feat: add kyverno

.yamllint

@@ -0,0 +1,16 @@
+---
+extends: default
+
+rules:
+  line-length:
+    max: 120
+    level: warning
+  indentation:
+    spaces: 2
+    indent-sequences: true
+  comments:
+    min-spaces-from-content: 1
+  document-start: disable
+  truthy:
+    allowed-values: ['true', 'false', 'on', 'off']
+

foundation/charts/certs/Chart.yaml

@@ -0,0 +1,3 @@
+apiVersion: v2
+version: 1.0.0
+name: certs

foundation/charts/certs/templates/cluster-issuer.yaml

@@ -0,0 +1,16 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: cloudflare-dns
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: admin@demo.olsen.cloud
+    privateKeySecretRef:
+      name: cloudflare-dns-issuer-key
+    solvers:
+      - dns01:
+          cloudflare:
+            apiTokenSecretRef:
+              name: cloudflare-api-token
+              key: api-token

foundation/charts/certs/values.yaml

@@ -0,0 +1,2 @@
+globals:
+  timezone: Europe/Amsterdam

foundation/charts/monitor/templates/kyverno.yaml

@@ -0,0 +1,23 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: kyverno-operator
+  namespace: argocd
+spec:
+  project: foundation
+  source:
+    repoURL: https://kyverno.github.io/kyverno
+    targetRevision: 3.1.0
+    chart: kyverno
+    helm:
+      releaseName: kyverno
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: foundation
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true