gsdavidp/home-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
906c24b1d5faea38540bcdb1102a0667398d3a47
home-server/clusters/noble/apps/kyverno
History
Nikholas Pcenicni d5f38bd766 Update README.md and CLUSTER-BUILD.md to enhance documentation for Vault Kubernetes auth and ClusterSecretStore integration. Add one-shot configuration instructions for Kubernetes auth in README.md, and update CLUSTER-BUILD.md to reflect the current state of the Talos cluster, including new components like Headlamp and Renovate, along with their deployment details and next steps.
2026-03-28 01:41:52 -04:00
..
namespace.yaml
Update README.md and CLUSTER-BUILD.md to enhance documentation for Vault Kubernetes auth and ClusterSecretStore integration. Add one-shot configuration instructions for Kubernetes auth in README.md, and update CLUSTER-BUILD.md to reflect the current state of the Talos cluster, including new components like Headlamp and Renovate, along with their deployment details and next steps.
2026-03-28 01:41:52 -04:00
policies-values.yaml
Update README.md and CLUSTER-BUILD.md to enhance documentation for Vault Kubernetes auth and ClusterSecretStore integration. Add one-shot configuration instructions for Kubernetes auth in README.md, and update CLUSTER-BUILD.md to reflect the current state of the Talos cluster, including new components like Headlamp and Renovate, along with their deployment details and next steps.
2026-03-28 01:41:52 -04:00
README.md
Update README.md and CLUSTER-BUILD.md to enhance documentation for Vault Kubernetes auth and ClusterSecretStore integration. Add one-shot configuration instructions for Kubernetes auth in README.md, and update CLUSTER-BUILD.md to reflect the current state of the Talos cluster, including new components like Headlamp and Renovate, along with their deployment details and next steps.
2026-03-28 01:41:52 -04:00
values.yaml
Update README.md and CLUSTER-BUILD.md to enhance documentation for Vault Kubernetes auth and ClusterSecretStore integration. Add one-shot configuration instructions for Kubernetes auth in README.md, and update CLUSTER-BUILD.md to reflect the current state of the Talos cluster, including new components like Headlamp and Renovate, along with their deployment details and next steps.
2026-03-28 01:41:52 -04:00

README.md

Kyverno (noble)

Admission policies using Kyverno. The main chart installs controllers and CRDs; kyverno-policies installs Pod Security Standard rules matching the baseline profile in Audit mode (violations are visible in policy reports; workloads are not denied).

  • Charts: kyverno/kyverno 3.7.1 (app v1.17.1), kyverno/kyverno-policies 3.7.1
  • Namespace: kyverno

Install

helm repo add kyverno https://kyverno.github.io/kyverno/
helm repo update
kubectl apply -f clusters/noble/apps/kyverno/namespace.yaml
helm upgrade --install kyverno kyverno/kyverno -n kyverno \
  --version 3.7.1 -f clusters/noble/apps/kyverno/values.yaml --wait --timeout 15m
helm upgrade --install kyverno-policies kyverno/kyverno-policies -n kyverno \
  --version 3.7.1 -f clusters/noble/apps/kyverno/policies-values.yaml --wait --timeout 10m

Verify:

kubectl -n kyverno get pods
kubectl get clusterpolicy | head

Notes

  • validationFailureAction: Audit in policies-values.yaml avoids breaking namespaces that need privileged behavior (Longhorn, monitoring node-exporter, etc.). Switch specific policies or namespaces to Enforce when you are ready.
  • To use restricted instead of baseline, change podSecurityStandard in policies-values.yaml and reconcile expectations for host mounts and capabilities.
  • Upgrade: bump --version on both charts together; read Kyverno release notes for breaking changes.
Reference in New Issue View Git Blame Copy Permalink