Restructured infra

2025-04-24 11:38:30 +02:00
parent 6cbd2fca75
commit 5a027ea7e0
118 changed files with 226 additions and 151 deletions
--- a/infra/kyverno/kustomization.yaml
+++ b/infra/kyverno/kustomization.yaml
@@ -1,15 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-namespace: kyverno
 resources:
-  - ./namespace.yaml
-  - ./helm-repository.yaml
-  - ./helm-release.yaml
-
-configurations:
-  - ../../common/name-reference/helm-release.yaml
-
-configMapGenerator:
-  - name: kyverno-values
-    files:
-      - ./values.yaml
+  - ./kyverno-policies.yaml
+  - ./kyverno.yaml
--- a/infra/kyverno/kyverno-policies.yaml
+++ b/infra/kyverno/kyverno-policies.yaml
@@ -0,0 +1,18 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: kyverno-policies
+  namespace: flux-system
+  labels:
+    alert: flux-infra
+spec:
+  interval: 15m
+  path: ./infra/kyverno/kyverno-policies
+  dependsOn:
+    - name: kyverno
+  prune: true
+  timeout: 2m
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  wait: true
--- a/infra/kyverno/kyverno-policies/kube-vip-network-adapter.yaml
+++ b/infra/kyverno/kyverno-policies/kube-vip-network-adapter.yaml
@@ -0,0 +1,37 @@
+apiVersion: kyverno.io/v2beta1
+kind: ClusterPolicy
+metadata:
+  name: kube-vip-network-adapter
+  annotations:
+    pod-policies.kyverno.io/autogen-controllers: none
+    policies.kyverno.io/title: Kube VIP adapter label
+    policies.kyverno.io/category: Other
+    policies.kyverno.io/subject: Pod
+    kyverno.io/kyverno-version: 1.10.0
+    policies.kyverno.io/minversion: 1.10.0
+    kyverno.io/kubernetes-version: "1.26"
+spec:
+  background: false
+  rules:
+    - name: add-network-adapter-annotation
+      match:
+        any:
+          - resources:
+              kinds:
+                - Pod/binding
+              names:
+                - kube-vip-*
+      context:
+        - name: node
+          variable:
+            jmesPath: request.object.target.name
+            default: ""
+        - name: adapter
+          apiCall:
+            urlPath: "/api/v1/nodes/{{node}}"
+            jmesPath: 'metadata.labels."feature.node.kubernetes.io/network-adapter" || "empty"'
+      mutate:
+        patchStrategicMerge:
+          metadata:
+            annotations:
+              feature.node.kubernetes.io/network-adapter: "{{ adapter }}"
--- a/infra/kyverno/kyverno-policies/kustomization.yaml
+++ b/infra/kyverno/kyverno-policies/kustomization.yaml
@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./kube-vip-network-adapter.yaml
--- a/infra/kyverno/kyverno.yaml
+++ b/infra/kyverno/kyverno.yaml
@@ -0,0 +1,16 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: kyverno
+  namespace: flux-system
+  labels:
+    alert: flux-infra
+spec:
+  interval: 15m
+  path: ./infra/kyverno/kyverno
+  prune: true
+  timeout: 2m
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  wait: true
--- a/infra/kyverno/kyverno/helm-release.yaml
+++ b/infra/kyverno/kyverno/helm-release.yaml
--- a/infra/kyverno/kyverno/helm-repository.yaml
+++ b/infra/kyverno/kyverno/helm-repository.yaml
--- a/infra/kyverno/kyverno/kustomization.yaml
+++ b/infra/kyverno/kyverno/kustomization.yaml
@@ -0,0 +1,15 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kyverno
+resources:
+  - ./namespace.yaml
+  - ./helm-repository.yaml
+  - ./helm-release.yaml
+
+configurations:
+  - ../../../common/name-reference/helm-release.yaml
+
+configMapGenerator:
+  - name: kyverno-values
+    files:
+      - ./values.yaml
--- a/infra/kyverno/kyverno/namespace.yaml
+++ b/infra/kyverno/kyverno/namespace.yaml
--- a/infra/kyverno/kyverno/values.yaml
+++ b/infra/kyverno/kyverno/values.yaml