diff --git a/index.yaml b/index.yaml index 6977ca8f9..2f2c17e84 100644 --- a/index.yaml +++ b/index.yaml @@ -8121,6 +8121,41 @@ entries: urls: - https://giantswarm.github.io/giantswarm-test-catalog/kyverno-0.18.1-8cd4f489fc952a86e46479d4b425d5716b177737.tgz version: 0.18.1-8cd4f489fc952a86e46479d4b425d5716b177737 + - annotations: + application.giantswarm.io/metadata: https://giantswarm.github.io/giantswarm-test-catalog/kyverno-0.18.1-8726f804652d36dde1d58d36e7b37098d8039e20.tgz-meta/main.yaml + application.giantswarm.io/readme: https://giantswarm.github.io/giantswarm-test-catalog/kyverno-0.18.1-8726f804652d36dde1d58d36e7b37098d8039e20.tgz-meta/README.md + application.giantswarm.io/team: shield + application.giantswarm.io/values-schema: https://giantswarm.github.io/giantswarm-test-catalog/kyverno-0.18.1-8726f804652d36dde1d58d36e7b37098d8039e20.tgz-meta/values.schema.json + config.giantswarm.io/version: 1.x.x + apiVersion: v2 + appVersion: v1.12.5 + created: "2025-01-08T12:30:37.97626424Z" + dependencies: + - name: policy-reporter + repository: "" + version: 2.24.1 + - name: kyverno + repository: "" + version: 3.2.7 + description: 'Kyverno is a policy engine designed for Kubernetes. It can validate, + mutate, and generate configurations using admission controls and background + scans. Kyverno policies are Kubernetes resources and do not require learning + a new language. ' + digest: ed1b97b7e6fa1ebcce31d7ea708cf16e3c16aa60bc079d2f32653bd60f9952be + home: https://github.com/giantswarm/kyverno-app + icon: https://s.giantswarm.io/app-icons/kyverno/1/light.svg + keywords: + - kubernetes + - policy-agent + - validating-webhook + - admission-controller + name: kyverno + sources: + - https://github.com/kyverno/kyverno + type: application + urls: + - https://giantswarm.github.io/giantswarm-test-catalog/kyverno-0.18.1-8726f804652d36dde1d58d36e7b37098d8039e20.tgz + version: 0.18.1-8726f804652d36dde1d58d36e7b37098d8039e20 - annotations: application.giantswarm.io/metadata: https://giantswarm.github.io/giantswarm-test-catalog/kyverno-0.18.1-7d40c7d6fd1605bb4b5a33d900c2d9d4b514b56c.tgz-meta/main.yaml application.giantswarm.io/readme: https://giantswarm.github.io/giantswarm-test-catalog/kyverno-0.18.1-7d40c7d6fd1605bb4b5a33d900c2d9d4b514b56c.tgz-meta/README.md @@ -12772,4 +12807,4 @@ entries: urls: - https://giantswarm.github.io/giantswarm-test-catalog/zot-2.0.1-37dfc3bdac4ec554d9531b63f9fcad145a224b5a.tgz version: 2.0.1-37dfc3bdac4ec554d9531b63f9fcad145a224b5a -generated: "2025-01-08T09:33:19.021185977Z" +generated: "2025-01-08T12:30:37.921676383Z" diff --git a/kyverno-0.18.1-8726f804652d36dde1d58d36e7b37098d8039e20.tgz b/kyverno-0.18.1-8726f804652d36dde1d58d36e7b37098d8039e20.tgz new file mode 100644 index 000000000..ed586ae77 Binary files /dev/null and b/kyverno-0.18.1-8726f804652d36dde1d58d36e7b37098d8039e20.tgz differ diff --git a/kyverno-0.18.1-8726f804652d36dde1d58d36e7b37098d8039e20.tgz-meta/README.md b/kyverno-0.18.1-8726f804652d36dde1d58d36e7b37098d8039e20.tgz-meta/README.md new file mode 100644 index 000000000..f46c0fbbb --- /dev/null +++ b/kyverno-0.18.1-8726f804652d36dde1d58d36e7b37098d8039e20.tgz-meta/README.md @@ -0,0 +1,46 @@ +[![CircleCI](https://circleci.com/gh/giantswarm/kyverno-app.svg?style=shield)](https://circleci.com/gh/giantswarm/kyverno-app) + +# kyverno + +Kyverno is an admission controller offering policy enforcement as a validating or mutating webhook. +It audits or enforces policies for cluster resources, and produces reports about the compliance of the cluster. + +It is used to enforce [Pod Security Standards (PSS)][pss-policies] as a replacement for Pod Security Policies (PSPs), as well as many other community-supported policies for various use cases. For more information on the switch from PSP to PSS, see [our blog post][pss-blog]. + +## Installing + +There are 3 ways to install this app onto a workload cluster. + +1. [Using our web interface](https://docs.giantswarm.io/ui-api/web/app-platform/#installing-an-app) +2. [Using our API](https://docs.giantswarm.io/api/#operation/createClusterAppV5) +3. Directly creating the [App custom resource](https://docs.giantswarm.io/ui-api/management-api/crd/apps.application.giantswarm.io/) on the management cluster. + +## Configuring + +#### Kyverno