To maintain the Kyverno package, you should follow this steps.
helm repo add kyverno https://kyverno.github.io/kyverno/
helm repo update
helm search repo kyverno/kyverno # get the latest chart version
helm pull kyverno/kyverno --version 3.2.7 --untar --untardir /tmpNote: if the templating gives some error, change
kubeVersion:on the /tmp/kyverno/Chart.yaml.
helm template kyverno /tmp/kyverno --values MAINTENANCE.values.yaml --namespace kyverno > built-kyverno.yaml
helm template kyverno /tmp/kyverno --values MAINTENANCE.values.yaml --set crds.install=true --namespace kyverno | yq 'select(.kind == "CustomResourceDefinition")' > crds.yaml-
Compare the core/deploy.yaml file with the built-kyverno.yaml to find differences with the current version.
-
Sync the new image to our registry by updating the OPA images.yaml file fury-distribution-container-image-sync repository.
-
Update the
kustomization.yamlfile with the new version in the image tag.
What was changed:
- Removed all the helm hooks from the deploy
- Manually added policies to have a similar ruleset as gatekeeper
- Whitelisted all the
infrafury namespaces in theMAINTENANCE.values.yamlvariable file