Merge pull request #142 from fluxcd/update-kyverno

Update kyverno to v1.14.4
2025-06-27 10:23:57 +03:00 · 2025-06-27 00:06:52 +00:00 · 2025-06-20 08:10:25 +03:00 · 2025-06-20 00:06:47 +00:00 · 2025-06-04 09:03:55 +01:00 · 2025-06-04 00:06:44 +00:00
7 changed files with 16 additions and 12 deletions
--- a/README.md
+++ b/README.md
@ -180,7 +180,7 @@ flux create kustomization dev-team \
 Create the base `kustomization.yaml` file:
 ```sh
-cd ./tenants/base/dev-team/ && kustomize create --autodetect
+cd ./tenants/base/dev-team/ && kustomize create --autodetect --namespace apps 
 ```
 Create the staging overlay and set the path to the staging dir inside the tenant repository:
@ -199,6 +199,7 @@ EOF
 cat << EOF | tee ./tenants/staging/kustomization.yaml
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: apps
 resources:
  - ../base/dev-team
 patches:
@ -523,7 +524,7 @@ flux -n apps create secret git dev-team-auth \
 Print the SSH public key and add it as a read-only deploy key to the dev-team repository:
 ```sh
-yq eval 'data."identity.pub"' git-auth.yaml | base64 --decode
+yq eval '.stringData."identity.pub"' ./tenants/base/dev-team/auth.yaml
 ```
 ### Git over HTTP/S
--- a/infrastructure/kyverno-policies/verify-flux-images.yaml
+++ b/infrastructure/kyverno-policies/verify-flux-images.yaml
@ -29,6 +29,7 @@ spec:
            - "docker.io/fluxcd/image-reflector-controller:*"
            - "docker.io/fluxcd/image-automation-controller:*"
          mutateDigest: false
          verifyDigest: false
          attestors:
            - entries:
                - keyless:
--- a/infrastructure/kyverno-policies/verify-git-repositories.yaml
+++ b/infrastructure/kyverno-policies/verify-git-repositories.yaml
@ -9,19 +9,18 @@ spec:
  validationFailureAction: Audit # Change to 'Enforce' once the specific org url is set.
  rules:
    - name: github-repositories-only
      exclude:
        resources:
          namespaces:
            - flux-system
      match:
        any:
        - resources:
            kinds:
              - GitRepository
      exclude:
        any:
        - resources:
            namespaces:
              - flux-system
      validate:
        message: ".spec.url must be from a repository within the organisation X"
-        anyPattern:
+        pattern:
-        - spec:
+          spec:
-            url: "https://github.com/fluxcd/?*" # repositories in fluxcd via https
+            url: https://github.com/fluxcd/?* | ssh://git@github.com:fluxcd/?*
        - spec:
            url: "ssh://git@github.com:fluxcd/?*" # repositories in fluxcd via ssh
--- a/infrastructure/kyverno/source.yaml
+++ b/infrastructure/kyverno/source.yaml
@ -8,6 +8,6 @@ spec:
  provider: generic
  url: oci://ghcr.io/kyverno/manifests/kyverno
  ref:
-    tag: "v1.10.2"
+    tag: "v1.14.4"
  verify:
    provider: cosign
--- a/tenants/base/dev-team/kustomization.yaml
+++ b/tenants/base/dev-team/kustomization.yaml
@ -1,5 +1,6 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: apps
 resources:
  - rbac.yaml
  - sync.yaml
--- a/tenants/production/kustomization.yaml
+++ b/tenants/production/kustomization.yaml
@ -1,5 +1,6 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: apps
 resources:
  - ../base/dev-team
 patches:
--- a/tenants/staging/kustomization.yaml
+++ b/tenants/staging/kustomization.yaml
@ -1,5 +1,6 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: apps
 resources:
  - ../base/dev-team
 patches:
Author	SHA1	Message	Date
Stefan Prodan	192da0594c	Merge pull request #142 from fluxcd/update-kyverno Update kyverno to v1.14.4	2025-06-27 10:23:57 +03:00
fluxcdbot	cebc051bc8	Update kyverno to v1.14.4 Signed-off-by: GitHub <noreply@github.com>	2025-06-27 00:06:52 +00:00
Stefan Prodan	e030d9306a	Merge pull request #141 from fluxcd/update-kyverno Update kyverno to v1.14.3	2025-06-20 08:10:25 +03:00
fluxcdbot	c17a9d209a	Update kyverno to v1.14.3 Signed-off-by: GitHub <noreply@github.com>	2025-06-20 00:06:47 +00:00
Stefan Prodan	9d0bb45e40	Merge pull request #140 from fluxcd/update-kyverno Update kyverno to v1.14.2	2025-06-04 09:03:55 +01:00
fluxcdbot	9cecb7e71a	Update kyverno to v1.14.2 Signed-off-by: GitHub <noreply@github.com>	2025-06-04 00:06:44 +00:00
Stefan Prodan	98d0b576b0	Merge pull request #139 from fluxcd/update-kyverno Update kyverno to v1.14.1	2025-05-01 08:51:04 +03:00
