From 7fc1cef44284caa624e30c22c9d0973ecd080a16 Mon Sep 17 00:00:00 2001 From: Morten Olsen Date: Thu, 4 Dec 2025 08:01:16 +0100 Subject: [PATCH] feat: add kyverno --- .yamllint | 16 +++++++++++++ foundation/charts/certs/Chart.yaml | 3 +++ .../certs/templates/cluster-issuer.yaml | 16 +++++++++++++ foundation/charts/certs/values.yaml | 2 ++ .../charts/monitor/templates/kyverno.yaml | 23 +++++++++++++++++++ .../templates/{app.yaml => trivy.yaml} | 0 6 files changed, 60 insertions(+) create mode 100644 .yamllint create mode 100644 foundation/charts/certs/Chart.yaml create mode 100644 foundation/charts/certs/templates/cluster-issuer.yaml create mode 100644 foundation/charts/certs/values.yaml create mode 100644 foundation/charts/monitor/templates/kyverno.yaml rename foundation/charts/monitor/templates/{app.yaml => trivy.yaml} (100%) diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..be5eee3 --- /dev/null +++ b/.yamllint @@ -0,0 +1,16 @@ +--- +extends: default + +rules: + line-length: + max: 120 + level: warning + indentation: + spaces: 2 + indent-sequences: true + comments: + min-spaces-from-content: 1 + document-start: disable + truthy: + allowed-values: ['true', 'false', 'on', 'off'] + diff --git a/foundation/charts/certs/Chart.yaml b/foundation/charts/certs/Chart.yaml new file mode 100644 index 0000000..2abce17 --- /dev/null +++ b/foundation/charts/certs/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +version: 1.0.0 +name: certs diff --git a/foundation/charts/certs/templates/cluster-issuer.yaml b/foundation/charts/certs/templates/cluster-issuer.yaml new file mode 100644 index 0000000..052d094 --- /dev/null +++ b/foundation/charts/certs/templates/cluster-issuer.yaml @@ -0,0 +1,16 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: cloudflare-dns +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + email: admin@demo.olsen.cloud + privateKeySecretRef: + name: cloudflare-dns-issuer-key + solvers: + - dns01: + cloudflare: + apiTokenSecretRef: + name: cloudflare-api-token + key: api-token diff --git a/foundation/charts/certs/values.yaml b/foundation/charts/certs/values.yaml new file mode 100644 index 0000000..41abe5a --- /dev/null +++ b/foundation/charts/certs/values.yaml @@ -0,0 +1,2 @@ +globals: + timezone: Europe/Amsterdam \ No newline at end of file diff --git a/foundation/charts/monitor/templates/kyverno.yaml b/foundation/charts/monitor/templates/kyverno.yaml new file mode 100644 index 0000000..68fe277 --- /dev/null +++ b/foundation/charts/monitor/templates/kyverno.yaml @@ -0,0 +1,23 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: kyverno-operator + namespace: argocd +spec: + project: foundation + source: + repoURL: https://kyverno.github.io/kyverno + targetRevision: 3.1.0 + chart: kyverno + helm: + releaseName: kyverno + destination: + server: https://kubernetes.default.svc + namespace: foundation + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + - ServerSideApply=true diff --git a/foundation/charts/monitor/templates/app.yaml b/foundation/charts/monitor/templates/trivy.yaml similarity index 100% rename from foundation/charts/monitor/templates/app.yaml rename to foundation/charts/monitor/templates/trivy.yaml