34893f69..c550f91f 100644 --- a/apps/kyverno/manifests/Job-kyverno-rm-mutatingwhconfig.yml +++ b/apps/kyverno/manifests/Job-kyverno-rm-webhooks.yml @@ -1,14 +1,15 @@ --- -# Source: kyverno/templates/hooks/pre-delete-remove-mutatingwebhookconfiguration.yaml +# Source: kyverno/templates/hooks/pre-delete-remove-webhooks.yaml apiVersion: batch/v1 kind: Job metadata: - name: kyverno-rm-mutatingwhconfig + name: kyverno-rm-webhooks namespace: kyverno labels: app.kubernetes.io/component: hooks app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-hooks app.kubernetes.io/part-of: kyverno annotations: helm.sh/hook: pre-delete @@ -23,14 +24,10 @@ spec: restartPolicy: Never containers: - name: kubectl - image: "registry.k8s.io/kubectl:v1.34.3" + image: "ghcr.io/kyverno/readiness-checker:v1.18.0" imagePullPolicy: - command: - - kubectl - - delete - - mutatingwebhookconfiguration - - -l - - webhook.kyverno.io/managed-by=kyverno + args: + - delete-webhooks resources: limits: cpu: 100m diff --git a/apps/kyverno/manifests/Job-kyverno-scale-to-zero.yml b/apps/kyverno/manifests/Job-kyverno-scale-to-zero.yml index e663c87d..fdb7c673 100644 --- a/apps/kyverno/manifests/Job-kyverno-scale-to-zero.yml +++ b/apps/kyverno/manifests/Job-kyverno-scale-to-zero.yml @@ -9,6 +9,7 @@ metadata: app.kubernetes.io/component: hooks app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-hooks app.kubernetes.io/part-of: kyverno annotations: helm.sh/hook: pre-delete @@ -23,17 +24,10 @@ spec: restartPolicy: Never containers: - name: kubectl - image: "registry.k8s.io/kubectl:v1.34.3" + image: "ghcr.io/kyverno/readiness-checker:v1.18.0" imagePullPolicy: - command: - - kubectl - - scale - - -n - - kyverno - - deployment - - -l - - app.kubernetes.io/part-of=kyverno - - --replicas=0 + args: + - scale-deploy resources: limits: cpu: 100m diff --git a/apps/kyverno/manifests/Pod-kyverno-admission-controller-metrics.yml b/apps/kyverno/manifests/Pod-kyverno-admission-controller-metrics.yml index 9e6c1f79..c3360bc5 100644 --- a/apps/kyverno/manifests/Pod-kyverno-admission-controller-metrics.yml +++ b/apps/kyverno/manifests/Pod-kyverno-admission-controller-metrics.yml @@ -17,7 +17,7 @@ spec: restartPolicy: Never containers: - name: test - image: ghcr.io/kyverno/readiness-checker:v0.1.0 + image: ghcr.io/kyverno/readiness-checker:latest imagePullPolicy: IfNotPresent resources: limits: diff --git a/apps/kyverno/manifests/Pod-kyverno-cleanup-controller-liveness.yml b/apps/kyverno/manifests/Pod-kyverno-cleanup-controller-liveness.yml index 5f03b478..d252b892 100644 --- a/apps/kyverno/manifests/Pod-kyverno-cleanup-controller-liveness.yml +++ b/apps/kyverno/manifests/Pod-kyverno-cleanup-controller-liveness.yml @@ -17,7 +17,7 @@ spec: restartPolicy: Never containers: - name: test - image: ghcr.io/kyverno/readiness-checker:v0.1.0 + image: ghcr.io/kyverno/readiness-checker:latest imagePullPolicy: IfNotPresent resources: limits: diff --git a/apps/kyverno/manifests/Pod-kyverno-cleanup-controller-metrics.yml b/apps/kyverno/manifests/Pod-kyverno-cleanup-controller-metrics.yml index 537d7f60..4b380ade 100644 --- a/apps/kyverno/manifests/Pod-kyverno-cleanup-controller-metrics.yml +++ b/apps/kyverno/manifests/Pod-kyverno-cleanup-controller-metrics.yml @@ -17,7 +17,7 @@ spec: restartPolicy: Never containers: - name: test - image: ghcr.io/kyverno/readiness-checker:v0.1.0 + image: ghcr.io/kyverno/readiness-checker:latest imagePullPolicy: IfNotPresent resources: limits: diff --git a/apps/kyverno/manifests/Pod-kyverno-cleanup-controller-readiness.yml b/apps/kyverno/manifests/Pod-kyverno-cleanup-controller-readiness.yml index b41901eb..8460586f 100644 --- a/apps/kyverno/manifests/Pod-kyverno-cleanup-controller-readiness.yml +++ b/apps/kyverno/manifests/Pod-kyverno-cleanup-controller-readiness.yml @@ -17,7 +17,7 @@ spec: restartPolicy: Never containers: - name: test - image: ghcr.io/kyverno/readiness-checker:v0.1.0 + image: ghcr.io/kyverno/readiness-checker:latest imagePullPolicy: IfNotPresent resources: limits: diff --git a/apps/kyverno/manifests/Pod-kyverno-reports-controller-metrics.yml b/apps/kyverno/manifests/Pod-kyverno-reports-controller-metrics.yml index 209fe984..61afd85c 100644 --- a/apps/kyverno/manifests/Pod-kyverno-reports-controller-metrics.yml +++ b/apps/kyverno/manifests/Pod-kyverno-reports-controller-metrics.yml @@ -17,7 +17,7 @@ spec: restartPolicy: Never containers: - name: test - image: ghcr.io/kyverno/readiness-checker:v0.1.0 + image: ghcr.io/kyverno/readiness-checker:latest imagePullPolicy: IfNotPresent resources: limits: diff --git a/apps/kyverno/manifests/PodDisruptionBudget-kyverno-admission-controller.yml b/apps/kyverno/manifests/PodDisruptionBudget-kyverno-admission-controller.yml index 58e5ebc4..3c4d0749 100644 --- a/apps/kyverno/manifests/PodDisruptionBudget-kyverno-admission-controller.yml +++ b/apps/kyverno/manifests/PodDisruptionBudget-kyverno-admission-controller.yml @@ -9,6 +9,7 @@ metadata: app.kubernetes.io/component: admission-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-admission-controller app.kubernetes.io/part-of: kyverno spec: minAvailable: 1 diff --git a/apps/kyverno/manifests/Role-kyverno:admission-controller.yml b/apps/kyverno/manifests/Role-kyverno:admission-controller.yml index a8aba8e5..a16de7e5 100644 --- a/apps/kyverno/manifests/Role-kyverno:admission-controller.yml +++ b/apps/kyverno/manifests/Role-kyverno:admission-controller.yml @@ -9,6 +9,7 @@ metadata: app.kubernetes.io/component: admission-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-admission-controller app.kubernetes.io/part-of: kyverno rules: - apiGroups: diff --git a/apps/kyverno/manifests/Role-kyverno:background-controller.yml b/apps/kyverno/manifests/Role-kyverno:background-controller.yml index 4353f55a..c047fb2d 100644 --- a/apps/kyverno/manifests/Role-kyverno:background-controller.yml +++ b/apps/kyverno/manifests/Role-kyverno:background-controller.yml @@ -8,6 +8,7 @@ metadata: app.kubernetes.io/component: background-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-background-controller app.kubernetes.io/part-of: kyverno namespace: kyverno rules: diff --git a/apps/kyverno/manifests/Role-kyverno:cleanup-controller.yml b/apps/kyverno/manifests/Role-kyverno:cleanup-controller.yml index 32f58c91..4f431e2a 100644 --- a/apps/kyverno/manifests/Role-kyverno:cleanup-controller.yml +++ b/apps/kyverno/manifests/Role-kyverno:cleanup-controller.yml @@ -8,6 +8,7 @@ metadata: app.kubernetes.io/component: cleanup-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-cleanup-controller app.kubernetes.io/part-of: kyverno namespace: kyverno rules: @@ -30,6 +31,8 @@ rules: resourceNames: - kyverno-cleanup-controller.kyverno.svc.kyverno-tls-ca - kyverno-cleanup-controller.kyverno.svc.kyverno-tls-pair + - kyverno-cleanup-controller.kyverno.metering.kyverno-tls-ca + - kyverno-cleanup-controller.kyverno.metering.kyverno-tls-pair - apiGroups: - '' resources: diff --git a/apps/kyverno/manifests/Role-kyverno:reports-controller.yml b/apps/kyverno/manifests/Role-kyverno:reports-controller.yml index ae29f052..d9177940 100644 --- a/apps/kyverno/manifests/Role-kyverno:reports-controller.yml +++ b/apps/kyverno/manifests/Role-kyverno:reports-controller.yml @@ -8,6 +8,7 @@ metadata: app.kubernetes.io/component: reports-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-reports-controller app.kubernetes.io/part-of: kyverno namespace: kyverno rules: diff --git a/apps/kyverno/manifests/RoleBinding-kyverno:admission-controller.yml b/apps/kyverno/manifests/RoleBinding-kyverno:admission-controller.yml index 3062ba39..b5f06d01 100644 --- a/apps/kyverno/manifests/RoleBinding-kyverno:admission-controller.yml +++ b/apps/kyverno/manifests/RoleBinding-kyverno:admission-controller.yml @@ -9,6 +9,7 @@ metadata: app.kubernetes.io/component: admission-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-admission-controller app.kubernetes.io/part-of: kyverno roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/apps/kyverno/manifests/RoleBinding-kyverno:background-controller.yml b/apps/kyverno/manifests/RoleBinding-kyverno:background-controller.yml index c3483161..39867754 100644 --- a/apps/kyverno/manifests/RoleBinding-kyverno:background-controller.yml +++ b/apps/kyverno/manifests/RoleBinding-kyverno:background-controller.yml @@ -8,6 +8,7 @@ metadata: app.kubernetes.io/component: background-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-background-controller app.kubernetes.io/part-of: kyverno namespace: kyverno roleRef: diff --git a/apps/kyverno/manifests/RoleBinding-kyverno:cleanup-controller.yml b/apps/kyverno/manifests/RoleBinding-kyverno:cleanup-controller.yml index c5209740..29edf2d3 100644 --- a/apps/kyverno/manifests/RoleBinding-kyverno:cleanup-controller.yml +++ b/apps/kyverno/manifests/RoleBinding-kyverno:cleanup-controller.yml @@ -8,6 +8,7 @@ metadata: app.kubernetes.io/component: cleanup-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-cleanup-controller app.kubernetes.io/part-of: kyverno namespace: kyverno roleRef: diff --git a/apps/kyverno/manifests/RoleBinding-kyverno:reports-controller.yml b/apps/kyverno/manifests/RoleBinding-kyverno:reports-controller.yml index 0514df57..690d0f51 100644 --- a/apps/kyverno/manifests/RoleBinding-kyverno:reports-controller.yml +++ b/apps/kyverno/manifests/RoleBinding-kyverno:reports-controller.yml @@ -8,6 +8,7 @@ metadata: app.kubernetes.io/component: reports-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-reports-controller app.kubernetes.io/part-of: kyverno namespace: kyverno roleRef: diff --git a/apps/kyverno/manifests/Service-kyverno-background-controller-metrics.yml b/apps/kyverno/manifests/Service-kyverno-background-controller-metrics.yml index e8135c0f..a07257e7 100644 --- a/apps/kyverno/manifests/Service-kyverno-background-controller-metrics.yml +++ b/apps/kyverno/manifests/Service-kyverno-background-controller-metrics.yml @@ -9,6 +9,7 @@ metadata: app.kubernetes.io/component: background-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-background-controller app.kubernetes.io/part-of: kyverno spec: ports: diff --git a/apps/kyverno/manifests/Service-kyverno-cleanup-controller-metrics.yml b/apps/kyverno/manifests/Service-kyverno-cleanup-controller-metrics.yml index 13210b53..5050ca9e 100644 --- a/apps/kyverno/manifests/Service-kyverno-cleanup-controller-metrics.yml +++ b/apps/kyverno/manifests/Service-kyverno-cleanup-controller-metrics.yml @@ -9,6 +9,7 @@ metadata: app.kubernetes.io/component: cleanup-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-cleanup-controller app.kubernetes.io/part-of: kyverno spec: ports: diff --git a/apps/kyverno/manifests/Service-kyverno-cleanup-controller.yml b/apps/kyverno/manifests/Service-kyverno-cleanup-controller.yml index c6a6deb8..31080253 100644 --- a/apps/kyverno/manifests/Service-kyverno-cleanup-controller.yml +++ b/apps/kyverno/manifests/Service-kyverno-cleanup-controller.yml @@ -9,6 +9,7 @@ metadata: app.kubernetes.io/component: cleanup-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-cleanup-controller app.kubernetes.io/part-of: kyverno spec: ports: diff --git a/apps/kyverno/manifests/Service-kyverno-reports-controller-metrics.yml b/apps/kyverno/manifests/Service-kyverno-reports-controller-metrics.yml index 23ab5ff2..7faf0370 100644 --- a/apps/kyverno/manifests/Service-kyverno-reports-controller-metrics.yml +++ b/apps/kyverno/manifests/Service-kyverno-reports-controller-metrics.yml @@ -9,6 +9,7 @@ metadata: app.kubernetes.io/component: reports-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-reports-controller app.kubernetes.io/part-of: kyverno spec: ports: diff --git a/apps/kyverno/manifests/Service-kyverno-svc-metrics.yml