search

volschin / home-ops

Repository for my home infrastructure and Kubernetes cluster which adheres to Infrastructure as Code (IaC) and GitOps practices where possible
https://k8s.olschi.de/
MIT License
2 stars 0 forks source link

feat(helm)!: Update chart goldilocks ( 8.0.2 → 9.0.0 ) #660

Closed renovate[bot] closed 2 weeks ago

renovate[bot] commented 3 weeks ago

Mend Renovate

This PR contains the following updates:

Package Update Change OpenSSF
goldilocks major 8.0.2 -> 9.0.0 OpenSSF Scorecard

Configuration

📅 Schedule: Branch creation - "after 8am every weekday,before 7pm every weekday" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR was generated by Mend Renovate. View the repository job log.

github-actions[bot] commented 3 weeks ago 
--- kubernetes/apps/observability/goldilocks/app Kustomization: flux-system/goldilocks HelmRelease: observability/goldilocks

+++ kubernetes/apps/observability/goldilocks/app Kustomization: flux-system/goldilocks HelmRelease: observability/goldilocks

@@ -14,13 +14,13 @@

       chart: goldilocks
       interval: 15m
       sourceRef:
         kind: HelmRepository
         name: fairwinds
         namespace: flux-system
-      version: 8.0.2
+      version: 9.0.0
   install:
     remediation:
       retries: 5
   interval: 15m
   upgrade:
     remediation:
github-actions[bot] commented 3 weeks ago 
--- HelmRelease: kyverno/kyverno ServiceAccount: kyverno/kyverno-admission-controller

+++ HelmRelease: kyverno/kyverno ServiceAccount: kyverno/kyverno-admission-controller

@@ -1,12 +0,0 @@

----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: kyverno-admission-controller
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/component: admission-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-
--- HelmRelease: kyverno/kyverno ServiceAccount: kyverno/kyverno-background-controller

+++ HelmRelease: kyverno/kyverno ServiceAccount: kyverno/kyverno-background-controller

@@ -1,12 +0,0 @@

----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: kyverno-background-controller
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/component: background-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-
--- HelmRelease: kyverno/kyverno ServiceAccount: kyverno/kyverno-cleanup-controller

+++ HelmRelease: kyverno/kyverno ServiceAccount: kyverno/kyverno-cleanup-controller

@@ -1,12 +0,0 @@

----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: kyverno-cleanup-controller
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/component: cleanup-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-
--- HelmRelease: kyverno/kyverno ServiceAccount: kyverno/kyverno-cleanup-jobs

+++ HelmRelease: kyverno/kyverno ServiceAccount: kyverno/kyverno-cleanup-jobs

@@ -1,11 +0,0 @@

----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: kyverno-cleanup-jobs
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-
--- HelmRelease: kyverno/kyverno ServiceAccount: kyverno/kyverno-reports-controller

+++ HelmRelease: kyverno/kyverno ServiceAccount: kyverno/kyverno-reports-controller

@@ -1,12 +0,0 @@

----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: kyverno-reports-controller
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/component: reports-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-
--- HelmRelease: kyverno/kyverno ConfigMap: kyverno/kyverno

+++ HelmRelease: kyverno/kyverno ConfigMap: kyverno/kyverno

@@ -1,69 +0,0 @@

----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: kyverno
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/component: config
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-  annotations:
-    helm.sh/resource-policy: keep
-data:
-  enableDefaultRegistryMutation: 'true'
-  defaultRegistry: docker.io
-  generateSuccessEvents: 'false'
-  excludeGroups: system:nodes
-  resourceFilters: '[*/*,kyverno,*] [Event,*,*] [*/*,kube-system,*] [*/*,kube-public,*]
-    [*/*,kube-node-lease,*] [Node,*,*] [Node/*,*,*] [APIService,*,*] [APIService/*,*,*]
-    [TokenReview,*,*] [SubjectAccessReview,*,*] [SelfSubjectAccessReview,*,*] [Binding,*,*]
-    [Pod/binding,*,*] [ReplicaSet,*,*] [ReplicaSet/*,*,*] [AdmissionReport,*,*] [AdmissionReport/*,*,*]
-    [ClusterAdmissionReport,*,*] [ClusterAdmissionReport/*,*,*] [BackgroundScanReport,*,*]
-    [BackgroundScanReport/*,*,*] [ClusterBackgroundScanReport,*,*] [ClusterBackgroundScanReport/*,*,*]
-    [ClusterRole,*,kyverno:admission-controller] [ClusterRole,*,kyverno:admission-controller:core]
-    [ClusterRole,*,kyverno:admission-controller:additional] [ClusterRole,*,kyverno:background-controller]
-    [ClusterRole,*,kyverno:background-controller:core] [ClusterRole,*,kyverno:background-controller:additional]
-    [ClusterRole,*,kyverno:cleanup-controller] [ClusterRole,*,kyverno:cleanup-controller:core]
-    [ClusterRole,*,kyverno:cleanup-controller:additional] [ClusterRole,*,kyverno:reports-controller]
-    [ClusterRole,*,kyverno:reports-controller:core] [ClusterRole,*,kyverno:reports-controller:additional]
-    [ClusterRoleBinding,*,kyverno:admission-controller] [ClusterRoleBinding,*,kyverno:background-controller]
-    [ClusterRoleBinding,*,kyverno:cleanup-controller] [ClusterRoleBinding,*,kyverno:reports-controller]
-    [ServiceAccount,kyverno,kyverno-admission-controller] [ServiceAccount/*,kyverno,kyverno-admission-controller]
-    [ServiceAccount,kyverno,kyverno-background-controller] [ServiceAccount/*,kyverno,kyverno-background-controller]
-    [ServiceAccount,kyverno,kyverno-cleanup-controller] [ServiceAccount/*,kyverno,kyverno-cleanup-controller]
-    [ServiceAccount,kyverno,kyverno-reports-controller] [ServiceAccount/*,kyverno,kyverno-reports-controller]
-    [Role,kyverno,kyverno:admission-controller] [Role,kyverno,kyverno:background-controller]
-    [Role,kyverno,kyverno:cleanup-controller] [Role,kyverno,kyverno:reports-controller]
-    [RoleBinding,kyverno,kyverno:admission-controller] [RoleBinding,kyverno,kyverno:background-controller]
-    [RoleBinding,kyverno,kyverno:cleanup-controller] [RoleBinding,kyverno,kyverno:reports-controller]
-    [ConfigMap,kyverno,kyverno] [ConfigMap,kyverno,kyverno-metrics] [Deployment,kyverno,kyverno-admission-controller]
-    [Deployment/*,kyverno,kyverno-admission-controller] [Deployment,kyverno,kyverno-background-controller]
-    [Deployment/*,kyverno,kyverno-background-controller] [Deployment,kyverno,kyverno-cleanup-controller]
-    [Deployment/*,kyverno,kyverno-cleanup-controller] [Deployment,kyverno,kyverno-reports-controller]
-    [Deployment/*,kyverno,kyverno-reports-controller] [Pod,kyverno,kyverno-admission-controller-*]
-    [Pod/*,kyverno,kyverno-admission-controller-*] [Pod,kyverno,kyverno-background-controller-*]
-    [Pod/*,kyverno,kyverno-background-controller-*] [Pod,kyverno,kyverno-cleanup-controller-*]
-    [Pod/*,kyverno,kyverno-cleanup-controller-*] [Pod,kyverno,kyverno-reports-controller-*]
-    [Pod/*,kyverno,kyverno-reports-controller-*] [Job,kyverno,kyverno-hook-pre-delete]
-    [Job/*,kyverno,kyverno-hook-pre-delete] [NetworkPolicy,kyverno,kyverno-admission-controller]
-    [NetworkPolicy/*,kyverno,kyverno-admission-controller] [NetworkPolicy,kyverno,kyverno-background-controller]
-    [NetworkPolicy/*,kyverno,kyverno-background-controller] [NetworkPolicy,kyverno,kyverno-cleanup-controller]
-    [NetworkPolicy/*,kyverno,kyverno-cleanup-controller] [NetworkPolicy,kyverno,kyverno-reports-controller]
-    [NetworkPolicy/*,kyverno,kyverno-reports-controller] [PodDisruptionBudget,kyverno,kyverno-admission-controller]
-    [PodDisruptionBudget/*,kyverno,kyverno-admission-controller] [PodDisruptionBudget,kyverno,kyverno-background-controller]
-    [PodDisruptionBudget/*,kyverno,kyverno-background-controller] [PodDisruptionBudget,kyverno,kyverno-cleanup-controller]
-    [PodDisruptionBudget/*,kyverno,kyverno-cleanup-controller] [PodDisruptionBudget,kyverno,kyverno-reports-controller]
-    [PodDisruptionBudget/*,kyverno,kyverno-reports-controller] [Service,kyverno,kyverno-svc]
-    [Service/*,kyverno,kyverno-svc] [Service,kyverno,kyverno-svc-metrics] [Service/*,kyverno,kyverno-svc-metrics]
-    [Service,kyverno,kyverno-background-controller-metrics] [Service/*,kyverno,kyverno-background-controller-metrics]
-    [Service,kyverno,kyverno-cleanup-controller] [Service/*,kyverno,kyverno-cleanup-controller]
-    [Service,kyverno,kyverno-cleanup-controller-metrics] [Service/*,kyverno,kyverno-cleanup-controller-metrics]
-    [Service,kyverno,kyverno-reports-controller-metrics] [Service/*,kyverno,kyverno-reports-controller-metrics]
-    [ServiceMonitor,kyverno,kyverno-admission-controller] [ServiceMonitor,kyverno,kyverno-background-controller]
-    [ServiceMonitor,kyverno,kyverno-cleanup-controller] [ServiceMonitor,kyverno,kyverno-reports-controller]
-    [Secret,kyverno,kyverno-svc.kyverno.svc.*] [Secret,kyverno,kyverno-cleanup-controller.kyverno.svc.*]'
-  webhooks: '[{"namespaceSelector":{"matchExpressions":[{"key":"kubernetes.io/metadata.name","operator":"NotIn","values":["kube-system"]},{"key":"kubernetes.io/metadata.name","operator":"NotIn","values":["kyverno"]}],"matchLabels":null}}]'
-  webhookAnnotations: '{"admissions.enforcer/disabled":"true"}'
-
--- HelmRelease: kyverno/kyverno ConfigMap: kyverno/kyverno-metrics