fluxcdbot	abc5e6771a	Update kyverno to v1.14.1 Signed-off-by: GitHub <noreply@github.com>	2025-05-01 00:07:20 +00:00
Stefan Prodan	250df0510e	Merge pull request #138 from fluxcd/update-kyverno Update kyverno to v1.14.0	2025-04-26 09:11:24 +03:00
fluxcdbot	e9ab39c150	Update kyverno to v1.14.0 Signed-off-by: GitHub <noreply@github.com>	2025-04-26 00:06:23 +00:00
Stefan Prodan	0804ce8cf0	Merge pull request #137 from fluxcd/update-kyverno Update kyverno to v1.13.4	2025-02-09 11:26:13 +02:00
fluxcdbot	8b4dcbff72	Update kyverno to v1.13.4 Signed-off-by: GitHub <noreply@github.com>	2025-02-09 00:06:30 +00:00
Stefan Prodan	094bc4535b	Merge pull request #136 from ilkimo/main Fix shell command in README	2025-01-15 09:26:49 +02:00
il_kimo	2dc341a47a	Fix shell command in README If applied, this commit will correct the yq command to extract the public key from the secret. Signed-off-by: il_kimo <vibertikim@yahoo.it>	2025-01-14 16:41:57 +01:00
Stefan Prodan	f1c3f8c7e2	Merge pull request #134 from fluxcd/update-kyverno Update kyverno to v1.13.2	2024-12-11 10:53:27 +02:00
fluxcdbot	5e223c87ab	Update kyverno to v1.13.2 Signed-off-by: GitHub <noreply@github.com>	2024-12-11 00:06:03 +00:00
Stefan Prodan	24a3735b1d	Merge pull request #133 from fluxcd/update-kyverno Update kyverno to v1.13.1	2024-11-13 10:18:49 +02:00
fluxcdbot	cddd96e3b3	Update kyverno to v1.13.1 Signed-off-by: GitHub <noreply@github.com>	2024-11-13 00:05:41 +00:00
Stefan Prodan	d500f6f59b	Merge pull request #132 from fluxcd/update-kyverno Update kyverno to v1.13.0	2024-10-30 09:41:24 +02:00
fluxcdbot	da15130d31	Update kyverno to v1.13.0 Signed-off-by: GitHub <noreply@github.com>	2024-10-30 00:05:49 +00:00
Stefan Prodan	a35e8937f4	Merge pull request #129 from fluxcd/update-kyverno Update kyverno to v1.12.5	2024-07-13 09:16:43 +03:00
fluxcdbot	2364ffce97	Update kyverno to v1.12.5 Signed-off-by: GitHub <noreply@github.com>	2024-07-13 00:05:27 +00:00
Stefan Prodan	db9e036c8b	Merge pull request #128 from fluxcd/update-kyverno Update kyverno to v1.12.4	2024-06-18 09:22:15 +03:00
fluxcdbot	01d8686902	Update kyverno to v1.12.4 Signed-off-by: GitHub <noreply@github.com>	2024-06-18 00:05:11 +00:00
Stefan Prodan	596bdbde52	Merge pull request #127 from fluxcd/update-kyverno Update kyverno to v1.12.3	2024-06-01 09:55:13 +03:00
fluxcdbot	6613fcde40	Update kyverno to v1.12.3 Signed-off-by: GitHub <noreply@github.com>	2024-06-01 00:05:01 +00:00
Stefan Prodan	9ba47566d7	Merge pull request #124 from fluxcd/update-kyverno Update kyverno to v1.12.2	2024-05-24 08:28:48 +03:00
fluxcdbot	9a56d7d4c9	Update kyverno to v1.12.2 Signed-off-by: GitHub <noreply@github.com>	2024-05-24 00:05:27 +00:00
Stefan Prodan	a4f492ddb8	Merge pull request #125 from chipzoller/kyverno-policy-fixes Updates/fixes Kyverno policies for 1.11+	2024-03-01 19:56:04 +00:00
chipzoller	dc19e7b852	updates/fixes policies for 1.11+ Signed-off-by: chipzoller <chipzoller@gmail.com>	2024-03-01 09:47:32 -05:00
Stefan Prodan	8525be1674	Merge pull request #120 from nw0rn/main Add namespace reference to kustomize files	2024-02-08 09:47:19 +02:00
Stefan Prodan	2ed0e2b73c	Merge pull request #123 from fluxcd/update-kyverno Update kyverno to v1.11.4	2024-01-20 09:09:57 +02:00
fluxcdbot	50a797da78	Update kyverno to v1.11.4 Signed-off-by: GitHub <noreply@github.com>	2024-01-20 00:04:29 +00:00
Stefan Prodan	92a9b324e9	Merge pull request #122 from fluxcd/update-kyverno Update kyverno to v1.11.3	2024-01-06 10:23:40 +02:00
fluxcdbot	863960cedd	Update kyverno to v1.11.3 Signed-off-by: GitHub <noreply@github.com>	2024-01-06 00:04:36 +00:00
Stefan Prodan	6ae88ddd2d	Merge pull request #121 from fluxcd/update-kyverno Update kyverno to v1.11.2	2023-12-29 09:11:25 +02:00
fluxcdbot	1e6ad41823	Update kyverno to v1.11.2 Signed-off-by: GitHub <noreply@github.com>	2023-12-29 00:03:49 +00:00
nw0rn	c49e6be6ad	add namespace to kustomize files Signed-off-by: nw0rn <nicolaswoerner1@gmail.com>	2023-12-15 09:55:12 +01:00
Stefan Prodan	94a2d28da9	Merge pull request #119 from fluxcd/update-kyverno Update kyverno to v1.11.1	2023-11-29 10:24:36 +02:00
fluxcdbot	b03f76aece	Update kyverno to v1.11.1 Signed-off-by: GitHub <noreply@github.com>	2023-11-29 00:04:39 +00:00
Stefan Prodan	96fdcf5d98	Merge pull request #113 from fluxcd/update-kyverno Update kyverno to v1.11.0	2023-11-11 08:36:49 +02:00
fluxcdbot	34a92347e3	Update kyverno to v1.11.0 Signed-off-by: GitHub <noreply@github.com>	2023-11-11 00:04:00 +00:00