b/apps/kyverno/manifests/Service-kyverno-svc-metrics.yml index c66a0edb..ce45b50e 100644 --- a/apps/kyverno/manifests/Service-kyverno-svc-metrics.yml +++ b/apps/kyverno/manifests/Service-kyverno-svc-metrics.yml @@ -9,6 +9,7 @@ metadata: app.kubernetes.io/component: admission-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-admission-controller app.kubernetes.io/part-of: kyverno spec: ports: diff --git a/apps/kyverno/manifests/Service-kyverno-svc.yml b/apps/kyverno/manifests/Service-kyverno-svc.yml index 6737d9fe..fb718232 100644 --- a/apps/kyverno/manifests/Service-kyverno-svc.yml +++ b/apps/kyverno/manifests/Service-kyverno-svc.yml @@ -9,6 +9,7 @@ metadata: app.kubernetes.io/component: admission-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-admission-controller app.kubernetes.io/part-of: kyverno spec: ports: diff --git a/apps/kyverno/manifests/ServiceAccount-kyverno-admission-controller.yml b/apps/kyverno/manifests/ServiceAccount-kyverno-admission-controller.yml index c94aa9eb..66584d70 100644 --- a/apps/kyverno/manifests/ServiceAccount-kyverno-admission-controller.yml +++ b/apps/kyverno/manifests/ServiceAccount-kyverno-admission-controller.yml @@ -9,5 +9,6 @@ metadata: app.kubernetes.io/component: admission-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-admission-controller app.kubernetes.io/part-of: kyverno automountServiceAccountToken: false diff --git a/apps/kyverno/manifests/ServiceAccount-kyverno-background-controller.yml b/apps/kyverno/manifests/ServiceAccount-kyverno-background-controller.yml index 0a5f97c7..f2b78c75 100644 --- a/apps/kyverno/manifests/ServiceAccount-kyverno-background-controller.yml +++ b/apps/kyverno/manifests/ServiceAccount-kyverno-background-controller.yml @@ -9,5 +9,6 @@ metadata: app.kubernetes.io/component: background-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-background-controller app.kubernetes.io/part-of: kyverno automountServiceAccountToken: false diff --git a/apps/kyverno/manifests/ServiceAccount-kyverno-cleanup-controller.yml b/apps/kyverno/manifests/ServiceAccount-kyverno-cleanup-controller.yml index c4c8e75d..bc7debff 100644 --- a/apps/kyverno/manifests/ServiceAccount-kyverno-cleanup-controller.yml +++ b/apps/kyverno/manifests/ServiceAccount-kyverno-cleanup-controller.yml @@ -9,5 +9,6 @@ metadata: app.kubernetes.io/component: cleanup-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-cleanup-controller app.kubernetes.io/part-of: kyverno automountServiceAccountToken: false diff --git a/apps/kyverno/manifests/ServiceAccount-kyverno-migrate-resources.yml b/apps/kyverno/manifests/ServiceAccount-kyverno-migrate-resources.yml index 9c674749..021da672 100644 --- a/apps/kyverno/manifests/ServiceAccount-kyverno-migrate-resources.yml +++ b/apps/kyverno/manifests/ServiceAccount-kyverno-migrate-resources.yml @@ -9,6 +9,7 @@ metadata: app.kubernetes.io/component: hooks app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-hooks app.kubernetes.io/part-of: kyverno annotations: helm.sh/hook: post-upgrade diff --git a/apps/kyverno/manifests/ServiceAccount-kyverno-reports-controller.yml b/apps/kyverno/manifests/ServiceAccount-kyverno-reports-controller.yml index 5a94cd38..a6c74779 100644 --- a/apps/kyverno/manifests/ServiceAccount-kyverno-reports-controller.yml +++ b/apps/kyverno/manifests/ServiceAccount-kyverno-reports-controller.yml @@ -9,5 +9,6 @@ metadata: app.kubernetes.io/component: reports-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyverno-reports-controller app.kubernetes.io/part-of: kyverno automountServiceAccountToken: false diff --git a/apps/kyverno/release.yaml b/apps/kyverno/release.yaml index 6d7b1132..97eb1ca8 100644 --- a/apps/kyverno/release.yaml +++ b/apps/kyverno/release.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: kyverno - version: 3.7.1 + version: 3.8.0 sourceRef: kind: HelmRepository name: kyverno