+++ HelmRelease: kyverno/kyverno ConfigMap: kyverno/kyverno-metrics

@@ -1,16 +0,0 @@

----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: kyverno-metrics
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/component: config
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-data:
-  namespaces: '{"exclude":[],"include":[]}'
-  bucketBoundaries: 0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10, 15, 20,
-    25, 30
-
--- HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:admission-controller

+++ HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:admission-controller

@@ -1,17 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: kyverno:admission-controller
-  labels:
-    app.kubernetes.io/component: admission-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-aggregationRule:
-  clusterRoleSelectors:
-  - matchLabels:
-      app.kubernetes.io/component: admission-controller
-      app.kubernetes.io/instance: kyverno
-      app.kubernetes.io/part-of: kyverno
-
--- HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:admission-controller:core

+++ HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:admission-controller:core

@@ -1,140 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: kyverno:admission-controller:core
-  labels:
-    app.kubernetes.io/component: admission-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-rules:
-- apiGroups:
-  - apiextensions.k8s.io
-  resources:
-  - customresourcedefinitions
-  verbs:
-  - get
-- apiGroups:
-  - admissionregistration.k8s.io
-  resources:
-  - mutatingwebhookconfigurations
-  - validatingwebhookconfigurations
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-  - deletecollection
-- apiGroups:
-  - rbac.authorization.k8s.io
-  resources:
-  - roles
-  - clusterroles
-  - rolebindings
-  - clusterrolebindings
-  verbs:
-  - list
-  - watch
-- apiGroups:
-  - kyverno.io
-  resources:
-  - policies
-  - policies/status
-  - clusterpolicies
-  - clusterpolicies/status
-  - updaterequests
-  - updaterequests/status
-  - globalcontextentries
-  - globalcontextentries/status
-  - admissionreports
-  - clusteradmissionreports
-  - backgroundscanreports
-  - clusterbackgroundscanreports
-  - policyexceptions
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-  - deletecollection
-- apiGroups:
-  - reports.kyverno.io
-  resources:
-  - ephemeralreports
-  - clusterephemeralreports
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-  - deletecollection
-- apiGroups:
-  - wgpolicyk8s.io
-  resources:
-  - policyreports
-  - policyreports/status
-  - clusterpolicyreports
-  - clusterpolicyreports/status
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-  - deletecollection
-- apiGroups:
-  - ''
-  - events.k8s.io
-  resources:
-  - events
-  verbs:
-  - create
-  - update
-  - patch
-- apiGroups:
-  - authorization.k8s.io
-  resources:
-  - subjectaccessreviews
-  verbs:
-  - create
-- apiGroups:
-  - ''
-  resources:
-  - configmaps
-  - namespaces
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - create
-  - update
-  - patch
-  - get
-  - list
-  - watch
-- apiGroups:
-  - '*'
-  resources:
-  - '*'
-  verbs:
-  - get
-  - list
-  - watch
-
--- HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:background-controller

+++ HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:background-controller

@@ -1,17 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: kyverno:background-controller
-  labels:
-    app.kubernetes.io/component: background-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-aggregationRule:
-  clusterRoleSelectors:
-  - matchLabels:
-      app.kubernetes.io/component: background-controller
-      app.kubernetes.io/instance: kyverno
-      app.kubernetes.io/part-of: kyverno
-
--- HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:background-controller:core

+++ HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:background-controller:core

@@ -1,99 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: kyverno:background-controller:core
-  labels:
-    app.kubernetes.io/component: background-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-rules:
-- apiGroups:
-  - apiextensions.k8s.io
-  resources:
-  - customresourcedefinitions
-  verbs:
-  - get
-- apiGroups:
-  - kyverno.io
-  resources:
-  - policies
-  - clusterpolicies
-  - policyexceptions
-  - updaterequests
-  - updaterequests/status
-  - globalcontextentries
-  - globalcontextentries/status
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-  - deletecollection
-- apiGroups:
-  - ''
-  resources:
-  - namespaces
-  - configmaps
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ''
-  - events.k8s.io
-  resources:
-  - events
-  verbs:
-  - create
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - '*'
-  resources:
-  - '*'
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - networking.k8s.io
-  resources:
-  - ingresses
-  - ingressclasses
-  - networkpolicies
-  verbs:
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - rbac.authorization.k8s.io
-  resources:
-  - rolebindings
-  - roles
-  verbs:
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - ''
-  resources:
-  - configmaps
-  - secrets
-  - resourcequotas
-  - limitranges
-  verbs:
-  - create
-  - update
-  - patch
-  - delete
-
--- HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:cleanup-controller

+++ HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:cleanup-controller

@@ -1,17 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: kyverno:cleanup-controller
-  labels:
-    app.kubernetes.io/component: cleanup-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-aggregationRule:
-  clusterRoleSelectors:
-  - matchLabels:
-      app.kubernetes.io/component: cleanup-controller
-      app.kubernetes.io/instance: kyverno
-      app.kubernetes.io/part-of: kyverno
-
--- HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:cleanup-controller:core

+++ HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:cleanup-controller:core

@@ -1,89 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: kyverno:cleanup-controller:core
-  labels:
-    app.kubernetes.io/component: cleanup-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-rules:
-- apiGroups:
-  - apiextensions.k8s.io
-  resources:
-  - customresourcedefinitions
-  verbs:
-  - get
-- apiGroups:
-  - admissionregistration.k8s.io
-  resources:
-  - validatingwebhookconfigurations
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - update
-  - watch
-- apiGroups:
-  - ''
-  resources:
-  - namespaces
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - kyverno.io
-  resources:
-  - clustercleanuppolicies
-  - cleanuppolicies
-  verbs:
-  - list
-  - watch
-- apiGroups:
-  - kyverno.io
-  resources:
-  - globalcontextentries
-  - globalcontextentries/status
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-  - deletecollection
-- apiGroups:
-  - kyverno.io
-  resources:
-  - clustercleanuppolicies/status
-  - cleanuppolicies/status
-  verbs:
-  - update
-- apiGroups:
-  - ''
-  resources:
-  - configmaps
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ''
-  - events.k8s.io
-  resources:
-  - events
-  verbs:
-  - create
-  - patch
-  - update
-- apiGroups:
-  - authorization.k8s.io
-  resources:
-  - subjectaccessreviews
-  verbs:
-  - create
-
--- HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:cleanup-jobs

+++ HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:cleanup-jobs

@@ -1,30 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: kyverno:cleanup-jobs
-  labels:
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-rules:
-- apiGroups:
-  - kyverno.io
-  resources:
-  - admissionreports
-  - clusteradmissionreports
-  - updaterequests
-  verbs:
-  - list
-  - deletecollection
-  - delete
-- apiGroups:
-  - reports.kyverno.io
-  resources:
-  - ephemeralreports
-  - clusterephemeralreports
-  verbs:
-  - list
-  - deletecollection
-  - delete
-
--- HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:rbac:admin:policies

