Update README.md and CLUSTER-BUILD.md to enhance documentation for Vault Kubernetes auth and ClusterSecretStore integration. Add one-shot configuration instructions for Kubernetes auth in README.md, and update CLUSTER-BUILD.md to reflect the current state of the Talos cluster, including new components like Headlamp and Renovate, along with their deployment details and next steps.
This commit is contained in:
Nikholas Pcenicni
16
clusters/noble/apps/kyverno/policies-values.yaml
Normal file
16
clusters/noble/apps/kyverno/policies-values.yaml
Normal file
@@ -0,0 +1,16 @@
|
||||
# kyverno/kyverno-policies — Pod Security Standards as Kyverno ClusterPolicies
|
||||
#
|
||||
# helm upgrade --install kyverno-policies kyverno/kyverno-policies -n kyverno \
|
||||
# --version 3.7.1 -f clusters/noble/apps/kyverno/policies-values.yaml --wait --timeout 10m
|
||||
#
|
||||
# Default profile is baseline; validationFailureAction is Audit so existing privileged
|
||||
# workloads (monitoring, longhorn, etc.) are reported, not blocked. Tighten per policy or
|
||||
# namespace when ready (see README).
|
||||
#
|
||||
policyKind: ClusterPolicy
|
||||
policyType: ClusterPolicy
|
||||
podSecurityStandard: baseline
|
||||
podSecuritySeverity: medium
|
||||
validationFailureAction: Audit
|
||||
failurePolicy: Fail
|
||||
validationAllowExistingViolations: true
|
||||
Reference in New Issue
Block a user