Configurations + +Please see the [Kyverno docs][kyverno-docs] or the [configuration reference in this chart](https://github.com/giantswarm/kyverno-app/tree/main/helm/kyverno#configuration) for configurable values. + +See our [full reference page on how to configure applications](https://docs.giantswarm.io/app-platform/app-configuration/) for more details. + +## Development + +This repo contains subtrees from [giantswarm/kyverno](https://github.com/giantswarm/kyverno-upstream) and [giantswarm/policy-reporter](https://github.com/giantswarm/policy-reporter-upstream). + +### Steps to update Kyverno charts + +**Note:** There is automation in place to update both upstream fork and app charts on a monthly basis. However, you can manually trigger them if needed. + +1. Make sure that [giantswarm/kyverno](https://github.com/giantswarm/kyverno-upstream) is up to date and has the desired tag. + +2. Trigger the [sync-from-upstream](https://github.com/giantswarm/kyverno-app/actions/workflows/sync-from-upstream.yaml) action from the `main` branch. + +3. Review the PR generated by the actions bot. + +## Credit + +* https://github.com/kyverno/kyverno + +[kyverno-docs]: https://kyverno.io/docs/ +[pss-blog]: https://www.giantswarm.io/blog/giant-swarms-farewell-to-psp +[pss-policies]: https://kyverno.io/policies/?policytypes=Pod%2520Security%2520Standards%2520%28Baseline%29%2BPod%2520Security%2520Standards%2520%28Restricted%29 diff --git a/kyverno-0.18.1-8726f804652d36dde1d58d36e7b37098d8039e20.tgz-meta/main.yaml b/kyverno-0.18.1-8726f804652d36dde1d58d36e7b37098d8039e20.tgz-meta/main.yaml new file mode 100644 index 000000000..e6b35c7d3 --- /dev/null +++ b/kyverno-0.18.1-8726f804652d36dde1d58d36e7b37098d8039e20.tgz-meta/main.yaml @@ -0,0 +1,14 @@ +annotations: + application.giantswarm.io/metadata: https://giantswarm.github.io/giantswarm-test-catalog/kyverno-0.18.1-8726f804652d36dde1d58d36e7b37098d8039e20.tgz-meta/main.yaml + application.giantswarm.io/readme: https://giantswarm.github.io/giantswarm-test-catalog/kyverno-0.18.1-8726f804652d36dde1d58d36e7b37098d8039e20.tgz-meta/README.md + application.giantswarm.io/team: shield + application.giantswarm.io/values-schema: https://giantswarm.github.io/giantswarm-test-catalog/kyverno-0.18.1-8726f804652d36dde1d58d36e7b37098d8039e20.tgz-meta/values.schema.json + config.giantswarm.io/version: 1.x.x +chartApiVersion: v2 +chartFile: kyverno-0.18.1-8726f804652d36dde1d58d36e7b37098d8039e20.tgz +dateCreated: '2025-01-08T12:30:31.577816Z' +digest: ed1b97b7e6fa1ebcce31d7ea708cf16e3c16aa60bc079d2f32653bd60f9952be +home: https://github.com/giantswarm/kyverno-app +icon: https://s.giantswarm.io/app-icons/kyverno/1/light.svg +restrictions: + clusterSingleton: true diff --git a/kyverno-0.18.1-8726f804652d36dde1d58d36e7b37098d8039e20.tgz-meta/values.schema.json b/kyverno-0.18.1-8726f804652d36dde1d58d36e7b37098d8039e20.tgz-meta/values.schema.json new file mode 100644 index 000000000..8306fde3d --- /dev/null +++ b/kyverno-0.18.1-8726f804652d36dde1d58d36e7b37098d8039e20.tgz-meta/values.schema.json @@ -0,0 +1,2709 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "ciliumNetworkPolicy": { + "type": "object", + "properties": { + "admissionControllerExtraEgress": { + "type": "object", + "properties": { + "dnsSelector": { + "type": "object", + "properties": { + "rules": { + "type": "array" + } + } + }, + "enabled": { + "type": "boolean" + }, + "fqdnsConnection": { + "type": "object", + "properties": { + "port": { + "type": "string" + }, + "protocol": { + "type": "string" + }, + "rules": { + "type": "array" + } + } + } + } + }, + "enabled": { + "type": "boolean" + } + } + }, + "cleanupPolicies": { + "type": "object", + "properties": { + "trivyOperator": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "olderThan": { + "type": "string" + }, + "schedule": { + "type": "string" + } + } + } + } + }, + "crds": { + "type": "object", + "properties": { + "install": { + "type": "boolean" + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + } + } + } + } + }, + "global": { + "type": "object", + "properties": { + "image": { + "type": "object", + "properties": { + "registry": { + "type": "string" + } + } + }, + "podSecurityStandards": { + "type": "object", + "properties": { + "enforced": { + "type": "boolean" + } + } + } + } + }, + "image": { + "type": "object", + "properties": { + "registry": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + }, + "kyverno": { + "type": "object", + "properties": { + "admissionController": { + "type": "object", + "properties": { + "antiAffinity": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "apiPriorityAndFairness": { + "type": "boolean" + }, + "container": { + "type": "object", + "properties": { + "extraArgs": { + "type": "object" + }, + "extraEnvVars": { + "type": "array" + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "type": "string" + }, + "registry": { + "type": "string" + }, + "repository": { + "type": "string" + } + } + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + } + } + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "privileged": { + "type": "boolean" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string" + } + } + } + } + } + } + }, + "createSelfSignedCert": { + "type": "boolean" + }, + "extraContainers": { + "type": "array" + }, + "extraInitContainers": { + "type": "array" + }, + "featuresOverride": { + "type": "object" + }, + "imagePullSecrets": { + "type": "array" + }, + "initContainer": { + "type": "object", + "properties": { + "extraArgs": { + "type": "object" + }, + "extraEnvVars": { + "type": "array" + }, + "image": { + "type": "object", + "properties": { + "registry": { + "type": "string" + }, + "repository": { + "type": "string" + } + } + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + } + } + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "privileged": { + "type": "boolean" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string" + } + } + } + } + } + } + }, + "logging": { + "type": "object", + "properties": { + "format": { + "type": "string" + }, + "verbosity": { + "type": "integer" + } + } + }, + "metricsService": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "create": { + "type": "boolean" + }, + "port": { + "type": "integer" + }, + "type": { + "type": "string" + } + } + }, + "networkPolicy": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "ingressFrom": { + "type": "array" + } + } + }, + "nodeAffinity": { + "type": "object" + }, + "nodeSelector": { + "type": "object" + }, + "podAffinity": { + "type": "object" + }, + "podAnnotations": { + "type": "object" + }, + "podAntiAffinity": { + "type": "object", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "podAffinityTerm": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + } + }, + "topologyKey": { + "type": "string" + } + } + }, + "weight": { + "type": "integer" + } + } + } + } + } + }, + "podDisruptionBudget": { + "type": "object", + "properties": { + "minAvailable": { + "type": "integer" + } + } + }, + "podLabels": { + "type": "object", + "properties": { + "app.kubernetes.io/name": { + "type": "string" + } + } + }, + "podSecurityContext": { + "type": "object" + }, + "priorityClassName": { + "type": "string" + }, + "rbac": { + "type": "object", + "properties": { + "clusterRole": { + "type": "object", + "properties": { + "extraResources": { + "type": "array" + } + } + }, + "create": { + "type": "boolean" + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "name": { + "type": "string" + } + } + } + } + }, + "replicas": { + "type": "integer" + }, + "service": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "port": { + "type": "integer" + }, + "type": { + "type": "string" + } + } + }, + "serviceMonitor": { + "type": "object", + "properties": { + "additionalLabels": { + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "interval": { + "type": "string" + }, + "scrapeTimeout": { + "type": "string" + }, + "secure": { + "type": "boolean" + }, + "tlsConfig": { + "type": "object" + } + } + }, + "sigstoreVolume": { + "type": "object", + "properties": { + "emptyDir": { + "type": "object" + } + } + }, + "tolerations": { + "type": "array" + }, + "topologySpreadConstraints": { + "type": "array" + }, + "tufRootMountPath": { + "type": "string" + }, + "updateStrategy": { + "type": "object", + "properties": { + "rollingUpdate": { + "type": "object", + "properties": { + "maxSurge": { + "type": "integer" + }, + "maxUnavailable": { + "type": "string" + } + } + }, + "type": { + "type": "string" + } + } + } + } + }, + "backgroundController": { + "type