diff --git a/apps.yaml b/apps.yaml index 1f731db106..24105f523a 100644 --- a/apps.yaml +++ b/apps.yaml @@ -195,7 +195,7 @@ appsInfo: isAlpha: true kyverno: title: Kyverno - appVersion: 1.15.1 + appVersion: 1.15.2 repo: https://github.com/kyverno/kyverno maintainers: Nirmata relatedLinks: diff --git a/chart/chart-index/Chart.yaml b/chart/chart-index/Chart.yaml index 4f8515c66a..e7558d62d4 100644 --- a/chart/chart-index/Chart.yaml +++ b/chart/chart-index/Chart.yaml @@ -80,7 +80,7 @@ dependencies: version: 4.6.0 repository: https://kubereboot.github.io/charts - name: kyverno - version: 3.5.1 + version: 3.5.2 repository: https://kyverno.github.io/kyverno/ - name: loki-distributed alias: loki diff --git a/charts/kyverno/Chart.lock b/charts/kyverno/Chart.lock index dbf4911718..918b3d4afb 100644 --- a/charts/kyverno/Chart.lock +++ b/charts/kyverno/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: grafana repository: "" - version: 3.5.1 + version: 3.5.2 - name: crds repository: "" - version: 3.5.1 + version: 3.5.2 - name: openreports repository: https://openreports.github.io/reports-api version: 0.1.0 -digest: sha256:eecf40518d51d61fed07b15ac41048751d4901be67eec05b1f25849c1b956c39 -generated: "2025-08-15T11:08:07.060929+08:00" +digest: sha256:dbf2f3168b202171820ff75ebc672ad3bebf9fb2b6b4eeb50defd40e5dcfddb7 +generated: "2025-09-18T00:07:30.923959+08:00" diff --git a/charts/kyverno/Chart.yaml b/charts/kyverno/Chart.yaml index 7932b9b68f..c9ca64b51e 100644 --- a/charts/kyverno/Chart.yaml +++ b/charts/kyverno/Chart.yaml @@ -14,17 +14,17 @@ annotations: artifacthub.io/operator: "false" artifacthub.io/prerelease: "false" apiVersion: v2 -appVersion: v1.15.1 +appVersion: v1.15.2 dependencies: - condition: grafana.enabled name: grafana repository: "" - version: 3.5.1 + version: 3.5.2 - condition: crds.install name: crds repository: "" - version: 3.5.1 -- condition: openreports.enabled + version: 3.5.2 +- condition: openreports.installCrds name: openreports repository: https://openreports.github.io/reports-api version: 0.1.0 @@ -52,4 +52,4 @@ name: kyverno sources: - https://github.com/kyverno/kyverno type: application -version: 3.5.1 +version: 3.5.2 diff --git a/charts/kyverno/README.md b/charts/kyverno/README.md index 3d4cebf8ec..5fe8b02cfe 100644 --- a/charts/kyverno/README.md +++ b/charts/kyverno/README.md @@ -2,7 +2,7 @@ Kubernetes Native Policy Management -![Version: 3.5.1](https://img.shields.io/badge/Version-3.5.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.15.1](https://img.shields.io/badge/AppVersion-v1.15.1-informational?style=flat-square) +![Version: 3.5.2](https://img.shields.io/badge/Version-3.5.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.15.2](https://img.shields.io/badge/AppVersion-v1.15.2-informational?style=flat-square) ## About @@ -758,8 +758,8 @@ The chart values are organised per component. | webhooksCleanup.autoDeleteWebhooks.enabled | bool | `false` | Allow webhooks controller to delete webhooks using finalizers | | webhooksCleanup.enabled | bool | `true` | Create a helm pre-delete hook to cleanup webhooks. | | webhooksCleanup.image.pullPolicy | string | `nil` | Image pull policy Defaults to image.pullPolicy if omitted | -| webhooksCleanup.image.registry | string | `nil` | Image registry | -| webhooksCleanup.image.repository | string | `"registry.k8s.io/kubectl"` | Image repository | +| webhooksCleanup.image.registry | string | `"registry.k8s.io"` | Image registry | +| webhooksCleanup.image.repository | string | `"kubectl"` | Image repository | | webhooksCleanup.image.tag | string | `"v1.32.7"` | Image tag Defaults to `latest` if omitted | | webhooksCleanup.imagePullSecrets | list | `[]` | Image pull secrets | | webhooksCleanup.nodeAffinity | object | `{}` | Node affinity constraints. | @@ -817,7 +817,8 @@ The chart values are organised per component. | imagePullSecrets | object | `{}` | Image pull secrets for image verification policies, this will define the `--imagePullSecrets` argument | | nameOverride | string | `nil` | Override the name of the chart | | namespaceOverride | string | `nil` | Override the namespace the chart deploys to | -| openreports.enabled | bool | `false` | | +| openreports.enabled | bool | `false` | Enable OpenReports feature in controllers | +| openreports.installCrds | bool | `false` | Whether to install CRDs from the upstream OpenReports chart. Setting this to true requires enabled to also be true. | | rbac.roles.aggregate | object | `{"admin":true,"view":true}` | Aggregate ClusterRoles to Kubernetes default user-facing roles. For more information, see [User-facing roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) | | upgrade.fromV2 | bool | `false` | Upgrading from v2 to v3 is not allowed by default, set this to true once changes have been reviewed. | @@ -880,8 +881,8 @@ Kubernetes: `>=1.25.0-0` | Repository | Name | Version | |------------|------|---------| -| | crds | 3.5.1 | -| | grafana | 3.5.1 | +| | crds | 3.5.2 | +| | grafana | 3.5.2 | | https://openreports.github.io/reports-api | openreports | 0.1.0 | ## Maintainers diff --git a/charts/kyverno/charts/crds/Chart.yaml b/charts/kyverno/charts/crds/Chart.yaml index ef360e93c6..6765feb329 100644 --- a/charts/kyverno/charts/crds/Chart.yaml +++ b/charts/kyverno/charts/crds/Chart.yaml @@ -1,4 +1,4 @@ apiVersion: v2 description: Kyverno Custom Resource Definitions name: crds -version: 3.5.1 +version: 3.5.2 diff --git a/charts/kyverno/charts/crds/README.md b/charts/kyverno/charts/crds/README.md index 3fce191bba..1ff40515df 100644 --- a/charts/kyverno/charts/crds/README.md +++ b/charts/kyverno/charts/crds/README.md @@ -1,6 +1,6 @@ # crds -![Version: 3.5.1](https://img.shields.io/badge/Version-3.5.1-informational?style=flat-square) +![Version: 3.5.2](https://img.shields.io/badge/Version-3.5.2-informational?style=flat-square) Kyverno Custom Resource Definitions diff --git a/charts/kyverno/charts/grafana/Chart.yaml b/charts/kyverno/charts/grafana/Chart.yaml index 3ddd402d01..95416cf931 100644 --- a/charts/kyverno/charts/grafana/Chart.yaml +++ b/charts/kyverno/charts/grafana/Chart.yaml @@ -1,4 +1,4 @@ apiVersion: v2 description: Grafana dashboards for Kyverno name: grafana -version: 3.5.1 +version: 3.5.2 diff --git a/charts/kyverno/charts/grafana/README.md b/charts/kyverno/charts/grafana/README.md index b21673fe2e..89cffcc8cf 100644 --- a/charts/kyverno/charts/grafana/README.md +++ b/charts/kyverno/charts/grafana/README.md @@ -1,6 +1,6 @@ # grafana -![Version: 3.5.1](https://img.shields.io/badge/Version-3.5.1-informational?style=flat-square) +![Version: 3.5.2](https://img.shields.io/badge/Version-3.5.2-informational?style=flat-square) Grafana dashboards for Kyverno diff --git a/charts/kyverno/crds/kyverno.io/kyverno.io_cleanuppolicies.yaml b/charts/kyverno/crds/kyverno.io/kyverno.io_cleanuppolicies.yaml index 8ee68bfe13..b777967f76 100644 --- a/charts/kyverno/crds/kyverno.io/kyverno.io_cleanuppolicies.yaml +++ b/charts/kyverno/crds/kyverno.io/kyverno.io_cleanuppolicies.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/instance: release-name app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: release-name-crds - app.kubernetes.io/version: 3.5.1 - helm.sh/chart: crds-3.5.1 + app.kubernetes.io/version: 3.5.2 + helm.sh/chart: crds-3.5.2 annotations: controller-gen.kubebuilder.io/version: v0.17.3 name: cleanuppolicies.kyverno.io diff --git a/charts/kyverno/crds/kyverno.io/kyverno.io_clustercleanuppolicies.yaml b/charts/kyverno/crds/kyverno.io/kyverno.io_clustercleanuppolicies.yaml index 46241e105b..048ab601be 100644 --- a/charts/kyverno/crds/kyverno.io/kyverno.io_clustercleanuppolicies.yaml +++ b/charts/kyverno/crds/kyverno.io/kyverno.io_clustercleanuppolicies.