Kyverno v1.12.0 (#92)

* Created Kyverno Pack * added kyvernon policies pack * updated dependicies to include edge * removed constraints * removed policies pack * updated images * feat: add k8gb pack Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com> * Add oam-app-controller 0.0.3. Signed-off-by: Matt Welke <matt.welke@spectrocloud.com> * chore: add coredns chart ref * fix version typo/mismatch 0.4.0 to 0.40.0 (#83) Co-authored-by: Vishwanath S <vishwanaths@spectrocloud.com> * Add crane pull to validation github action to confirm image is proper… (#85) * Add crane pull to validation github action to confirm image is proper and available * Add crane installation * Remove duplicate line to provide execute permission to yq --------- Co-authored-by: Vishwanath S <vishwanaths@spectrocloud.com> * Adding Ceph CSI rbd pack as both CSI and Addon layers * fixing chart version under pack.content.charts on both packs * feat: add hello-universe 1.1.3 pack DOC-1273 (#89) * feat: add hello-universe 1.1.3 pack DOC-1273 * feat: add tolerations section DOC-1273 * docs: add Upgrade section to the readme DOC-1273 * remove required from useTolerations --------- Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com> Signed-off-by: Matt Welke <matt.welke@spectrocloud.com> Co-authored-by: Tyler Gillson <tyler.gillson@gmail.com> Co-authored-by: Matt Welke <matt.welke@spectrocloud.com> Co-authored-by: Pedro Oliveira <22790804+JPedro2@users.noreply.github.com> Co-authored-by: Vishwanath S <vishwanaths@spectrocloud.com> Co-authored-by: Roshani Rathi <42164609+roshanirathi@users.noreply.github.com> Co-authored-by: Adelina Simion <43963729+addetz@users.noreply.github.com>
spectrocloud · Aug 18, 2024 · 6d7e986 · 6d7e986
1 parent 184e4bb
commit 6d7e986
Show file tree

Hide file tree

Showing 7 changed files with 2,229 additions and 0 deletions.
diff --git a/packs/kyverno-1.12.2/README.md b/packs/kyverno-1.12.2/README.md
@@ -0,0 +1,45 @@
+# Kyverno
+
+Kyverno (Greek for “govern”) is a policy engine designed specifically for Kubernetes. Some of its many features include:
+
+    policies as Kubernetes resources (no new language to learn!)
+    validate, mutate, generate, or cleanup (remove) any resource
+    verify container images for software supply chain security
+    inspect image metadata
+    match resources using label selectors and wildcards
+    validate and mutate using overlays (like Kustomize!)
+    synchronize configurations across Namespaces
+    block non-conformant resources using admission controls, or report policy violations
+    self-service reports (no proprietary audit log!)
+    self-service policy exceptions
+    test policies and validate resources using the Kyverno CLI, in your CI/CD pipeline, before applying to your cluster
+    manage policies as code using familiar tools like git and kustomize
+
+Kyverno allows cluster administrators to manage environment specific configurations independently of workload configurations and enforce configuration best practices for their clusters. Kyverno can be used to scan existing workloads for best practices, or can be used to enforce best practices by blocking or mutating API requests.our applications, APIs, or other resources while also offloading network ingress and middleware execution to ngrok's platform.
+
+## Prerequisites
+
+- kubernetes version >= 1.26.0
+
+## Usage
+To use the Kyverno pack, first create a new [add-on cluster profile](https://docs.spectrocloud.com/profiles/cluster-profiles/create-cluster-profiles/create-addon-profile/), search for the **kyverno** Kyverno  pack:
+
+
+A Kyverno policy is a collection of rules. Each rule consists of a [`match`](https://kyverno.io/docs/writing-policies/match-exclude/) declaration, an optional [`exclude`](https://kyverno.io/docs/writing-policies/match-exclude/) declaration, and one of a [`validate`](https://kyverno.io/docs/writing-policies/validate/), [`mutate`](https://kyverno.io/docs/writing-policies/mutate/), [`generate`](https://kyverno.io/docs/writing-policies/generate/), or [`verifyImages`](https://kyverno.io/docs/writing-policies/verify-images) declaration. Each rule can contain only a single `validate`, `mutate`, `generate`, or `verifyImages` child declaration.
+
+<img src="https://kyverno.io/images/Kyverno-Policy-Structure.png" alt="Kyverno Policy" width="65%"/>
+<br/>
+<br/>
+
+Policies can be defined as cluster-wide resources (using the kind `ClusterPolicy`) or namespaced resources (using the kind `Policy`). As expected, namespaced policies will only apply to resources within the namespace in which they are defined while cluster-wide policies are applied to matching resources across all namespaces. Otherwise, there is no difference between the two types.
+
+Additional policy types include [Policy Exceptions](https://kyverno.io/docs/writing-policies/exceptions/) and [Cleanup Policies](https://kyverno.io/docs/writing-policies/cleanup/) which are separate resources and described further in the documentation.
+
+Learn more about [Applying Policies](https://kyverno.io/docs/applying-policies/) and [Writing Policies](https://kyverno.io/docs/writing-policies/) in the upcoming chapters.
+
+
+## References
+
+- [Kyverno Docs](https://kyverno.io/docs/introduction/)
+- [Kyverno](https://kyverno.io/)
+- [Kyverno Github](https://github.com/kyverno/kyverno/)
diff --git a/packs/kyverno-1.12.2/charts/kyverno-3.2.3.tgz b/packs/kyverno-1.12.2/charts/kyverno-3.2.3.tgz
diff --git a/packs/kyverno-1.12.2/logo.png b/packs/kyverno-1.12.2/logo.png
diff --git a/packs/kyverno-1.12.2/pack.json b/packs/kyverno-1.12.2/pack.json
@@ -0,0 +1,18 @@
+{
+    "addonType": "system app",
+    "annotations": {
+      "source": "community",
+      "contributor" : "spectrocloud"
+    },    
+    "cloudTypes": [
+      "all"
+    ],
+    "displayName": "Kyverno",
+    "charts": [
+      "charts/kyverno-3.2.3.tgz"
+    ],
+    "layer":"addon",
+    "name": "kyverno",
+    "version": "1.12.2"
+  }
+
diff --git a/packs/kyverno-1.12.2/presets.yaml b/packs/kyverno-1.12.2/presets.yaml
diff --git a/packs/kyverno-1.12.2/schema.yaml b/packs/kyverno-1.12.2/schema.yaml