claude/k8s-apps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
k8s-apps/argocd-apps/kyverno-policies.yaml
root 4188d1dd6f
All checks were successful
AI Review / AI Code Review (pull_request) Successful in 1s
Details
PR Checks / Validate & Security Scan (pull_request) Successful in 7s
Details
feat: add Kyverno admission controller + cosign image verification 
- Deploy Kyverno v1.13.4 (chart 3.3.4) via ArgoCD Helm chart
- Add ClusterPolicy to verify cosign signatures on registry images (Audit mode)
- Add NetworkPolicy for kyverno namespace (default-deny + selective allow)
- Extend keycloak-secrets-manager RBAC to kyverno namespace for cosign key sync
- ArgoCD Application for kyverno-policies directory
2026-02-18 06:06:07 +01:00

22 lines
486 B
YAML
Raw Permalink Blame History

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: kyverno-policies
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: http://10.10.10.1:3000/claude/k8s-apps.git
targetRevision: main
path: apps/kyverno-policies
destination:
server: https://kubernetes.default.svc
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=false
Reference in New Issue View Git Blame Copy Permalink