": "object", + "properties": { + "antiAffinity": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "dnsPolicy": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "extraArgs": { + "type": "object" + }, + "featuresOverride": { + "type": "object" + }, + "hostNetwork": { + "type": "boolean" + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "type": "string" + }, + "registry": { + "type": "string" + }, + "repository": { + "type": "string" + } + } + }, + "imagePullSecrets": { + "type": "array" + }, + "logging": { + "type": "object", + "properties": { + "format": { + "type": "string" + }, + "verbosity": { + "type": "integer" + } + } + }, + "metricsService": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "create": { + "type": "boolean" + }, + "port": { + "type": "integer" + }, + "type": { + "type": "string" + } + } + }, + "networkPolicy": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "ingressFrom": { + "type": "array" + } + } + }, + "nodeAffinity": { + "type": "object" + }, + "nodeSelector": { + "type": "object" + }, + "podAffinity": { + "type": "object" + }, + "podAntiAffinity": { + "type": "object", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "podAffinityTerm": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + } + }, + "topologyKey": { + "type": "string" + } + } + }, + "weight": { + "type": "integer" + } + } + } + } + } + }, + "podDisruptionBudget": { + "type": "object", + "properties": { + "minAvailable": { + "type": "integer" + } + } + }, + "podSecurityContext": { + "type": "object" + }, + "priorityClassName": { + "type": "string" + }, + "rbac": { + "type": "object", + "properties": { + "clusterRole": { + "type": "object", + "properties": { + "extraResources": { + "type": "array" + } + } + }, + "create": { + "type": "boolean" + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "name": { + "type": "string" + } + } + } + } + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + } + } + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "privileged": { + "type": "boolean" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string" + } + } + } + } + }, + "serviceMonitor": { + "type": "object", + "properties": { + "additionalLabels": { + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "interval": { + "type": "string" + }, + "scrapeTimeout": { + "type": "string" + }, + "secure": { + "type": "boolean" + }, + "tlsConfig": { + "type": "object" + } + } + }, + "tolerations": { + "type": "array" + }, + "topologySpreadConstraints": { + "type": "array" + }, + "updateStrategy": { + "type": "object", + "properties": { + "rollingUpdate": { + "type": "object", + "properties": { + "maxSurge": { + "type": "integer" + }, + "maxUnavailable": { + "type": "string" + } + } + }, + "type": { + "type": "string" + } + } + } + } + }, + "cleanupController": { + "type": "object", + "properties": { + "antiAffinity": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "createSelfSignedCert": { + "type": "boolean" + }, + "dnsPolicy": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "extraArgs": { + "type": "object" + }, + "featuresOverride": { + "type": "object" + }, + "hostNetwork": { + "type": "boolean" + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "type": "string" + }, + "registry": { + "type": "string" + }, + "repository": { + "type": "string" + } + } + }, + "imagePullSecrets": { + "type": "array" + }, + "logging": { + "type": "object", + "properties": { + "format": { + "type": "string" + }, + "verbosity": { + "type": "integer" + } + } + }, + "metricsService": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "create": { + "type": "boolean" + }, + "port": { + "type": "integer" + }, + "type": { + "type": "string" + } + } + }, + "networkPolicy": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "ingressFrom": { + "type": "array" + } + } + }, + "nodeAffinity": { + "type": "object" + }, + "nodeSelector": { + "type": "object" + }, + "podAffinity": { + "type": "object" + }, + "podAntiAffinity": { + "type": "object", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "podAffinityTerm": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + } + }, + "topologyKey": { + "type": "string" + } + } + }, + "weight": { + "type": "integer" + } + } + } + } + } + }, + "podDisruptionBudget": { + "type": "object", + "properties": { + "minAvailable": { + "type": "integer" + } + } + }, + "podSecurityContext": { + "type": "object" + }, + "priorityClassName": { + "type": "string" + }, + "rbac": { + "type": "object", + "properties": { + "clusterRole": { + "type": "object", + "properties": { + "extraResources": { + "type": "array" + } + } + }, + "create": { + "type": "boolean" + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "name": { + "type": "string" + } + } + } + } + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + } + } + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "privileged": { + "type": "boolean" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string" + } + } + } + } + }, + "service": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "port": { + "type": "integer" + }, + "type": { + "type": "string" + } + } + }, + "serviceMonitor": { + "type": "object", + "properties": { + "additionalLabels": { + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "interval": { + "type": "string" + }, + "scrapeTimeout": { + "type": "string" + }, + "secure": { + "type": "boolean" + }, + "tlsConfig": { + "type": "object" + } + } + }, + "tolerations": { + "type": "array" + }, + "topologySpreadConstraints": { + "type": "array" + }, + "updateStrategy": { + "type": "object", + "properties": { + "rollingUpdate": { + "type": "object", + "properties": { + "maxSurge": { + "type": "integer" + }, + "maxUnavailable": { + "type": "string" + } + } + }, + "type": { + "type": "string" + } + } + } + } + }, + "cleanupJobs": { + "type": "object", + "properties": { + "admissionReports": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "history": { + "type": "object", + "properties": { + "failure": { + "type": "integer" + }, + "success": { + "type": "integer" + } + } + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "type": "string" + }, + "registry": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + }, + "podLabels": { + "type": "object", + "properties": { + "app.kubernetes.io/component": { + "type": "string" + }, + "app.kubernetes.io/instance": { + "type": "string" + } + } + }, + "podSecurityContext": { + "type": "object", + "properties": { + "runAsGroup": { + "type": "integer" + }, + "runAsUser": { + "type": "integer" + } + } + }, + "schedule": { + "type": "string" + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "privileged": { + "type": "boolean" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string" + } + } + } + } + }, + "threshold": { + "type": "integer" + } + } + }, + "clusterAdmissionReports": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "history": { + "type": "object", + "properties": { + "failure": { + "type": "integer" + }, + "success": { + "type": "integer" + } + } + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "type": "string" + }, + "registry": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + }, + "podLabels": { + "type": "object", + "properties": { + "app.kubernetes.io/component": { + "type": "string" + }, + "app.kubernetes.io/instance": { + "type": "string" + } + } + }, + "podSecurityContext": { + "type": "object", + "properties": { + "runAsGroup": { + "type": "integer" + }, + "runAsUser": { + "type": "integer" + } + } + }, + "schedule": { + "type": "string" + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "privileged": { + "type": "boolean" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string" + } + } + } + } + }, + "threshold": { + "type": "integer" + } + } + }, + "clusterEphemeralReports": { + "type": "object", + "properties": { + "backoffLimit": { + "type": "integer" + }, + "enabled": { + "type": "boolean" + }, + "history": { + "type": "object", + "properties": { + "failure": { + "type": "integer" + }, + "success": { + "type": "integer" + } + } + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "type": "null" + }, + "registry": { + "type": "null" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + }, + "imagePullSecrets": { + "type": "array" + }, + "nodeAffinity": { + "type": "object" + }, + "nodeSelector": { + "type": "object" + }, + "podAffinity": { + "type": "object" + }, + "podAnnotations": { + "type": "object" + }, + "podAntiAffinity": { + "type": "object" + }, + "podLabels": { + "type": "object" + }, + "podSecurityContext": { + "type": "object" + }, + "priorityClassName": { + "type": "string" + }, + "resources": { + "type": "object" + }, + "schedule": { + "type": "string" + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "privileged": { + "type": "boolean" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string" + } + } + } + } + }, + "threshold": { + "type": "integer" + }, + "tolerations": { + "type": "array" + }, + "ttlSecondsAfterFinished": { + "type": "string" + } + } + }, + "ephemeralReports": { + "type": "object", + "properties": { + "backoffLimit": { + "type": "integer" + }, + "enabled": { + "type": "boolean" + }, + "history": { + "type": "object", + "properties": { + "failure": { + "type": "integer" + }, + "success": { + "type": "integer" + } + } + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "type": "null" + }, + "registry": { + "type": "null" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + }, + "imagePullSecrets": { + "type": "array" + }, + "nodeAffinity": { + "type": "object" + }, + "nodeSelector": { + "type": "object" + }, + "podAffinity": { + "type": "object" + }, + "podAnnotations": { + "type": "object" + }, + "podAntiAffinity": { + "type": "object" + }, + "podLabels": { + "type": "object" + }, + "podSecurityContext": { + "type": "object" + }, + "priorityClassName": { + "type": "string" + }, + "resources": { + "type": "object" + }, + "schedule": { + "type": "string" + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "privileged": { + "type": "boolean" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string" + } + } + } + } + }, + "threshold": { + "type": "integer" + }, + "tolerations": { + "type": "array" + }, + "ttlSecondsAfterFinished": { + "type": "string" + } + } + }, + "updateRequests": { + "type": "object", + "properties": { + "backoffLimit": { + "type": "integer" + }, + "enabled": { + "type": "boolean" + }, + "history": { + "type": "object", + "properties": { + "failure": { + "type": "integer" + }, + "success": { + "type": "integer" + } + } + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "type": "null" + }, + "registry": { + "type": "null" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + }, + "imagePullSecrets": { + "type": "array" + }, + "nodeAffinity": { + "type": "object" + }, + "nodeSelector": { + "type": "object" + }, + "podAffinity": { + "type": "object" + }, + "podAnnotations": { + "type": "object" + }, + "podAntiAffinity": { + "type": "object" + }, + "podLabels": { + "type": "object" + }, + "podSecurityContext": { + "type": "object" + }, + "priorityClassName": { + "type": "string" + }, + "resources": { + "type": "object" + }, + "schedule": { + "type": "string" + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "privileged": { + "type": "boolean" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string" + } + } + } + } + }, + "threshold": { + "type": "integer" + }, + "tolerations": { + "type": "array" + }, + "ttlSecondsAfterFinished": { + "type": "string" + } + } + } + } + }, + "config": { + "type": "object", + "properties": { + "defaultRegistry": { + "type": "string" + }, + "enableDefaultRegistryMutation": { + "type": "boolean" + }, + "excludeKyvernoNamespace": { + "type": "boolean" + }, + "webhooks": { + "type": "array", + "items": { + "type": "object", + "properties": { + "namespaceSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + } + } + } + } + } + } + }, + "crds": { + "type": "object", + "properties": { + "install": { + "type": "boolean" + }, + "migration": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "image": { + "type": "object", + "properties": { + "repository": { + "type": "string" + } + } + } + } + } + } + }, + "customLabels": { + "type": "object", + "properties": { + "application.giantswarm.io/team": { + "type": "string" + }, + "giantswarm.io/service-type": { + "type": "string" + } + } + }, + "features": { + "type": "object", + "properties": { + "admissionReports": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "autoUpdateWebhooks": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "backgroundScan": { + "type": "object", + "properties": { + "backgroundScanInterval": { + "type": "string" + }, + "backgroundScanWorkers": { + "type": "integer" + }, + "enabled": { + "type": "boolean" + }, + "skipResourceFilters": { + "type": "boolean" + } + } + }, + "configMapCaching": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "deferredLoading": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "dumpPayload": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "forceFailurePolicyIgnore": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "logging": { + "type": "object", + "properties": { + "format": { + "type": "string" + }, + "verbosity": { + "type": "integer" + } + } + }, + "omitEvents": { + "type": "object", + "properties": { + "eventTypes": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "policyExceptions": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "namespace": { + "type": "string" + } + } + }, + "protectManagedResources": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "registryClient": { + "type": "object", + "properties": { + "allowInsecure": { + "type": "boolean" + }, + "credentialHelpers": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "reports": { + "type": "object", + "properties": { + "chunkSize": { + "type": "integer" + } + } + } + } + }, + "policyReportsCleanup": { + "type": "object", + "properties": { + "image": { + "type": "object", + "properties": { + "registry": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + } + } + }, + "reportsController": { + "type": "object", + "properties": { + "antiAffinity": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "apiPriorityAndFairness": { + "type": "boolean" + }, + "dnsPolicy": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "extraArgs": { + "type": "object" + }, + "featuresOverride": { + "type": "object" + }, + "hostNetwork": { + "type": "boolean" + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "type": "string" + }, + "registry": { + "type": "string" + }, + "repository": { + "type": "string" + } + } + }, + "imagePullSecrets": { + "type": "array" + }, + "logging": { + "type": "object", + "properties": { + "format": { + "type": "string" + }, + "verbosity": { + "type": "integer" + } + } + }, + "metricsService": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "create": { + "type": "boolean" + }, + "port": { + "type": "integer" + }, + "type": { + "type": "string" + } + } + }, + "networkPolicy": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "ingressFrom": { + "type": "array" + } + } + }, + "nodeAffinity": { + "type": "object" + }, + "nodeSelector": { + "type": "object" + }, + "podAffinity": { + "type": "object" + }, + "podAntiAffinity": { + "type": "object", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "podAffinityTerm": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + } + }, + "topologyKey": { + "type": "string" + } + } + }, + "weight": { + "type": "integer" + } + } + } + } + } + }, + "podDisruptionBudget": { + "type": "object", + "properties": { + "minAvailable": { + "type": "integer" + } + } + }, + "podSecurityContext": { + "type": "object" + }, + "priorityClassName": { + "type": "string" + }, + "rbac": { + "type": "object", + "properties": { + "clusterRole": { + "type": "object", + "properties": { + "extraResources": { + "type": "array" + } + } + }, + "create": { + "type": "boolean" + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "name": { + "type": "string" + } + } + } + } + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + } + } + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "privileged": { + "type": "boolean" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string" + } + } + } + } + }, + "serviceMonitor": { + "type": "object", + "properties": { + "additionalLabels": { + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "interval": { + "type": "string" + }, + "scrapeTimeout": { + "type": "string" + }, + "secure": { + "type": "boolean" + }, + "tlsConfig": { + "type": "object" + } + } + }, + "sigstoreVolume": { + "type": "object", + "properties": { + "emptyDir": { + "type": "object" + } + } + }, + "tolerations": { + "type": "array" + }, + "topologySpreadConstraints": { + "type": "array" + }, + "tufRootMountPath": { + "type": "string" + }, + "updateStrategy": { + "type": "object", + "properties": { + "rollingUpdate": { + "type": "object", + "properties": { + "maxSurge": { + "type": "integer" + }, + "maxUnavailable": { + "type": "string" + } + } + }, + "type": { + "type": "string" + } + } + } + } + }, + "webhooksCleanup": { + "type": "object", + "properties": { + "image": { + "type": "object", + "properties": { + "registry": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + } + } + } + } + }, + "policy-reporter": { + "type": "object", + "properties": { + "global": { + "type": "object", + "properties": { + "labels": { + "type": "object" + }, + "plugins": { + "type": "object", + "properties": { + "kyverno": { + "type": "boolean" + } + } + } + } + }, + "image": { + "type": "object", + "properties": { + "registry": { + "type": "string" + }, + "repository": { + "type": "string" + } + } + }, + "kyvernoPlugin": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "image": { + "type": "object", + "properties": { + "registry": { + "type": "string" + }, + "repository": { + "type": "string" + } + } + }, + "podLabels": { + "type": "object", + "properties": { + "app.kubernetes.io/component": { + "type": "string" + } + } + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + } + } + } + }, + "monitoring": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "namespace": { + "type": "string" + } + } + }, + "podLabels": { + "type": "object", + "properties": { + "app.kubernetes.io/component": { + "type": "string" + } + } + }, + "psp": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + } + }, + "ui": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "image": { + "type": "object", + "properties": { + "registry": { + "type": "string" + }, + "repository": { + "type": "string" + } + } + }, + "plugins": { + "type": "object", + "properties": { + "kyverno": { + "type": "boolean" + } + } + }, + "podLabels": { + "type": "object", + "properties": { + "app.kubernetes.io/component": { + "type": "string" + } + } + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + } + } + } + } + } + } + }, + "policyExceptions": { + "type": "object", + "properties": { + "allowedPolexNamespaces": { + "type": "array", + "items": { + "type": "string" + } + }, + "enableAwsCloudControllerManagerPolex": { + "type": "boolean" + }, + "enableAwsEbsCsiDriverPolex": { + "type": "boolean" + }, + "enableAzureCloudControllerManagerPolex": { + "type": "boolean" + }, + "enableAzureCloudNodeManagerPolex": { + "type": "boolean" + }, + "enableChartOperatorPolex": { + "type": "boolean" + }, + "enableCiliumPolex": { + "type": "boolean" + }, + "enableNoisyContextsPolicy": { + "type": "boolean" + }, + "enablePolexPolicy": { + "type": "boolean" + }, + "enableWildcardMatchPolicy": { + "type": "boolean" + }, + "polexPolicyMessage": { + "type": "string" + } + } + }, + "upgradeJob": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "verticalPodAutoscaler": { + "type": "object", + "properties": { + "admissionController": { + "type": "object", + "properties": { + "containerPolicies": { + "type": "object" + }, + "enabled": { + "type": "boolean" + } + } + }, + "backgroundController": { + "type": "object", + "properties": { + "containerPolicies": { + "type": "object", + "properties": { + "maxAllowed": { + "type": "object", + "properties": { + "cpu": { + "type": "integer" + }, + "memory": { + "type": "string" + } + } + }, + "minAllowed": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + } + } + }, + "enabled": { + "type": "boolean" + } + } + }, + "cleanupController": { + "type": "object", + "properties": { + "containerPolicies": { + "type": "object" + }, + "enabled": { + "type": "boolean" + } + } + }, + "kyvernoPlugin": { + "type": "object", + "properties": { + "containerPolicies": { + "type": "object" + }, + "enabled": { + "type": "boolean" + } + } + }, + "policyReporter": { + "type": "object", + "properties": { + "containerPolicies": { + "type": "object" + }, + "enabled": { + "type": "boolean" + } + } + }, + "reportsController": { + "type": "object", + "properties": { + "containerPolicies": { + "type": "object", + "properties": { + "maxAllowed": { + "type": "object", + "properties": { + "cpu": { + "type": "integer" + }, + "memory": { + "type": "string" + } + } + }, + "minAllowed": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + } + } + }, + "enabled": { + "type": "boolean" + } + } + }, + "ui": { + "type": "object", + "properties": { + "containerPolicies": { + "type": "object" + }, + "enabled": { + "type": "boolean" + } + } + } + } + } + } +}