85 lines
2.4 KiB
YAML
85 lines
2.4 KiB
YAML
{{ if .Values.kyverno.enabled }}
|
|
apiVersion: argoproj.io/v1alpha1
|
|
kind: Application
|
|
metadata:
|
|
name: kyverno
|
|
namespace: argocd
|
|
annotations:
|
|
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
|
|
finalizers:
|
|
- resources-finalizer.argocd.argoproj.io
|
|
spec:
|
|
destination:
|
|
namespace: kyverno
|
|
server: 'https://kubernetes.default.svc'
|
|
sources:
|
|
- repoURL: {{ .Values.cluster_config.manifests }}
|
|
path: {{ .Values.cluster_config.policies }}/kyverno
|
|
targetRevision: HEAD
|
|
- repoURL: 'https://kyverno.github.io/kyverno/'
|
|
targetRevision: {{ .Values.kyverno.version }}
|
|
chart: kyverno
|
|
helm:
|
|
values: |
|
|
replicaCount: 3
|
|
{{ if .Values.kyverno.metrics }}
|
|
admissionController:
|
|
serviceMonitor:
|
|
enabled: true
|
|
metricsService:
|
|
create: true
|
|
backgroundController:
|
|
serviceMonitor:
|
|
enabled: true
|
|
metricsService:
|
|
create: true
|
|
cleanupController:
|
|
serviceMonitor:
|
|
enabled: true
|
|
metricsService:
|
|
create: true
|
|
reportsController:
|
|
serviceMonitor:
|
|
enabled: true
|
|
metricsService:
|
|
create: true
|
|
{{ end }}
|
|
cleanupController:
|
|
resources:
|
|
limits:
|
|
memory: {{ .Values.kyverno.resources.cleanupController.memory }}
|
|
requests:
|
|
memory: {{ .Values.kyverno.resources.cleanupController.memory }}
|
|
reportsController:
|
|
resources:
|
|
limits:
|
|
memory: {{ .Values.kyverno.resources.reportsController.memory }}
|
|
requests:
|
|
memory: {{ .Values.kyverno.resources.reportsController.memory }}
|
|
backgroundController:
|
|
resources:
|
|
limits:
|
|
memory: {{ .Values.kyverno.resources.backgroundController.memory }}
|
|
requests:
|
|
memory: {{ .Values.kyverno.resources.backgroundController.memory }}
|
|
project: sys
|
|
syncPolicy:
|
|
managedNamespaceMetadata:
|
|
labels:
|
|
component: sys
|
|
syncOptions:
|
|
- CreateNamespace=true
|
|
- ApplyOutOfSyncOnly=true
|
|
- ServerSideApply=true
|
|
{{- if .Values.kyverno.autosync }}
|
|
automated:
|
|
prune: true
|
|
# selfHeal: false
|
|
{{- end }}
|
|
ignoreDifferences:
|
|
- group: batch
|
|
kind: CronJob
|
|
jqPathExpressions:
|
|
- '.spec.jobTemplate.spec.template.spec.containers[]?.resources'
|
|
{{ end }}
|