+++ HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:rbac:admin:policies

@@ -1,28 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: kyverno:rbac:admin:policies
-  labels:
-    app.kubernetes.io/component: rbac
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-    rbac.authorization.k8s.io/aggregate-to-admin: 'true'
-rules:
-- apiGroups:
-  - kyverno.io
-  resources:
-  - cleanuppolicies
-  - clustercleanuppolicies
-  - policies
-  - clusterpolicies
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-
--- HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:rbac:view:policies

+++ HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:rbac:view:policies

@@ -1,24 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: kyverno:rbac:view:policies
-  labels:
-    app.kubernetes.io/component: rbac
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-    rbac.authorization.k8s.io/aggregate-to-view: 'true'
-rules:
-- apiGroups:
-  - kyverno.io
-  resources:
-  - cleanuppolicies
-  - clustercleanuppolicies
-  - policies
-  - clusterpolicies
-  verbs:
-  - get
-  - list
-  - watch
-
--- HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:rbac:admin:policyreports

+++ HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:rbac:admin:policyreports

@@ -1,26 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: kyverno:rbac:admin:policyreports
-  labels:
-    app.kubernetes.io/component: rbac
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-    rbac.authorization.k8s.io/aggregate-to-admin: 'true'
-rules:
-- apiGroups:
-  - wgpolicyk8s.io
-  resources:
-  - policyreports
-  - clusterpolicyreports
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-
--- HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:rbac:view:policyreports

+++ HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:rbac:view:policyreports

@@ -1,22 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: kyverno:rbac:view:policyreports
-  labels:
-    app.kubernetes.io/component: rbac
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-    rbac.authorization.k8s.io/aggregate-to-view: 'true'
-rules:
-- apiGroups:
-  - wgpolicyk8s.io
-  resources:
-  - policyreports
-  - clusterpolicyreports
-  verbs:
-  - get
-  - list
-  - watch
-
--- HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:rbac:admin:reports

+++ HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:rbac:admin:reports

@@ -1,41 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: kyverno:rbac:admin:reports
-  labels:
-    app.kubernetes.io/component: rbac
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-    rbac.authorization.k8s.io/aggregate-to-admin: 'true'
-rules:
-- apiGroups:
-  - kyverno.io
-  resources:
-  - admissionreports
-  - clusteradmissionreports
-  - backgroundscanreports
-  - clusterbackgroundscanreports
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - reports.kyverno.io
-  resources:
-  - ephemeralreports
-  - clusterephemeralreports
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-
--- HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:rbac:view:reports

+++ HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:rbac:view:reports

@@ -1,33 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: kyverno:rbac:view:reports
-  labels:
-    app.kubernetes.io/component: rbac
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-    rbac.authorization.k8s.io/aggregate-to-view: 'true'
-rules:
-- apiGroups:
-  - kyverno.io
-  resources:
-  - admissionreports
-  - clusteradmissionreports
-  - backgroundscanreports
-  - clusterbackgroundscanreports
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - reports.kyverno.io
-  resources:
-  - ephemeralreports
-  - clusterephemeralreports
-  verbs:
-  - get
-  - list
-  - watch
-
--- HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:rbac:admin:updaterequests

+++ HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:rbac:admin:updaterequests

@@ -1,25 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: kyverno:rbac:admin:updaterequests
-  labels:
-    app.kubernetes.io/component: rbac
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-    rbac.authorization.k8s.io/aggregate-to-admin: 'true'
-rules:
-- apiGroups:
-  - kyverno.io
-  resources:
-  - updaterequests
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-
--- HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:rbac:view:updaterequests

+++ HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:rbac:view:updaterequests

@@ -1,21 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: kyverno:rbac:view:updaterequests
-  labels:
-    app.kubernetes.io/component: rbac
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-    rbac.authorization.k8s.io/aggregate-to-view: 'true'
-rules:
-- apiGroups:
-  - kyverno.io
-  resources:
-  - updaterequests
-  verbs:
-  - get
-  - list
-  - watch
-
--- HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:reports-controller

+++ HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:reports-controller

@@ -1,17 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: kyverno:reports-controller
-  labels:
-    app.kubernetes.io/component: reports-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-aggregationRule:
-  clusterRoleSelectors:
-  - matchLabels:
-      app.kubernetes.io/component: reports-controller
-      app.kubernetes.io/instance: kyverno
-      app.kubernetes.io/part-of: kyverno
-
--- HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:reports-controller:core

+++ HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:reports-controller:core

@@ -1,95 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: kyverno:reports-controller:core
-  labels:
-    app.kubernetes.io/component: reports-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-rules:
-- apiGroups:
-  - apiextensions.k8s.io
-  resources:
-  - customresourcedefinitions
-  verbs:
-  - get
-- apiGroups:
-  - ''
-  resources:
-  - secrets
-  - configmaps
-  - namespaces
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - kyverno.io
-  resources:
-  - globalcontextentries
-  - globalcontextentries/status
-  - admissionreports
-  - clusteradmissionreports
-  - backgroundscanreports
-  - clusterbackgroundscanreports
-  - policyexceptions
-  - policies
-  - clusterpolicies
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-  - deletecollection
-- apiGroups:
-  - reports.kyverno.io
-  resources:
-  - ephemeralreports
-  - clusterephemeralreports
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-  - deletecollection
-- apiGroups:
-  - wgpolicyk8s.io
-  resources:
-  - policyreports
-  - policyreports/status
-  - clusterpolicyreports
-  - clusterpolicyreports/status
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-  - deletecollection
-- apiGroups:
-  - ''
-  - events.k8s.io
-  resources:
-  - events
-  verbs:
-  - create
-  - patch
-- apiGroups:
-  - '*'
-  resources:
-  - '*'
-  verbs:
-  - get
-  - list
-  - watch
-
--- HelmRelease: kyverno/kyverno ClusterRoleBinding: kyverno/kyverno:admission-controller

+++ HelmRelease: kyverno/kyverno ClusterRoleBinding: kyverno/kyverno:admission-controller

@@ -1,19 +0,0 @@

----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: kyverno:admission-controller
-  labels:
-    app.kubernetes.io/component: admission-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: kyverno:admission-controller
-subjects:
-- kind: ServiceAccount
-  name: kyverno-admission-controller
-  namespace: kyverno
-
--- HelmRelease: kyverno/kyverno ClusterRoleBinding: kyverno/kyverno:background-controller

+++ HelmRelease: kyverno/kyverno ClusterRoleBinding: kyverno/kyverno:background-controller

@@ -1,19 +0,0 @@

----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: kyverno:background-controller
-  labels:
-    app.kubernetes.io/component: background-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: kyverno:background-controller
-subjects:
-- kind: ServiceAccount
-  name: kyverno-background-controller
-  namespace: kyverno
-
--- HelmRelease: kyverno/kyverno ClusterRoleBinding: kyverno/kyverno:cleanup-controller

+++ HelmRelease: kyverno/kyverno ClusterRoleBinding: kyverno/kyverno:cleanup-controller

@@ -1,19 +0,0 @@

----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: kyverno:cleanup-controller
-  labels:
-    app.kubernetes.io/component: cleanup-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: kyverno:cleanup-controller
-subjects:
-- kind: ServiceAccount
-  name: kyverno-cleanup-controller
-  namespace: kyverno
-
--- HelmRelease: kyverno/kyverno ClusterRoleBinding: kyverno/kyverno:cleanup-jobs

+++ HelmRelease: kyverno/kyverno ClusterRoleBinding: kyverno/kyverno:cleanup-jobs

@@ -1,18 +0,0 @@

----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: kyverno:cleanup-jobs
-  labels:
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: kyverno:cleanup-jobs
-subjects:
-- kind: ServiceAccount
-  name: kyverno-cleanup-jobs
-  namespace: kyverno
-
--- HelmRelease: kyverno/kyverno ClusterRoleBinding: kyverno/kyverno:reports-controller

+++ HelmRelease: kyverno/kyverno ClusterRoleBinding: kyverno/kyverno:reports-controller

@@ -1,19 +0,0 @@

----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: kyverno:reports-controller
-  labels:
-    app.kubernetes.io/component: reports-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: kyverno:reports-controller
-subjects:
-- kind: ServiceAccount
-  name: kyverno-reports-controller
-  namespace: kyverno
-
--- HelmRelease: kyverno/kyverno Role: kyverno/kyverno:admission-controller

+++ HelmRelease: kyverno/kyverno Role: kyverno/kyverno:admission-controller

@@ -1,56 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: kyverno:admission-controller
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/component: admission-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-rules:
-- apiGroups:
-  - ''
-  resources:
-  - secrets
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - delete
-- apiGroups:
-  - ''
-  resources:
-  - configmaps
-  verbs:
-  - get
-  - list
-  - watch
-  resourceNames:
-  - kyverno
-  - kyverno-metrics
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - create
-  - delete
-  - get
-  - patch
-  - update
-- apiGroups:
-  - apps
-  resources:
-  - deployments
-  - deployments/scale
-  verbs:
-  - get
-  - list
-  - watch
-  - patch
-  - update
-
--- HelmRelease: kyverno/kyverno Role: kyverno/kyverno:background-controller

+++ HelmRelease: kyverno/kyverno Role: kyverno/kyverno:background-controller

@@ -1,49 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: kyverno:background-controller
-  labels:
-    app.kubernetes.io/component: background-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-  namespace: kyverno
-rules:
-- apiGroups:
-  - ''
-  resources:
-  - configmaps
-  verbs:
-  - get
-  - list
-  - watch
-  resourceNames:
-  - kyverno
-  - kyverno-metrics
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - create
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - delete
-  - get
-  - patch
-  - update
-  resourceNames:
-  - kyverno-background-controller
-- apiGroups:
-  - ''
-  resources:
-  - secrets
-  verbs:
-  - get
-  - list
-  - watch
-
--- HelmRelease: kyverno/kyverno Role: kyverno/kyverno:cleanup-controller

+++ HelmRelease: kyverno/kyverno Role: kyverno/kyverno:cleanup-controller

@@ -1,60 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: kyverno:cleanup-controller
-  labels:
-    app.kubernetes.io/component: cleanup-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-  namespace: kyverno
-rules:
-- apiGroups:
-  - ''
-  resources:
-  - secrets
-  verbs:
-  - create
-- apiGroups:
-  - ''
-  resources:
-  - secrets
-  verbs:
-  - delete
-  - get
-  - list
-  - update
-  - watch
-  resourceNames:
-  - kyverno-cleanup-controller.kyverno.svc.kyverno-tls-ca
-  - kyverno-cleanup-controller.kyverno.svc.kyverno-tls-pair
-- apiGroups:
-  - ''
-  resources:
-  - configmaps
-  verbs:
-  - get
-  - list
-  - watch
-  resourceNames:
-  - kyverno
-  - kyverno-metrics
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - create
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - delete
-  - get
-  - patch
-  - update
-  resourceNames:
-  - kyverno-cleanup-controller
-
--- HelmRelease: kyverno/kyverno Role: kyverno/kyverno:reports-controller

+++ HelmRelease: kyverno/kyverno Role: kyverno/kyverno:reports-controller

@@ -1,41 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: kyverno:reports-controller
-  labels:
-    app.kubernetes.io/component: reports-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-  namespace: kyverno
-rules:
-- apiGroups:
-  - ''
-  resources:
-  - configmaps
-  verbs:
-  - get
-  - list
-  - watch
-  resourceNames:
-  - kyverno
-  - kyverno-metrics
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - create
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - delete
-  - get
-  - patch
-  - update
-  resourceNames:
-  - kyverno-reports-controller
-
--- HelmRelease: kyverno/kyverno RoleBinding: kyverno/kyverno:admission-controller

+++ HelmRelease: kyverno/kyverno RoleBinding: kyverno/kyverno:admission-controller

@@ -1,20 +0,0 @@

----
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: kyverno:admission-controller
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/component: admission-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: kyverno:admission-controller
-subjects:
-- kind: ServiceAccount
-  name: kyverno-admission-controller
-  namespace: kyverno
-
--- HelmRelease: kyverno/kyverno RoleBinding: kyverno/kyverno:background-controller

+++ HelmRelease: kyverno/kyverno RoleBinding: kyverno/kyverno:background-controller

@@ -1,20 +0,0 @@

----
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: kyverno:background-controller
-  labels:
-    app.kubernetes.io/component: background-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-  namespace: kyverno
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: kyverno:background-controller
-subjects:
-- kind: ServiceAccount
-  name: kyverno-background-controller
-  namespace: kyverno
-
--- HelmRelease: kyverno/kyverno RoleBinding: kyverno/kyverno:cleanup-controller

+++ HelmRelease: kyverno/kyverno RoleBinding: kyverno/kyverno:cleanup-controller

@@ -1,20 +0,0 @@

----
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: kyverno:cleanup-controller
-  labels:
-    app.kubernetes.io/component: cleanup-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-  namespace: kyverno
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: kyverno:cleanup-controller
-subjects:
-- kind: ServiceAccount
-  name: kyverno-cleanup-controller
-  namespace: kyverno
-
--- HelmRelease: kyverno/kyverno RoleBinding: kyverno/kyverno:reports-controller

+++ HelmRelease: kyverno/kyverno RoleBinding: kyverno/kyverno:reports-controller

@@ -1,20 +0,0 @@

----
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: kyverno:reports-controller
-  labels:
-    app.kubernetes.io/component: reports-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-  namespace: kyverno
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: kyverno:reports-controller
-subjects:
-- kind: ServiceAccount
-  name: kyverno-reports-controller
-  namespace: kyverno
-
--- HelmRelease: kyverno/kyverno Service: kyverno/kyverno-svc

+++ HelmRelease: kyverno/kyverno Service: kyverno/kyverno-svc

@@ -1,23 +0,0 @@

----
-apiVersion: v1
-kind: Service
-metadata:
-  name: kyverno-svc
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/component: admission-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-spec:
-  ports:
-  - port: 443
-    targetPort: https
-    protocol: TCP
-    name: https
-  selector:
-    app.kubernetes.io/component: admission-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/part-of: kyverno
-  type: ClusterIP
-
--- HelmRelease: kyverno/kyverno Service: kyverno/kyverno-svc-metrics

+++ HelmRelease: kyverno/kyverno Service: kyverno/kyverno-svc-metrics

@@ -1,23 +0,0 @@

----
-apiVersion: v1
-kind: Service
-metadata:
-  name: kyverno-svc-metrics
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/component: admission-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-spec:
-  ports:
-  - port: 8000
-    targetPort: 8000
-    protocol: TCP
-    name: metrics-port
-  selector:
-    app.kubernetes.io/component: admission-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/part-of: kyverno
-  type: ClusterIP
-
--- HelmRelease: kyverno/kyverno Service: kyverno/kyverno-background-controller-metrics

+++ HelmRelease: kyverno/kyverno Service: kyverno/kyverno-background-controller-metrics

@@ -1,23 +0,0 @@

----
-apiVersion: v1
-kind: Service
-metadata:
-  name: kyverno-background-controller-metrics
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/component: background-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-spec:
-  ports:
-  - port: 8000
-    targetPort: 8000
-    protocol: TCP
-    name: metrics-port
-  selector:
-    app.kubernetes.io/component: background-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/part-of: kyverno
-  type: ClusterIP
-
--- HelmRelease: kyverno/kyverno Service: kyverno/kyverno-cleanup-controller

+++ HelmRelease: kyverno/kyverno Service: kyverno/kyverno-cleanup-controller

@@ -1,23 +0,0 @@

----
-apiVersion: v1
-kind: Service
-metadata:
-  name: kyverno-cleanup-controller
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/component: cleanup-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-spec:
-  ports:
-  - port: 443
-    targetPort: https
-    protocol: TCP
-    name: https
-  selector:
-    app.kubernetes.io/component: cleanup-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/part-of: kyverno
-  type: ClusterIP
-
--- HelmRelease: kyverno/kyverno Service: kyverno/kyverno-cleanup-controller-metrics

+++ HelmRelease: kyverno/kyverno Service: kyverno/kyverno-cleanup-controller-metrics

@@ -1,23 +0,0 @@

----
-apiVersion: v1
-kind: Service
-metadata:
-  name: kyverno-cleanup-controller-metrics
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/component: cleanup-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-spec:
-  ports:
-  - port: 8000
-    targetPort: 8000
-    protocol: TCP
-    name: metrics-port
-  selector:
-    app.kubernetes.io/component: cleanup-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/part-of: kyverno
-  type: ClusterIP
-
--- HelmRelease: kyverno/kyverno Service: kyverno/kyverno-reports-controller-metrics

+++ HelmRelease: kyverno/kyverno Service: kyverno/kyverno-reports-controller-metrics

@@ -1,23 +0,0 @@

----
-apiVersion: v1
-kind: Service
-metadata:
-  name: kyverno-reports-controller-metrics
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/component: reports-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-spec:
-  ports:
-  - port: 8000
-    targetPort: 8000
-    protocol: TCP
-    name: metrics-port
-  selector:
-    app.kubernetes.io/component: reports-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/part-of: kyverno
-  type: ClusterIP
-
--- HelmRelease: kyverno/kyverno Deployment: kyverno/kyverno-admission-controller

+++ HelmRelease: kyverno/kyverno Deployment: kyverno/kyverno-admission-controller

@@ -1,197 +0,0 @@

----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: kyverno-admission-controller
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/component: admission-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-spec:
-  replicas: null
-  revisionHistoryLimit: 10
-  strategy:
-    rollingUpdate:
-      maxSurge: 1
-      maxUnavailable: 40%
-    type: RollingUpdate
-  selector:
-    matchLabels:
-      app.kubernetes.io/component: admission-controller
-      app.kubernetes.io/instance: kyverno
-      app.kubernetes.io/part-of: kyverno
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/component: admission-controller
-        app.kubernetes.io/instance: kyverno
-        app.kubernetes.io/managed-by: Helm
-        app.kubernetes.io/part-of: kyverno
-    spec:
-      dnsPolicy: ClusterFirst
-      affinity:
-        podAntiAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-          - podAffinityTerm:
-              labelSelector:
-                matchExpressions:
-                - key: app.kubernetes.io/component
-                  operator: In
-                  values:
-                  - admission-controller
-              topologyKey: kubernetes.io/hostname
-            weight: 1
-      serviceAccountName: kyverno-admission-controller
-      initContainers:
-      - name: kyverno-pre
-        image: ghcr.io/kyverno/kyvernopre:v1.12.5
-        imagePullPolicy: IfNotPresent
-        args:
-        - --loggingFormat=text
-        - --v=2
-        resources:
-          limits:
-            cpu: 100m
-            memory: 256Mi
-          requests:
-            cpu: 10m
-            memory: 64Mi
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          privileged: false
-          readOnlyRootFilesystem: true
-          runAsNonRoot: true
-          seccompProfile:
-            type: RuntimeDefault
-        env:
-        - name: KYVERNO_SERVICEACCOUNT_NAME
-          value: kyverno-admission-controller
-        - name: INIT_CONFIG
-          value: kyverno
-        - name: METRICS_CONFIG
-          value: kyverno-metrics
-        - name: KYVERNO_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: KYVERNO_POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: KYVERNO_DEPLOYMENT
-          value: kyverno-admission-controller
-        - name: KYVERNO_SVC
-          value: kyverno-svc
-      containers:
-      - name: kyverno
-        image: ghcr.io/kyverno/kyverno:v1.12.5
-        imagePullPolicy: IfNotPresent
-        args:
-        - --caSecretName=kyverno-svc.kyverno.svc.kyverno-tls-ca
-        - --tlsSecretName=kyverno-svc.kyverno.svc.kyverno-tls-pair
-        - --backgroundServiceAccountName=system:serviceaccount:kyverno:kyverno-background-controller
-        - --servicePort=443
-        - --webhookServerPort=9443
-        - --disableMetrics=false
-        - --otelConfig=prometheus
-        - --metricsPort=8000
-        - --admissionReports=true
-        - --maxAdmissionReports=1000
-        - --autoUpdateWebhooks=true
-        - --enableConfigMapCaching=true
-        - --enableDeferredLoading=true
-        - --dumpPayload=false
-        - --forceFailurePolicyIgnore=false
-        - --generateValidatingAdmissionPolicy=false
-        - --maxAPICallResponseLength=2000000
-        - --loggingFormat=text
-        - --v=2
-        - --omitEvents=PolicyApplied,PolicySkipped
-        - --enablePolicyException=true
-        - --protectManagedResources=false
-        - --allowInsecureRegistry=false
-        - --registryCredentialHelpers=default,google,amazon,azure,github
-        resources:
-          limits:
-            memory: 384Mi
-          requests:
-            cpu: 100m
-            memory: 128Mi
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          privileged: false
-          readOnlyRootFilesystem: true
-          runAsNonRoot: true
-          seccompProfile:
-            type: RuntimeDefault
-        ports:
-        - containerPort: 9443
-          name: https
-          protocol: TCP
-        - containerPort: 8000
-          name: metrics-port
-          protocol: TCP
-        env:
-        - name: INIT_CONFIG
-          value: kyverno
-        - name: METRICS_CONFIG
-          value: kyverno-metrics
-        - name: KYVERNO_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: KYVERNO_POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: KYVERNO_SERVICEACCOUNT_NAME
-          value: kyverno-admission-controller
-        - name: KYVERNO_SVC
-          value: kyverno-svc
-        - name: TUF_ROOT
-          value: /.sigstore
-        - name: KYVERNO_DEPLOYMENT
-          value: kyverno-admission-controller
-        startupProbe:
-          failureThreshold: 20
-          httpGet:
-            path: /health/liveness
-            port: 9443
-            scheme: HTTPS
-          initialDelaySeconds: 2
-          periodSeconds: 6
-        livenessProbe:
-          failureThreshold: 2
-          httpGet:
-            path: /health/liveness
-            port: 9443
-            scheme: HTTPS
-          initialDelaySeconds: 15
-          periodSeconds: 30
-          successThreshold: 1
-          timeoutSeconds: 5
-        readinessProbe:
-          failureThreshold: 6
-          httpGet:
-            path: /health/readiness
-            port: 9443
-            scheme: HTTPS
-          initialDelaySeconds: 5
-          periodSeconds: 10
-          successThreshold: 1
-          timeoutSeconds: 5
-        volumeMounts:
-        - mountPath: /.sigstore
-          name: sigstore
-      volumes:
-      - name: sigstore
-        emptyDir: {}
-
--- HelmRelease: kyverno/kyverno Deployment: kyverno/kyverno-background-controller

+++ HelmRelease: kyverno/kyverno Deployment: kyverno/kyverno-background-controller

@@ -1,102 +0,0 @@

----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: kyverno-background-controller
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/component: background-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-spec:
-  replicas: null
-  revisionHistoryLimit: 10
-  strategy:
-    rollingUpdate:
-      maxSurge: 1
-      maxUnavailable: 40%
-    type: RollingUpdate
-  selector:
-    matchLabels:
-      app.kubernetes.io/component: background-controller
-      app.kubernetes.io/instance: kyverno
-      app.kubernetes.io/part-of: kyverno
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/component: background-controller
-        app.kubernetes.io/instance: kyverno
-        app.kubernetes.io/managed-by: Helm
-        app.kubernetes.io/part-of: kyverno
-    spec:
-      dnsPolicy: ClusterFirst
-      affinity:
-        podAntiAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-          - podAffinityTerm:
-              labelSelector:
-                matchExpressions:
-                - key: app.kubernetes.io/component
-                  operator: In
-                  values:
-                  - background-controller
-              topologyKey: kubernetes.io/hostname
-            weight: 1
-      serviceAccountName: kyverno-background-controller
-      containers:
-      - name: controller
-        image: ghcr.io/kyverno/background-controller:v1.12.5
-        imagePullPolicy: IfNotPresent
-        ports:
-        - containerPort: 9443
-          name: https
-          protocol: TCP
-        - containerPort: 8000
-          name: metrics
-          protocol: TCP
-        args:
-        - --disableMetrics=false
-        - --otelConfig=prometheus
-        - --metricsPort=8000
-        - --enableConfigMapCaching=true
-        - --enableDeferredLoading=true
-        - --maxAPICallResponseLength=2000000
-        - --loggingFormat=text
-        - --v=2
-        - --omitEvents=PolicyApplied,PolicySkipped
-        - --enablePolicyException=true
-        env:
-        - name: KYVERNO_SERVICEACCOUNT_NAME
-          value: kyverno-background-controller
-        - name: KYVERNO_DEPLOYMENT
-          value: kyverno-background-controller
-        - name: INIT_CONFIG
-          value: kyverno
-        - name: METRICS_CONFIG
-          value: kyverno-metrics
-        - name: KYVERNO_POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: KYVERNO_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        resources:
-          limits:
-            memory: 128Mi
-          requests:
-            cpu: 100m
-            memory: 64Mi
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          privileged: false
-          readOnlyRootFilesystem: true
-          runAsNonRoot: true
-          seccompProfile:
-            type: RuntimeDefault
-
--- HelmRelease: kyverno/kyverno Deployment: kyverno/kyverno-cleanup-controller

+++ HelmRelease: kyverno/kyverno Deployment: kyverno/kyverno-cleanup-controller

@@ -1,137 +0,0 @@

----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: kyverno-cleanup-controller
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/component: cleanup-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-spec:
-  replicas: null
-  revisionHistoryLimit: 10
-  strategy:
-    rollingUpdate:
-      maxSurge: 1
-      maxUnavailable: 40%
-    type: RollingUpdate
-  selector:
-    matchLabels:
-      app.kubernetes.io/component: cleanup-controller
-      app.kubernetes.io/instance: kyverno
-      app.kubernetes.io/part-of: kyverno
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/component: cleanup-controller
-        app.kubernetes.io/instance: kyverno
-        app.kubernetes.io/managed-by: Helm
-        app.kubernetes.io/part-of: kyverno
-    spec:
-      dnsPolicy: ClusterFirst
-      affinity:
-        podAntiAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-          - podAffinityTerm:
-              labelSelector:
-                matchExpressions:
-                - key: app.kubernetes.io/component
-                  operator: In
-                  values:
-                  - cleanup-controller
-              topologyKey: kubernetes.io/hostname
-            weight: 1
-      serviceAccountName: kyverno-cleanup-controller
-      containers:
-      - name: controller
-        image: ghcr.io/kyverno/cleanup-controller:v1.12.5
-        imagePullPolicy: IfNotPresent
-        ports:
-        - containerPort: 9443
-          name: https
-          protocol: TCP
-        - containerPort: 8000
-          name: metrics
-          protocol: TCP
-        args:
-        - --caSecretName=kyverno-cleanup-controller.kyverno.svc.kyverno-tls-ca
-        - --tlsSecretName=kyverno-cleanup-controller.kyverno.svc.kyverno-tls-pair
-        - --servicePort=443
-        - --cleanupServerPort=9443
-        - --webhookServerPort=9443
-        - --disableMetrics=false
-        - --otelConfig=prometheus
-        - --metricsPort=8000
-        - --enableDeferredLoading=true
-        - --dumpPayload=false
-        - --maxAPICallResponseLength=2000000
-        - --loggingFormat=text
-        - --v=2
-        - --protectManagedResources=false
-        - --ttlReconciliationInterval=1m
-        env:
-        - name: KYVERNO_DEPLOYMENT
-          value: kyverno-cleanup-controller
-        - name: INIT_CONFIG
-          value: kyverno
-        - name: METRICS_CONFIG
-          value: kyverno-metrics
-        - name: KYVERNO_POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: KYVERNO_SERVICEACCOUNT_NAME
-          value: kyverno-cleanup-controller
-        - name: KYVERNO_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: KYVERNO_SVC
-          value: kyverno-cleanup-controller
-        resources:
-          limits:
-            memory: 128Mi
-          requests:
-            cpu: 100m
-            memory: 64Mi
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          privileged: false
-          readOnlyRootFilesystem: true
-          runAsNonRoot: true
-          seccompProfile:
-            type: RuntimeDefault
-        startupProbe:
-          failureThreshold: 20
-          httpGet:
-            path: /health/liveness
-            port: 9443
-            scheme: HTTPS
-          initialDelaySeconds: 2
-          periodSeconds: 6
-        livenessProbe:
-          failureThreshold: 2
-          httpGet:
-            path: /health/liveness
-            port: 9443
-            scheme: HTTPS
-          initialDelaySeconds: 15
-          periodSeconds: 30
-          successThreshold: 1
-          timeoutSeconds: 5
-        readinessProbe:
-          failureThreshold: 6
-          httpGet:
-            path: /health/readiness
-            port: 9443
-            scheme: HTTPS
-          initialDelaySeconds: 5
-          periodSeconds: 10
-          successThreshold: 1
-          timeoutSeconds: 5
-
--- HelmRelease: kyverno/kyverno Deployment: kyverno/kyverno-reports-controller

+++ HelmRelease: kyverno/kyverno Deployment: kyverno/kyverno-reports-controller

@@ -1,121 +0,0 @@

----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: kyverno-reports-controller
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/component: reports-controller
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-spec:
-  replicas: null
-  revisionHistoryLimit: 10
-  strategy:
-    rollingUpdate:
-      maxSurge: 1
-      maxUnavailable: 40%
-    type: RollingUpdate
-  selector:
-    matchLabels:
-      app.kubernetes.io/component: reports-controller
-      app.kubernetes.io/instance: kyverno
-      app.kubernetes.io/part-of: kyverno
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/component: reports-controller
-        app.kubernetes.io/instance: kyverno
-        app.kubernetes.io/managed-by: Helm
-        app.kubernetes.io/part-of: kyverno
-    spec:
-      dnsPolicy: ClusterFirst
-      affinity:
-        podAntiAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-          - podAffinityTerm:
-              labelSelector:
-                matchExpressions:
-                - key: app.kubernetes.io/component
-                  operator: In
-                  values:
-                  - reports-controller
-              topologyKey: kubernetes.io/hostname
-            weight: 1
-      serviceAccountName: kyverno-reports-controller
-      containers:
-      - name: controller
-        image: ghcr.io/kyverno/reports-controller:v1.12.5
-        imagePullPolicy: IfNotPresent
-        ports:
-        - containerPort: 9443
-          name: https
-          protocol: TCP
-        - containerPort: 8000
-          name: metrics
-          protocol: TCP
-        args:
-        - --disableMetrics=false
-        - --otelConfig=prometheus
-        - --metricsPort=8000
-        - --admissionReports=true
-        - --aggregateReports=true
-        - --policyReports=true
-        - --validatingAdmissionPolicyReports=false
-        - --backgroundScan=true
-        - --backgroundScanWorkers=2
-        - --backgroundScanInterval=1h
-        - --skipResourceFilters=true
-        - --enableConfigMapCaching=true
-        - --enableDeferredLoading=true
-        - --maxAPICallResponseLength=2000000
-        - --loggingFormat=text
-        - --v=2
-        - --omitEvents=PolicyApplied,PolicySkipped
-        - --enablePolicyException=true
-        - --reportsChunkSize=0
-        - --allowInsecureRegistry=false
-        - --registryCredentialHelpers=default,google,amazon,azure,github
-        env:
-        - name: KYVERNO_SERVICEACCOUNT_NAME
-          value: kyverno-reports-controller
-        - name: KYVERNO_DEPLOYMENT
-          value: kyverno-reports-controller
-        - name: INIT_CONFIG
-          value: kyverno
-        - name: METRICS_CONFIG
-          value: kyverno-metrics
-        - name: KYVERNO_POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: KYVERNO_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: TUF_ROOT
-          value: /.sigstore
-        resources:
-          limits:
-            memory: 128Mi
-          requests:
-            cpu: 100m
-            memory: 64Mi
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          privileged: false
-          readOnlyRootFilesystem: true
-          runAsNonRoot: true
-          seccompProfile:
-            type: RuntimeDefault
-        volumeMounts:
-        - mountPath: /.sigstore
-          name: sigstore
-      volumes:
-      - name: sigstore
-        emptyDir: {}
-
--- HelmRelease: kyverno/kyverno CronJob: kyverno/kyverno-cleanup-admission-reports

+++ HelmRelease: kyverno/kyverno CronJob: kyverno/kyverno-cleanup-admission-reports

@@ -1,51 +0,0 @@

----
-apiVersion: batch/v1
-kind: CronJob
-metadata:
-  name: kyverno-cleanup-admission-reports
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/component: cleanup
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-spec:
-  schedule: '*/10 * * * *'
-  concurrencyPolicy: Forbid
-  successfulJobsHistoryLimit: 1
-  failedJobsHistoryLimit: 1
-  jobTemplate:
-    spec:
-      backoffLimit: 3
-      template:
-        metadata: null
-        spec:
-          serviceAccountName: kyverno-cleanup-jobs
-          containers:
-          - name: cleanup
-            image: bitnami/kubectl:1.28.5
-            imagePullPolicy: null
-            command:
-            - /bin/bash
-            - -c
-            - |
-              set -euo pipefail
-              COUNT=$(kubectl get admissionreports.kyverno.io -A | wc -l)
-              if [ "$COUNT" -gt 10000 ]; then
-                echo "too many reports found ($COUNT), cleaning up..."
-                kubectl delete admissionreports.kyverno.io -A -l='!audit.kyverno.io/report.aggregate'
-              else
-                echo "($COUNT) reports found, no clean up needed"
-              fi
-            securityContext:
-              allowPrivilegeEscalation: false
-              capabilities:
-                drop:
-                - ALL
-              privileged: false
-              readOnlyRootFilesystem: true
-              runAsNonRoot: true
-              seccompProfile:
-                type: RuntimeDefault
-          restartPolicy: OnFailure
-
--- HelmRelease: kyverno/kyverno CronJob: kyverno/kyverno-cleanup-cluster-admission-reports