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/instance: release-name app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: release-name-crds - app.kubernetes.io/version: 3.5.1 - helm.sh/chart: crds-3.5.1 + app.kubernetes.io/version: 3.5.2 + helm.sh/chart: crds-3.5.2 annotations: controller-gen.kubebuilder.io/version: v0.17.3 name: clustercleanuppolicies.kyverno.io diff --git a/charts/kyverno/crds/kyverno.io/kyverno.io_clusterpolicies.yaml b/charts/kyverno/crds/kyverno.io/kyverno.io_clusterpolicies.yaml index fa823cfd40..4d70229711 100644 --- a/charts/kyverno/crds/kyverno.io/kyverno.io_clusterpolicies.yaml +++ b/charts/kyverno/crds/kyverno.io/kyverno.io_clusterpolicies.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/instance: release-name app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: release-name-crds - app.kubernetes.io/version: 3.5.1 - helm.sh/chart: crds-3.5.1 + app.kubernetes.io/version: 3.5.2 + helm.sh/chart: crds-3.5.2 annotations: controller-gen.kubebuilder.io/version: v0.17.3 name: clusterpolicies.kyverno.io diff --git a/charts/kyverno/crds/kyverno.io/kyverno.io_globalcontextentries.yaml b/charts/kyverno/crds/kyverno.io/kyverno.io_globalcontextentries.yaml index 97dda1848a..86948cb164 100644 --- a/charts/kyverno/crds/kyverno.io/kyverno.io_globalcontextentries.yaml +++ b/charts/kyverno/crds/kyverno.io/kyverno.io_globalcontextentries.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/instance: release-name app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: release-name-crds - app.kubernetes.io/version: 3.5.1 - helm.sh/chart: crds-3.5.1 + app.kubernetes.io/version: 3.5.2 + helm.sh/chart: crds-3.5.2 annotations: controller-gen.kubebuilder.io/version: v0.17.3 name: globalcontextentries.kyverno.io diff --git a/charts/kyverno/crds/kyverno.io/kyverno.io_policies.yaml b/charts/kyverno/crds/kyverno.io/kyverno.io_policies.yaml index 900798816d..8bd3ecff5c 100644 --- a/charts/kyverno/crds/kyverno.io/kyverno.io_policies.yaml +++ b/charts/kyverno/crds/kyverno.io/kyverno.io_policies.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/instance: release-name app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: release-name-crds - app.kubernetes.io/version: 3.5.1 - helm.sh/chart: crds-3.5.1 + app.kubernetes.io/version: 3.5.2 + helm.sh/chart: crds-3.5.2 annotations: controller-gen.kubebuilder.io/version: v0.17.3 name: policies.kyverno.io diff --git a/charts/kyverno/crds/kyverno.io/kyverno.io_policyexceptions.yaml b/charts/kyverno/crds/kyverno.io/kyverno.io_policyexceptions.yaml index 9f446d7f47..6465cd11fa 100644 --- a/charts/kyverno/crds/kyverno.io/kyverno.io_policyexceptions.yaml +++ b/charts/kyverno/crds/kyverno.io/kyverno.io_policyexceptions.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/instance: release-name app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: release-name-crds - app.kubernetes.io/version: 3.5.1 - helm.sh/chart: crds-3.5.1 + app.kubernetes.io/version: 3.5.2 + helm.sh/chart: crds-3.5.2 annotations: controller-gen.kubebuilder.io/version: v0.17.3 name: policyexceptions.kyverno.io diff --git a/charts/kyverno/crds/kyverno.io/kyverno.io_updaterequests.yaml b/charts/kyverno/crds/kyverno.io/kyverno.io_updaterequests.yaml index f8d06e0dd0..7fcf1ac6f8 100644 --- a/charts/kyverno/crds/kyverno.io/kyverno.io_updaterequests.yaml +++ b/charts/kyverno/crds/kyverno.io/kyverno.io_updaterequests.