Make Helm chart policies consistent

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

charts/kyverno/templates/clusterrole.yaml

@@ -194,4 +194,4 @@ rules:
   - reportchangerequests
   - clusterreportchangerequests
   verbs:
-  - "*"
+  - "*"

charts/kyverno/templates/policies/default/disallow-adding-capabilities.yaml

@@ -1,4 +1,4 @@
-{{ $name := "disallow-add-capabilities" -}}
+{{- $name := "disallow-add-capabilities" }}
 {{- if eq (include "kyverno.podSecurityDefault" (merge (dict "name" $name) .)) "true" }}
 apiVersion: kyverno.io/v1
 kind: ClusterPolicy
@@ -36,4 +36,4 @@ spec:
           - =(securityContext):
               =(capabilities):
                 X(add): null
-{{- end -}}
+{{- end -}}

charts/kyverno/templates/policies/default/disallow-host-namespaces.yaml

@@ -1,4 +1,4 @@
-{{ $name := "disallow-host-namespaces" -}}
+{{- $name := "disallow-host-namespaces" }}
 {{- if eq (include "kyverno.podSecurityDefault" (merge (dict "name" $name) .)) "true" }}
 apiVersion: kyverno.io/v1
 kind: ClusterPolicy

charts/kyverno/templates/policies/default/disallow-host-path.yaml

@@ -1,4 +1,4 @@
-{{ $name := "disallow-host-path" -}}
+{{- $name := "disallow-host-path" }}
 {{- if eq (include "kyverno.podSecurityDefault" (merge (dict "name" $name) .)) "true" }}
 apiVersion: kyverno.io/v1
 kind: ClusterPolicy

charts/kyverno/templates/policies/default/restrict-apparmor-profiles.yaml

@@ -1,4 +1,4 @@
-{{ $name := "restrict-apparmor-profiles" -}}
+{{- $name := "restrict-apparmor-profiles" }}
 {{- if eq (include "kyverno.podSecurityDefault" (merge (dict "name" $name) .)) "true" }}
 apiVersion: kyverno.io/v1
 kind: ClusterPolicy

charts/kyverno/templates/policies/default/restrict-sysctls.yaml

@@ -1,4 +1,4 @@
-{{ $name := "restrict-sysctls" -}}
+{{- $name := "restrict-sysctls" }}
 {{- if eq (include "kyverno.podSecurityDefault" (merge (dict "name" $name) .)) "true" }}
 apiVersion: kyverno.io/v1
 kind: ClusterPolicy

charts/kyverno/templates/policies/restricted/deny-privilege-escalation.yaml

@@ -1,4 +1,4 @@
-{{ $name := "deny-privilege-escalation" -}}
+{{- $name := "deny-privilege-escalation" }}
 {{- if eq (include "kyverno.podSecurityRestricted" (merge (dict "name" $name) .)) "true" }}
 apiVersion: kyverno.io/v1
 kind: ClusterPolicy

charts/kyverno/templates/policies/restricted/require-non-root-groups.yaml

@@ -1,4 +1,4 @@
-{{ $name := "require-non-root-groups" -}}
+{{- $name := "require-non-root-groups" }}
 {{- if eq (include "kyverno.podSecurityRestricted" (merge (dict "name" $name) .)) "true" }}
 apiVersion: kyverno.io/v1
 kind: ClusterPolicy

charts/kyverno/templates/policies/restricted/require-run-as-nonroot.yaml

@@ -1,4 +1,4 @@
-{{ $name := "require-run-as-non-root" -}}
+{{- $name := "require-run-as-non-root" }}
 {{- if eq (include "kyverno.podSecurityRestricted" (merge (dict "name" $name) .)) "true" }}
 apiVersion: kyverno.io/v1
 kind: ClusterPolicy

charts/kyverno/templates/policies/restricted/restrict-seccomp.yaml

@@ -1,4 +1,4 @@
-{{ $name := "restrict-seccomp" -}}
+{{- $name := "restrict-seccomp" }}
 {{- if eq (include "kyverno.podSecurityRestricted" (merge (dict "name" $name) .)) "true" }}
 apiVersion: kyverno.io/v1
 kind: ClusterPolicy

charts/kyverno/templates/policies/restricted/restrict-volume-types.yaml

@@ -1,4 +1,4 @@
-{{ $name := "restrict-volume-types" -}}
+{{- $name := "restrict-volume-types" }}
 {{- if eq (include "kyverno.podSecurityRestricted" (merge (dict "name" $name) .)) "true" }}
 apiVersion: kyverno.io/v1
 kind: ClusterPolicy