+++ HelmRelease: kyverno/kyverno CronJob: kyverno/kyverno-cleanup-cluster-admission-reports

@@ -1,51 +0,0 @@

----
-apiVersion: batch/v1
-kind: CronJob
-metadata:
-  name: kyverno-cleanup-cluster-admission-reports
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/component: cleanup
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-spec:
-  schedule: '*/10 * * * *'
-  concurrencyPolicy: Forbid
-  successfulJobsHistoryLimit: 1
-  failedJobsHistoryLimit: 1
-  jobTemplate:
-    spec:
-      backoffLimit: 3
-      template:
-        metadata: null
-        spec:
-          serviceAccountName: kyverno-cleanup-jobs
-          containers:
-          - name: cleanup
-            image: bitnami/kubectl:1.28.5
-            imagePullPolicy: null
-            command:
-            - /bin/bash
-            - -c
-            - |
-              set -euo pipefail
-              COUNT=$(kubectl get clusteradmissionreports.kyverno.io -A | wc -l)
-              if [ "$COUNT" -gt 10000 ]; then
-                echo "too many reports found ($COUNT), cleaning up..."
-                kubectl delete clusteradmissionreports.kyverno.io -A -l='!audit.kyverno.io/report.aggregate'
-              else
-                echo "($COUNT) reports found, no clean up needed"
-              fi
-            securityContext:
-              allowPrivilegeEscalation: false
-              capabilities:
-                drop:
-                - ALL
-              privileged: false
-              readOnlyRootFilesystem: true
-              runAsNonRoot: true
-              seccompProfile:
-                type: RuntimeDefault
-          restartPolicy: OnFailure
-
--- HelmRelease: kyverno/kyverno CronJob: kyverno/kyverno-cleanup-cluster-ephemeral-reports

+++ HelmRelease: kyverno/kyverno CronJob: kyverno/kyverno-cleanup-cluster-ephemeral-reports

@@ -1,51 +0,0 @@

----
-apiVersion: batch/v1
-kind: CronJob
-metadata:
-  name: kyverno-cleanup-cluster-ephemeral-reports
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/component: cleanup
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-spec:
-  schedule: '*/10 * * * *'
-  concurrencyPolicy: Forbid
-  successfulJobsHistoryLimit: 1
-  failedJobsHistoryLimit: 1
-  jobTemplate:
-    spec:
-      backoffLimit: 3
-      template:
-        metadata: null
-        spec:
-          serviceAccountName: kyverno-cleanup-jobs
-          containers:
-          - name: cleanup
-            image: bitnami/kubectl:1.28.5
-            imagePullPolicy: null
-            command:
-            - /bin/bash
-            - -c
-            - |
-              set -euo pipefail
-              COUNT=$(kubectl get clusterephemeralreports.reports.kyverno.io -A | wc -l)
-              if [ "$COUNT" -gt 10000 ]; then
-                echo "too many clusterephemeralreports found ($COUNT), cleaning up..."
-                kubectl delete clusterephemeralreports.reports.kyverno.io -A --all
-              else
-                echo "($COUNT) reports found, no clean up needed"
-              fi
-            securityContext:
-              allowPrivilegeEscalation: false
-              capabilities:
-                drop:
-                - ALL
-              privileged: false
-              readOnlyRootFilesystem: true
-              runAsNonRoot: true
-              seccompProfile:
-                type: RuntimeDefault
-          restartPolicy: OnFailure
-
--- HelmRelease: kyverno/kyverno CronJob: kyverno/kyverno-cleanup-ephemeral-reports

+++ HelmRelease: kyverno/kyverno CronJob: kyverno/kyverno-cleanup-ephemeral-reports

@@ -1,51 +0,0 @@

----
-apiVersion: batch/v1
-kind: CronJob
-metadata:
-  name: kyverno-cleanup-ephemeral-reports
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/component: cleanup
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-spec:
-  schedule: '*/10 * * * *'
-  concurrencyPolicy: Forbid
-  successfulJobsHistoryLimit: 1
-  failedJobsHistoryLimit: 1
-  jobTemplate:
-    spec:
-      backoffLimit: 3
-      template:
-        metadata: null
-        spec:
-          serviceAccountName: kyverno-cleanup-jobs
-          containers:
-          - name: cleanup
-            image: bitnami/kubectl:1.28.5
-            imagePullPolicy: null
-            command:
-            - /bin/bash
-            - -c
-            - |
-              set -euo pipefail
-              COUNT=$(kubectl get ephemeralreports.reports.kyverno.io -A | wc -l)
-              if [ "$COUNT" -gt 10000 ]; then
-                echo "too many ephemeralreports found ($COUNT), cleaning up..."
-                kubectl delete ephemeralreports.reports.kyverno.io -A --all
-              else
-                echo "($COUNT) reports found, no clean up needed"
-              fi
-            securityContext:
-              allowPrivilegeEscalation: false
-              capabilities:
-                drop:
-                - ALL
-              privileged: false
-              readOnlyRootFilesystem: true
-              runAsNonRoot: true
-              seccompProfile:
-                type: RuntimeDefault
-          restartPolicy: OnFailure
-
--- HelmRelease: kyverno/kyverno CronJob: kyverno/kyverno-cleanup-update-requests

+++ HelmRelease: kyverno/kyverno CronJob: kyverno/kyverno-cleanup-update-requests

@@ -1,51 +0,0 @@

----
-apiVersion: batch/v1
-kind: CronJob
-metadata:
-  name: kyverno-cleanup-update-requests
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/component: cleanup
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-spec:
-  schedule: '*/10 * * * *'
-  concurrencyPolicy: Forbid
-  successfulJobsHistoryLimit: 1
-  failedJobsHistoryLimit: 1
-  jobTemplate:
-    spec:
-      backoffLimit: 3
-      template:
-        metadata: null
-        spec:
-          serviceAccountName: kyverno-cleanup-jobs
-          containers:
-          - name: cleanup
-            image: bitnami/kubectl:1.28.5
-            imagePullPolicy: null
-            command:
-            - /bin/bash
-            - -c
-            - |
-              set -euo pipefail
-              COUNT=$(kubectl get updaterequests.kyverno.io -A | wc -l)
-              if [ "$COUNT" -gt 10000 ]; then
-                echo "too many updaterequests found ($COUNT), cleaning up..."
-                kubectl delete updaterequests.kyverno.io --all -n kyverno
-              else
-                echo "($COUNT) reports found, no clean up needed"
-              fi
-            securityContext:
-              allowPrivilegeEscalation: false
-              capabilities:
-                drop:
-                - ALL
-              privileged: false
-              readOnlyRootFilesystem: true
-              runAsNonRoot: true
-              seccompProfile:
-                type: RuntimeDefault
-          restartPolicy: OnFailure
-
--- HelmRelease: kyverno/kyverno ServiceAccount: kyverno/kyverno-migrate-resources

+++ HelmRelease: kyverno/kyverno ServiceAccount: kyverno/kyverno-migrate-resources

@@ -1,16 +0,0 @@

----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: kyverno-migrate-resources
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/component: hooks
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-  annotations:
-    helm.sh/hook: post-upgrade
-    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
-    helm.sh/hook-weight: '100'
-
--- HelmRelease: kyverno/kyverno ServiceAccount: kyverno/kyverno-remove-configmap

+++ HelmRelease: kyverno/kyverno ServiceAccount: kyverno/kyverno-remove-configmap

@@ -1,16 +0,0 @@

----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: kyverno-remove-configmap
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/component: hooks
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-  annotations:
-    helm.sh/hook: pre-delete
-    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
-    helm.sh/hook-weight: '0'
-
--- HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:migrate-resources

+++ HelmRelease: kyverno/kyverno ClusterRole: kyverno/kyverno:migrate-resources

@@ -1,36 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: kyverno:migrate-resources
-  labels:
-    app.kubernetes.io/component: hooks
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-  annotations:
-    helm.sh/hook: post-upgrade
-    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded,hook-failed
-    helm.sh/hook-weight: '100'
-rules:
-- apiGroups:
-  - kyverno.io
-  resources:
-  - '*'
-  verbs:
-  - get
-  - list
-  - update
-- apiGroups:
-  - apiextensions.k8s.io
-  resources:
-  - customresourcedefinitions
-  verbs:
-  - get
-- apiGroups:
-  - apiextensions.k8s.io
-  resources:
-  - customresourcedefinitions/status
-  verbs:
-  - update
-
--- HelmRelease: kyverno/kyverno ClusterRoleBinding: kyverno/kyverno:migrate-resources

