Skip to content

Commit

Permalink
Update Kyverno Config from upstream, patch to allow kube-system
Browse files Browse the repository at this point in the history
  • Loading branch information
@ffilippopoulos
ffilippopoulos committed Dec 6, 2024
1 parent e19503a commit 4de43ad
Showing 1 changed file with 6 additions and 9 deletions.
15 changes: 6 additions & 9 deletions kyverno/deploy/kyverno-config-patch.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ data:
generateSuccessEvents: "false"
excludeGroups: "system:nodes"
resourceFilters: >-
[*/*,kyverno,*]
[Event,*,*]
[*/*,kube-public,*]
[*/*,kube-node-lease,*]
Expand All @@ -26,14 +27,8 @@ data:
[Pod/binding,*,*]
[ReplicaSet,*,*]
[ReplicaSet/*,*,*]
[AdmissionReport,*,*]
[AdmissionReport/*,*,*]
[ClusterAdmissionReport,*,*]
[ClusterAdmissionReport/*,*,*]
[BackgroundScanReport,*,*]
[BackgroundScanReport/*,*,*]
[ClusterBackgroundScanReport,*,*]
[ClusterBackgroundScanReport/*,*,*]
[EphemeralReport,*,*]
[ClusterEphemeralReport,*,*]
[ClusterRole,*,kyverno:admission-controller]
[ClusterRole,*,kyverno:admission-controller:core]
[ClusterRole,*,kyverno:admission-controller:additional]
Expand Down Expand Up @@ -120,4 +115,6 @@ data:
[ServiceMonitor,kyverno,kyverno-reports-controller]
[Secret,kyverno,kyverno-svc.kyverno.svc.*]
[Secret,kyverno,kyverno-cleanup-controller.kyverno.svc.*]
webhooks: '[{"namespaceSelector": {"matchExpressions": [{"key":"kubernetes.io/metadata.name","operator":"NotIn","values":["kyverno"]}]}}]'
updateRequestThreshold: "1000"
webhooks: "{\"namespaceSelector\":{\"matchExpressions\":[{\"key\":\"kubernetes.io/metadata.name\",\"operator\":\"NotIn\",\"values\":[\"kyverno\"]}],\"matchLabels\":null}}"
webhookAnnotations: "{\"admissions.enforcer/disabled\":\"true\"}"

0 comments on commit 4de43ad

Please sign in to comment.