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/instance: release-name app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: release-name-crds - app.kubernetes.io/version: 3.5.1 - helm.sh/chart: crds-3.5.1 + app.kubernetes.io/version: 3.5.2 + helm.sh/chart: crds-3.5.2 annotations: controller-gen.kubebuilder.io/version: v0.17.3 name: updaterequests.kyverno.io diff --git a/charts/kyverno/crds/policies.kyverno.io/policies.kyverno.io_deletingpolicies.yaml b/charts/kyverno/crds/policies.kyverno.io/policies.kyverno.io_deletingpolicies.yaml index e87e8a9a86..3d1df985c9 100644 --- a/charts/kyverno/crds/policies.kyverno.io/policies.kyverno.io_deletingpolicies.yaml +++ b/charts/kyverno/crds/policies.kyverno.io/policies.kyverno.io_deletingpolicies.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/instance: release-name app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: release-name-crds - app.kubernetes.io/version: 3.5.1 - helm.sh/chart: crds-3.5.1 + app.kubernetes.io/version: 3.5.2 + helm.sh/chart: crds-3.5.2 annotations: controller-gen.kubebuilder.io/version: v0.17.3 name: deletingpolicies.policies.kyverno.io diff --git a/charts/kyverno/crds/policies.kyverno.io/policies.kyverno.io_generatingpolicies.yaml b/charts/kyverno/crds/policies.kyverno.io/policies.kyverno.io_generatingpolicies.yaml index 5c94c73a66..6bad7e4395 100644 --- a/charts/kyverno/crds/policies.kyverno.io/policies.kyverno.io_generatingpolicies.yaml +++ b/charts/kyverno/crds/policies.kyverno.io/policies.kyverno.io_generatingpolicies.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/instance: release-name app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: release-name-crds - app.kubernetes.io/version: 3.5.1 - helm.sh/chart: crds-3.5.1 + app.kubernetes.io/version: 3.5.2 + helm.sh/chart: crds-3.5.2 annotations: controller-gen.kubebuilder.io/version: v0.17.3 name: generatingpolicies.policies.kyverno.io diff --git a/charts/kyverno/crds/policies.kyverno.io/policies.kyverno.io_imagevalidatingpolicies.yaml b/charts/kyverno/crds/policies.kyverno.io/policies.kyverno.io_imagevalidatingpolicies.yaml index f9a0e4c603..046b69e313 100644 --- a/charts/kyverno/crds/policies.kyverno.io/policies.kyverno.io_imagevalidatingpolicies.yaml +++ b/charts/kyverno/crds/policies.kyverno.io/policies.kyverno.io_imagevalidatingpolicies.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/instance: release-name app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: release-name-crds - app.kubernetes.io/version: 3.5.1 - helm.sh/chart: crds-3.5.1 + app.kubernetes.io/version: 3.5.2 + helm.sh/chart: crds-3.5.2 annotations: controller-gen.kubebuilder.io/version: v0.17.3 name: imagevalidatingpolicies.policies.kyverno.io diff --git a/charts/kyverno/crds/policies.kyverno.io/policies.kyverno.io_mutatingpolicies.yaml b/charts/kyverno/crds/policies.kyverno.io/policies.kyverno.io_mutatingpolicies.yaml index 231244415f..804b051383 100644 --- a/charts/kyverno/crds/policies.kyverno.io/policies.kyverno.io_mutatingpolicies.yaml +++ b/charts/kyverno/crds/policies.kyverno.io/policies.kyverno.io_mutatingpolicies.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/instance: release-name app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: release-name-crds - app.kubernetes.io/version: 3.5.1 - helm.sh/chart: crds-3.5.1 + app.kubernetes.io/version: 3.5.2 + helm.sh/chart: crds-3.5.2 annotations: controller-gen.kubebuilder.io/version: v0.17.3 name: mutatingpolicies.policies.kyverno.io diff --git a/charts/kyverno/crds/policies.kyverno.io/policies.kyverno.io_policyexceptions.yaml b/charts/kyverno/crds/policies.kyverno.io/policies.kyverno.io_policyexceptions.yaml index b1c06fea85..ad7b2040fb 100644 --- a/charts/kyverno/crds/policies.kyverno.io/policies.kyverno.io_policyexceptions.yaml +++ b/charts/kyverno/crds/policies.kyverno.io/policies.kyverno.io_policyexceptions.