-
Notifications
You must be signed in to change notification settings - Fork 0
/
argocd-appset-kyverno-pss.yaml
46 lines (46 loc) · 1.2 KB
/
argocd-appset-kyverno-pss.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: kyverno-policies
namespace: argocd
spec:
generators:
- clusters:
selector:
matchLabels:
clusterType: spoke
template:
metadata:
name: '{{name}}-kyverno-policies'
annotations:
argocd.argoproj.io/sync-wave: "-1"
spec:
project: "default"
source:
repoURL: https://github.com/kyverno/kyverno
targetRevision: release-1.11 # TODO: need a way to set and control this
path: charts/kyverno-policies
helm:
releaseName: "{{name}}-kyverno-policies"
# TODO: figure out how to make it configurable
parameters:
- name: "podSecurityStandard"
value: restricted
- name: "validationFailureAction"
value: Enforce
- name: "podSecuritySeverity"
value: High
destination:
server: '{{server}}'
namespace: kyverno
syncPolicy:
syncOptions:
- Replace=true
automated:
selfHeal: true
retry:
limit: 30
backoff:
duration: 5s
factor: 2
maxDuration: 3m0s