+++ HelmRelease: kyverno/kyverno ClusterRoleBinding: kyverno/kyverno:migrate-resources

@@ -1,23 +0,0 @@

----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: kyverno:migrate-resources
-  labels:
-    app.kubernetes.io/component: hooks
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-  annotations:
-    helm.sh/hook: post-upgrade
-    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded,hook-failed
-    helm.sh/hook-weight: '100'
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: kyverno:migrate-resources
-subjects:
-- kind: ServiceAccount
-  name: kyverno-migrate-resources
-  namespace: kyverno
-
--- HelmRelease: kyverno/kyverno Role: kyverno/kyverno:remove-configmap

+++ HelmRelease: kyverno/kyverno Role: kyverno/kyverno:remove-configmap

@@ -1,25 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: kyverno:remove-configmap
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/component: hooks
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-  annotations:
-    helm.sh/hook: pre-delete
-    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded,hook-failed
-    helm.sh/hook-weight: '0'
-rules:
-- apiGroups:
-  - ''
-  resources:
-  - configmaps
-  verbs:
-  - list
-  - get
-  - delete
-
--- HelmRelease: kyverno/kyverno RoleBinding: kyverno/kyverno:remove-configmap

+++ HelmRelease: kyverno/kyverno RoleBinding: kyverno/kyverno:remove-configmap

@@ -1,25 +0,0 @@

----
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: kyverno:remove-configmap
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/component: hooks
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-  annotations:
-    helm.sh/hook: pre-delete
-    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded,hook-failed
-    helm.sh/hook-weight: '0'
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: kyverno:remove-configmap
-  namespace: kyverno
-subjects:
-- kind: ServiceAccount
-  name: kyverno-remove-configmap
-  namespace: kyverno
-
--- HelmRelease: kyverno/kyverno Job: kyverno/kyverno-clean-reports

+++ HelmRelease: kyverno/kyverno Job: kyverno/kyverno-clean-reports

@@ -1,54 +0,0 @@

----
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: kyverno-clean-reports
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/component: hooks
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-  annotations:
-    helm.sh/hook: post-upgrade
-    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded,hook-failed
-spec:
-  backoffLimit: 2
-  template:
-    metadata: null
-    spec:
-      serviceAccount: kyverno-admission-controller
-      restartPolicy: Never
-      containers:
-      - name: kubectl
-        image: bitnami/kubectl:1.28.5
-        imagePullPolicy: null
-        command:
-        - /bin/bash
-        - -c
-        - "set -euo pipefail\nNAMESPACES=$(kubectl get namespaces --no-headers=true\
-          \ | awk '{print $1}')\n\nfor ns in ${NAMESPACES[@]};\ndo\n  COUNT=$(kubectl\
-          \ get policyreports.wgpolicyk8s.io -n $ns --no-headers=true | awk '/pol/{print\
-          \ $1}' | wc -l)\n\n  if [ $COUNT -gt 0 ]; then\n    echo \"deleting $COUNT\
-          \ policyreports in namespace $ns\"\n    kubectl get policyreports.wgpolicyk8s.io\
-          \ -n $ns --no-headers=true | awk '/pol/{print $1}' | xargs kubectl delete\
-          \ -n $ns policyreports.wgpolicyk8s.io\n  else\n    echo \"no policyreports\
-          \ in namespace $ns\"\n  fi\ndone\n\nCOUNT=$(kubectl get clusterpolicyreports.wgpolicyk8s.io\
-          \ --no-headers=true | awk '/pol/{print $1}' | wc -l)\n  \nif [ $COUNT -gt\
-          \ 0 ]; then\n  echo \"deleting $COUNT clusterpolicyreports\"\n  kubectl\
-          \ get clusterpolicyreports.wgpolicyk8s.io --no-headers=true | awk '/pol/{print\
-          \ $1}' | xargs kubectl delete clusterpolicyreports.wgpolicyk8s.io\nelse\n\
-          \  echo \"no clusterpolicyreports\"\nfi\n"
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          privileged: false
-          readOnlyRootFilesystem: true
-          runAsGroup: 65534
-          runAsNonRoot: true
-          runAsUser: 65534
-          seccompProfile:
-            type: RuntimeDefault
-
--- HelmRelease: kyverno/kyverno Job: kyverno/kyverno-migrate-resources

+++ HelmRelease: kyverno/kyverno Job: kyverno/kyverno-migrate-resources

@@ -1,63 +0,0 @@

----
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: kyverno-migrate-resources
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/component: hooks
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-  annotations:
-    helm.sh/hook: post-upgrade
-    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded,hook-failed
-    helm.sh/hook-weight: '200'
-spec:
-  backoffLimit: 2
-  template:
-    metadata: null
-    spec:
-      serviceAccount: kyverno-migrate-resources
-      restartPolicy: Never
-      containers:
-      - name: kubectl
-        image: ghcr.io/kyverno/kyverno-cli:v1.12.5
-        imagePullPolicy: IfNotPresent
-        args:
-        - migrate
-        - --resource
-        - admissionreports.kyverno.io
-        - --resource
-        - backgroundscanreports.kyverno.io
-        - --resource
-        - cleanuppolicies.kyverno.io
-        - --resource
-        - clusteradmissionreports.kyverno.io
-        - --resource
-        - clusterbackgroundscanreports.kyverno.io
-        - --resource
-        - clustercleanuppolicies.kyverno.io
-        - --resource
-        - clusterpolicies.kyverno.io
-        - --resource
-        - globalcontextentries.kyverno.io
-        - --resource
-        - policies.kyverno.io
-        - --resource
-        - policyexceptions.kyverno.io
-        - --resource
-        - updaterequests.kyverno.io
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          privileged: false
-          readOnlyRootFilesystem: true
-          runAsGroup: 65534
-          runAsNonRoot: true
-          runAsUser: 65534
-          seccompProfile:
-            type: RuntimeDefault
-
--- HelmRelease: kyverno/kyverno Job: kyverno/kyverno-remove-configmap

+++ HelmRelease: kyverno/kyverno Job: kyverno/kyverno-remove-configmap

@@ -1,45 +0,0 @@

----
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: kyverno-remove-configmap
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/component: hooks
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-  annotations:
-    helm.sh/hook: pre-delete
-    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded,hook-failed
-    helm.sh/hook-weight: '10'
-spec:
-  backoffLimit: 2
-  template:
-    metadata: null
-    spec:
-      serviceAccount: kyverno-remove-configmap
-      restartPolicy: Never
-      containers:
-      - name: kubectl
-        image: bitnami/kubectl:1.28.5
-        imagePullPolicy: null
-        command:
-        - /bin/bash
-        - -c
-        - |-
-          set -euo pipefail
-          kubectl delete cm -n kyverno kyverno
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          privileged: false
-          readOnlyRootFilesystem: true
-          runAsGroup: 65534
-          runAsNonRoot: true
-          runAsUser: 65534
-          seccompProfile:
-            type: RuntimeDefault
-
--- HelmRelease: kyverno/kyverno Job: kyverno/kyverno-scale-to-zero

+++ HelmRelease: kyverno/kyverno Job: kyverno/kyverno-scale-to-zero

@@ -1,48 +0,0 @@

----
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: kyverno-scale-to-zero
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/component: hooks
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: kyverno
-  annotations:
-    helm.sh/hook: pre-delete
-    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded,hook-failed
-    helm.sh/hook-weight: '100'
-spec:
-  backoffLimit: 2
-  template:
-    metadata: null
-    spec:
-      serviceAccount: kyverno-admission-controller
-      restartPolicy: Never
-      containers:
-      - name: kubectl
-        image: bitnami/kubectl:1.28.5
-        imagePullPolicy: null
-        command:
-        - /bin/bash
-        - -c
-        - |-
-          set -euo pipefail
-          kubectl scale -n kyverno deployment -l app.kubernetes.io/part-of=kyverno --replicas=0
-          sleep 30
-          kubectl delete validatingwebhookconfiguration -l webhook.kyverno.io/managed-by=kyverno
-          kubectl delete mutatingwebhookconfiguration -l webhook.kyverno.io/managed-by=kyverno
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          privileged: false
-          readOnlyRootFilesystem: true
-          runAsGroup: 65534
-          runAsNonRoot: true
-          runAsUser: 65534
-          seccompProfile:
-            type: RuntimeDefault
-