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/instance: release-name app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: release-name-crds - app.kubernetes.io/version: 3.5.1 - helm.sh/chart: crds-3.5.1 + app.kubernetes.io/version: 3.5.2 + helm.sh/chart: crds-3.5.2 annotations: controller-gen.kubebuilder.io/version: v0.17.3 name: policyexceptions.policies.kyverno.io diff --git a/charts/kyverno/crds/policies.kyverno.io/policies.kyverno.io_validatingpolicies.yaml b/charts/kyverno/crds/policies.kyverno.io/policies.kyverno.io_validatingpolicies.yaml index 901517329d..cfa2c92f63 100644 --- a/charts/kyverno/crds/policies.kyverno.io/policies.kyverno.io_validatingpolicies.yaml +++ b/charts/kyverno/crds/policies.kyverno.io/policies.kyverno.io_validatingpolicies.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/instance: release-name app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: release-name-crds - app.kubernetes.io/version: 3.5.1 - helm.sh/chart: crds-3.5.1 + app.kubernetes.io/version: 3.5.2 + helm.sh/chart: crds-3.5.2 annotations: controller-gen.kubebuilder.io/version: v0.17.3 name: validatingpolicies.policies.kyverno.io diff --git a/charts/kyverno/crds/reports.kyverno.io/reports.kyverno.io_clusterephemeralreports.yaml b/charts/kyverno/crds/reports.kyverno.io/reports.kyverno.io_clusterephemeralreports.yaml index 3cc5e8e641..22deeb3edb 100644 --- a/charts/kyverno/crds/reports.kyverno.io/reports.kyverno.io_clusterephemeralreports.yaml +++ b/charts/kyverno/crds/reports.kyverno.io/reports.kyverno.io_clusterephemeralreports.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/instance: release-name app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: release-name-crds - app.kubernetes.io/version: 3.5.1 - helm.sh/chart: crds-3.5.1 + app.kubernetes.io/version: 3.5.2 + helm.sh/chart: crds-3.5.2 annotations: controller-gen.kubebuilder.io/version: v0.17.3 name: clusterephemeralreports.reports.kyverno.io diff --git a/charts/kyverno/crds/reports.kyverno.io/reports.kyverno.io_ephemeralreports.yaml b/charts/kyverno/crds/reports.kyverno.io/reports.kyverno.io_ephemeralreports.yaml index 2c16cc5a87..1b83284468 100644 --- a/charts/kyverno/crds/reports.kyverno.io/reports.kyverno.io_ephemeralreports.yaml +++ b/charts/kyverno/crds/reports.kyverno.io/reports.kyverno.io_ephemeralreports.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/instance: release-name app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: release-name-crds - app.kubernetes.io/version: 3.5.1 - helm.sh/chart: crds-3.5.1 + app.kubernetes.io/version: 3.5.2 + helm.sh/chart: crds-3.5.2 annotations: controller-gen.kubebuilder.io/version: v0.17.3 name: ephemeralreports.reports.kyverno.io diff --git a/charts/kyverno/crds/wgpolicyk8s.io/wgpolicyk8s.io_clusterpolicyreports.yaml b/charts/kyverno/crds/wgpolicyk8s.io/wgpolicyk8s.io_clusterpolicyreports.yaml index 69766ee005..4206eda460 100644 --- a/charts/kyverno/crds/wgpolicyk8s.io/wgpolicyk8s.io_clusterpolicyreports.yaml +++ b/charts/kyverno/crds/wgpolicyk8s.io/wgpolicyk8s.io_clusterpolicyreports.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/instance: release-name app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: release-name-crds - app.kubernetes.io/version: 3.5.1 - helm.sh/chart: crds-3.5.1 + app.kubernetes.io/version: 3.5.2 + helm.sh/chart: crds-3.5.2 annotations: controller-gen.kubebuilder.io/version: v0.17.3 name: clusterpolicyreports.wgpolicyk8s.io diff --git a/charts/kyverno/crds/wgpolicyk8s.io/wgpolicyk8s.io_policyreports.yaml b/charts/kyverno/crds/wgpolicyk8s.io/wgpolicyk8s.io_policyreports.yaml index fe15038028..2671bb456e 100644 --- a/charts/kyverno/crds/wgpolicyk8s.io/wgpolicyk8s.io_policyreports.yaml +++ b/charts/kyverno/crds/wgpolicyk8s.io/wgpolicyk8s.io_policyreports.