From caf6f71584b076bc0daec5a8ba5558ae0da47ffd Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 8 Aug 2023 10:15:33 +0200
Subject: [PATCH] Update Helm chart kyverno to v3 (#3946)

* Update Helm chart kyverno to v3

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update: Refactoring for Kyverno Helm chart v3

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

---------

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>
---
 .../argocd/charts/kyverno/kyverno/Chart.yaml  |  2 +-
 .../kyverno/kyverno/values-k3s-homelab.yaml   | 99 +++++++++++++++----
 .../argocd/charts/kyverno/kyverno/values.yaml | 63 ++++++++++--
 3 files changed, 135 insertions(+), 29 deletions(-)

diff --git a/gitops/argocd/charts/kyverno/kyverno/Chart.yaml b/gitops/argocd/charts/kyverno/kyverno/Chart.yaml
index 05599da6ee..bb1d458f73 100644
--- a/gitops/argocd/charts/kyverno/kyverno/Chart.yaml
+++ b/gitops/argocd/charts/kyverno/kyverno/Chart.yaml
@@ -23,7 +23,7 @@ appVersion: 1.0.0
 dependencies:
 - name: kyverno
   repository: https://kyverno.github.io/kyverno
-  version: 2.7.2
+  version: 3.0.4
 - name: kyverno-policies
   repository: https://kyverno.github.io/kyverno
   version: 2.7.2
diff --git a/gitops/argocd/charts/kyverno/kyverno/values-k3s-homelab.yaml b/gitops/argocd/charts/kyverno/kyverno/values-k3s-homelab.yaml
index ab908f8f40..76c650e651 100644
--- a/gitops/argocd/charts/kyverno/kyverno/values-k3s-homelab.yaml
+++ b/gitops/argocd/charts/kyverno/kyverno/values-k3s-homelab.yaml
@@ -16,23 +16,82 @@
 
 ---
 kyverno:
-  replicaCount: 3
-
-  antiAffinity:
-    enable: false
-
-  resources:
-    limits:
-      # cpu: 400m
-      memory: 400Mi
-    requests:
-      cpu: 200m
-      memory: 250Mi
-
-  initResources:
-    limits:
-      # cpu: 100m
-      memory: 256Mi
-    requests:
-      cpu: 10m
-      memory: 64Mi
+  cleanupJobs:
+    admissionReports:
+      resources:
+        limits:
+          # cpu: 100m
+          memory: 100Mi
+        requests:
+          cpu: 10m
+          memory: 50Mi
+    clusterAdmissionReports:
+      resources:
+        limits:
+          # cpu: 100m
+          memory: 100Mi
+        requests:
+          cpu: 10m
+          memory: 50Mi
+
+  admissionController:
+    replicas: 3
+    antiAffinity:
+      enabled: false
+
+    container:
+      resources:
+        limits:
+          # cpu: 400m
+          memory: 400Mi
+        requests:
+          cpu: 200m
+          memory: 250Mi
+
+    initContainer:
+      resources:
+        limits:
+          # cpu: 400m
+          memory: 200Mi
+        requests:
+          cpu: 10m
+          memory: 50Mi
+
+  backgroundController:
+    replicas: 1
+    resources:
+      limits:
+        # cpu: 400m
+        memory: 200Mi
+      requests:
+        cpu: 100m
+        memory: 50Mi
+
+  cleanupController:
+    replicas: 1
+    resources:
+      limits:
+        # cpu: 400m
+        memory: 200Mi
+      requests:
+        cpu: 100m
+        memory: 50Mi
+
+  reportsController:
+    replicas: 1
+    resources:
+      limits:
+        # cpu: 400m
+        memory: 200Mi
+      requests:
+        cpu: 100m
+        memory: 50Mi
+
+  test:
+    resources:
+      limits:
+        # cpu: 100m
+        memory: 256Mi
+      requests:
+        cpu: 10m
+        memory: 64Mi
diff --git a/gitops/argocd/charts/kyverno/kyverno/values.yaml b/gitops/argocd/charts/kyverno/kyverno/values.yaml
index 78597a5330..ed50cdc8f9 100644
--- a/gitops/argocd/charts/kyverno/kyverno/values.yaml
+++ b/gitops/argocd/charts/kyverno/kyverno/values.yaml
@@ -19,20 +19,67 @@ kyverno:
   customLabels:
     portefaix.xyz/version: v0.46.0
 
-  serviceMonitor:
+  test:
+    resources: {}
+
+  grafana:
     enabled: true
-    additionalLabels:
-      monitoring: portefaix
+    annotations:
+      grafana-folder: security
+    labels:
+      grafana-dashboard: kyverno
+
+  features:
+    logging:
+      format: json
+      verbosity: 2
+
+  cleanupJobs:
+    admissionReports:
+      schedule: '*/10 * * * *'
+    clusterAdmissionReports:
+      schedule: '*/15 * * * *'
+
+  admissionController:
+    serviceMonitor:
+      enabled: true
+      additionalLabels:
+        monitoring: portefaix
+    # tracing:
+    #   enabled: false
+    #   address: ""
+    #   port:
+
+  backgroundController:
+    serviceMonitor:
+      enabled: true
+      additionalLabels:
+        monitoring: portefaix
+    # tracing:
+    #   enabled: false
+    #   address: ""
+    #   port:
 
   cleanupController:
     serviceMonitor:
       enabled: true
-      # https://github.com/kyverno/kyverno/issues/6413
-      # additionalLabels:
-      #   monitoring: portefaix
+      additionalLabels:
+        monitoring: portefaix
+    # tracing:
+    #   enabled: false
+    #   address: ""
+    #   port:
+
+  reportsController:
+    serviceMonitor:
+      enabled: true
+      additionalLabels:
+        monitoring: portefaix
+    # tracing:
+    #   enabled: false
+    #   address: ""
+    #   port:
 
-    logging:
-      format: json
 
 kyverno-policies:
   podSecurityStandard: restricted