Update Helm chart kyverno to v3 (#3946)

* Update Helm chart kyverno to v3 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update: Refactoring for Kyverno Helm chart v3 Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> --------- Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>
portefaix · Aug 8, 2023 · caf6f71 · caf6f71
1 parent 9279d32
commit caf6f71
Show file tree

Hide file tree

Showing 3 changed files with 135 additions and 29 deletions.
diff --git a/gitops/argocd/charts/kyverno/kyverno/Chart.yaml b/gitops/argocd/charts/kyverno/kyverno/Chart.yaml
@@ -23,7 +23,7 @@ appVersion: 1.0.0
 dependencies:
 - name: kyverno
   repository: https://kyverno.github.io/kyverno
-  version: 2.7.2
+  version: 3.0.4
 - name: kyverno-policies
   repository: https://kyverno.github.io/kyverno
   version: 2.7.2

diff --git a/gitops/argocd/charts/kyverno/kyverno/values-k3s-homelab.yaml b/gitops/argocd/charts/kyverno/kyverno/values-k3s-homelab.yaml
@@ -16,23 +16,82 @@
 
 ---
 kyverno:
-  replicaCount: 3
-
-  antiAffinity:
-    enable: false
-
-  resources:
-    limits:
-      # cpu: 400m
-      memory: 400Mi
-    requests:
-      cpu: 200m
-      memory: 250Mi
-
-  initResources:
-    limits:
-      # cpu: 100m
-      memory: 256Mi
-    requests:
-      cpu: 10m
-      memory: 64Mi
+  cleanupJobs:
+    admissionReports:
+      resources:
+        limits:
+          # cpu: 100m
+          memory: 100Mi
+        requests:
+          cpu: 10m
+          memory: 50Mi
+    clusterAdmissionReports:
+      resources:
+        limits:
+          # cpu: 100m
+          memory: 100Mi
+        requests:
+          cpu: 10m
+          memory: 50Mi
+
+  admissionController:
+    replicas: 3
+    antiAffinity:
+      enabled: false
+
+    container:
+      resources:
+        limits:
+          # cpu: 400m
+          memory: 400Mi
+        requests:
+          cpu: 200m
+          memory: 250Mi
+
+    initContainer:
+      resources:
+        limits:
+          # cpu: 400m
+          memory: 200Mi
+        requests:
+          cpu: 10m
+          memory: 50Mi
+
+  backgroundController:
+    replicas: 1
+    resources:
+      limits:
+        # cpu: 400m
+        memory: 200Mi
+      requests:
+        cpu: 100m
+        memory: 50Mi
+
+  cleanupController:
+    replicas: 1
+    resources:
+      limits:
+        # cpu: 400m
+        memory: 200Mi
+      requests:
+        cpu: 100m
+        memory: 50Mi
+
+  reportsController:
+    replicas: 1
+    resources:
+      limits:
+        # cpu: 400m
+        memory: 200Mi
+      requests:
+        cpu: 100m
+        memory: 50Mi
+
+  test:
+    resources:
+      limits:
+        # cpu: 100m
+        memory: 256Mi
+      requests:
+        cpu: 10m
+        memory: 64Mi
diff --git a/gitops/argocd/charts/kyverno/kyverno/values.yaml b/gitops/argocd/charts/kyverno/kyverno/values.yaml
@@ -19,20 +19,67 @@ kyverno:
   customLabels:
     portefaix.xyz/version: v0.46.0
 
-  serviceMonitor:
+  test:
+    resources: {}
+
+  grafana:
     enabled: true
-    additionalLabels:
-      monitoring: portefaix
+    annotations:
+      grafana-folder: security
+    labels:
+      grafana-dashboard: kyverno
+
+  features:
+    logging:
+      format: json
+      verbosity: 2
+
+  cleanupJobs:
+    admissionReports:
+      schedule: '*/10 * * * *'
+    clusterAdmissionReports:
+      schedule: '*/15 * * * *'
+
+  admissionController:
+    serviceMonitor:
+      enabled: true
+      additionalLabels:
+        monitoring: portefaix
+    # tracing:
+    #   enabled: false
+    #   address: ""
+    #   port:
+
+  backgroundController:
+    serviceMonitor:
+      enabled: true
+      additionalLabels:
+        monitoring: portefaix
+    # tracing:
+    #   enabled: false
+    #   address: ""
+    #   port:
 
   cleanupController:
     serviceMonitor:
       enabled: true
-      # https://github.com/kyverno/kyverno/issues/6413
-      # additionalLabels:
-      #   monitoring: portefaix
+      additionalLabels:
+        monitoring: portefaix
+    # tracing:
+    #   enabled: false
+    #   address: ""
+    #   port:
+
+  reportsController:
+    serviceMonitor:
+      enabled: true
+      additionalLabels:
+        monitoring: portefaix
+    # tracing:
+    #   enabled: false
+    #   address: ""
+    #   port:
 
-    logging:
-      format: json
 
 kyverno-policies:
   podSecurityStandard: restricted