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/instance: release-name app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: release-name-crds - app.kubernetes.io/version: 3.5.1 - helm.sh/chart: crds-3.5.1 + app.kubernetes.io/version: 3.5.2 + helm.sh/chart: crds-3.5.2 annotations: controller-gen.kubebuilder.io/version: v0.17.3 name: policyreports.wgpolicyk8s.io diff --git a/charts/kyverno/templates/NOTES.txt b/charts/kyverno/templates/NOTES.txt index 6eaf1f630c..1f8aa997a1 100644 --- a/charts/kyverno/templates/NOTES.txt +++ b/charts/kyverno/templates/NOTES.txt @@ -35,14 +35,6 @@ The following components have been installed in your cluster: ⚠️ WARNING: Match conditions require a Kubernetes 1.27+ cluster with `AdmissionWebhookMatchConditions` feature gate enabled. {{- end }} -{{- with .Values.features.generateValidatingAdmissionPolicy.enabled }} -⚠️ WARNING: Generating ValidatingAdmissionPolicy requires a Kubernetes 1.27+ cluster with `ValidatingAdmissionPolicy` feature gate and `admissionregistration.k8s.io` API group enabled. -{{- end }} - -{{- with .Values.features.validatingAdmissionPolicyReports.enabled }} -⚠️ WARNING: Generating reports from ValidatingAdmissionPolicies requires a Kubernetes 1.27+ cluster with `ValidatingAdmissionPolicy` feature gate and `admissionregistration.k8s.io` API group enabled. -{{- end }} - {{- with .Values.features.generateMutatingAdmissionPolicy.enabled }} ⚠️ WARNING: Generating MutatingAdmissionPolicy requires a Kubernetes 1.32+ cluster with `MutatingAdmissionPolicy` feature gate and `admissionregistration.k8s.io` API group enabled. {{- end }} diff --git a/charts/kyverno/templates/_helpers.tpl b/charts/kyverno/templates/_helpers.tpl index 64dda27fdb..b3644fb31d 100644 --- a/charts/kyverno/templates/_helpers.tpl +++ b/charts/kyverno/templates/_helpers.tpl @@ -1,5 +1,12 @@ {{/* vim: set filetype=mustache: */}} +{{/* Validate OpenReports configuration */}} +{{- define "kyverno.validateOpenReports" -}} +{{- if and (not .Values.openreports.enabled) .Values.openreports.installCrds -}} +{{- fail "OpenReports CRD installation (openreports.installCrds) cannot be enabled when the feature (openreports.enabled) is disabled" -}} +{{- end -}} +{{- end -}} + {{- define "kyverno.chartVersion" -}} {{- if .Values.templating.enabled -}} {{- required "templating.version is required when templating.enabled is true" .Values.templating.version | replace "+" "_" -}} diff --git a/charts/kyverno/templates/hooks/pre-delete-remove-mutatingwebhookconfiguration.yaml b/charts/kyverno/templates/hooks/pre-delete-remove-mutatingwebhookconfiguration.yaml index fe12a33d46..be4dbf8615 100644 --- a/charts/kyverno/templates/hooks/pre-delete-remove-mutatingwebhookconfiguration.yaml +++ b/charts/kyverno/templates/hooks/pre-delete-remove-mutatingwebhookconfiguration.yaml @@ -4,7 +4,7 @@ apiVersion: batch/v1 kind: Job metadata: - name: {{ template "kyverno.fullname" . }}-remove-mutatingwebhookconfiguration + name: {{ template "kyverno.fullname" . }}-rm-mutatingwhconfig namespace: {{ template "kyverno.namespace" . }} labels: {{- include "kyverno.hooks.labels" . | nindent 4 }} diff --git a/charts/kyverno/templates/hooks/pre-delete-remove-validatingwebhookconfiguration.yaml b/charts/kyverno/templates/hooks/pre-delete-remove-validatingwebhookconfiguration.yaml index d03ce7338a..2b266b06ce 100644 --- a/charts/kyverno/templates/hooks/pre-delete-remove-validatingwebhookconfiguration.yaml +++ b/charts/kyverno/templates/hooks/pre-delete-remove-validatingwebhookconfiguration.yaml @@ -4,7 +4,7 @@ apiVersion: batch/v1 kind: Job metadata: - name: {{ template "kyverno.fullname" . }}-remove-validatingwebhookconfiguration + name: {{ template "kyverno.fullname" . }}-rm-validatingwhconfig namespace: {{ template "kyverno.namespace" . }} labels: {{- include "kyverno.hooks.labels" . | nindent 4 }} diff --git a/charts/kyverno/templates/reports-controller/deployment.yaml b/charts/kyverno/templates/reports-controller/deployment.yaml index 82c80b5c50..5fc7cd623c 100644 --- a/charts/kyverno/templates/reports-controller/deployment.yaml +++ b/charts/kyverno/templates/reports-controller/deployment.yaml @@ -1,4 +1,5 @@ {{- if .Values.reportsController.enabled -}} +{{- include "kyverno.validateOpenReports" . -}} {{- if not .Values.templating.debug -}} {{- $automountSAToken := .Values.reportsController.rbac.serviceAccount.automountServiceAccountToken }} apiVersion: apps/v1 diff --git a/charts/kyverno/templates/validate.yaml b/charts/kyverno/templates/validate.yaml index 7565202f9b..80cc6386b4 100644 --- a/charts/kyverno/templates/validate.yaml +++ b/charts/kyverno/templates/validate.yaml @@ -4,10 +4,10 @@ {{- if and (eq .Values.cleanupController.enabled true) (eq .Values.crds.groups.kyverno.clustercleanuppolicies false) }} {{- fail "CRD clustercleanuppolicies disabled while cleanupController enabled" }} {{- end }} -{{- if and (eq .Values.reportsController.enabled true) (eq .Values.reportsController.sanityChecks true) (eq .Values.crds.groups.wgpolicyk8s.clusterpolicyreports false) (eq .Values.reportsServer.enabled false) }} +{{- if and (eq .Values.reportsController.enabled true) (eq .Values.reportsController.sanityChecks true) (eq .Values.crds.groups.wgpolicyk8s.clusterpolicyreports false) (eq .Values.crds.reportsServer.enabled false) }} {{- fail "CRD clusterpolicyreports disabled while reportsController enabled" }} {{- end }} -{{- if and (eq .Values.reportsController.enabled true) (eq .Values.reportsController.sanityChecks true) (eq .Values.crds.groups.wgpolicyk8s.policyreports false) (eq .Values.reportsServer.enabled false) }} +{{- if and (eq .Values.reportsController.enabled true) (eq .Values.reportsController.sanityChecks true) (eq .Values.crds.groups.wgpolicyk8s.policyreports false) (eq .Values.crds.reportsServer.enabled false) }} {{- fail "CRD policyreports disabled while reportsController enabled" }} {{- end }} {{- if and (eq .Values.reportsController.enabled true) (eq .Values.reportsController.sanityChecks true) (eq .Values.crds.groups.reports.ephemeralreports false) (eq .Values.crds.reportsServer.enabled false) }} diff --git a/charts/kyverno/values.yaml b/charts/kyverno/values.yaml index aaa058aea8..a9ed445b3c 100644 --- a/charts/kyverno/values.yaml +++ b/charts/kyverno/values.yaml @@ -77,7 +77,10 @@ rbac: # Use openreports.io as the API group for reporting openreports: + # -- Enable OpenReports feature in controllers enabled: false + # -- Whether to install CRDs from the upstream OpenReports chart. Setting this to true requires enabled to also be true. + installCrds: false # CRDs configuration crds: @@ -539,9 +542,9 @@ webhooksCleanup: image: # -- (string) Image registry - registry: ~ + registry: registry.k8s.io # -- Image repository - repository: registry.k8s.io/kubectl + repository: kubectl # -- Image tag # Defaults to `latest` if omitted tag: 'v1.32.7' diff --git a/values/kyverno/kyverno.gotmpl b/values/kyverno/kyverno.gotmpl index 8e44cde81a..6a9ab56eaa 100644 --- a/values/kyverno/kyverno.gotmpl +++ b/values/kyverno/kyverno.gotmpl @@ -15,12 +15,7 @@ test: webhooksCleanup: image: registry: "{{- $v.otomi.linodeLkeImageRepository }}/docker" -{{- end }} - -{{- if $v.otomi.linodeLkeImageRepository }} -policyReportsCleanup: - image: - registry: "{{- $v.otomi.linodeLkeImageRepository }}/docker" + image: k8s/kubectl {{- end }} admissionController: