add pac
Some checks are pending
Pipelines as Code CI / homelab-ci CI has Started

Signed-off-by: gwg313 <gwg313@pm.me>
This commit is contained in:
gwg313 2026-06-28 17:56:19 -04:00
parent ef827b2c69
commit 145721146e
Signed by: gwg313
GPG key ID: 60FF63B4826B7400
35 changed files with 919 additions and 122 deletions

View file

@ -3,5 +3,7 @@ kyverno:
replicas: 2
features:
loggingFormat: text
policyExceptions:
enabled: true
telemetry:
enabled: false

View file

@ -11,6 +11,12 @@ spec:
any:
- resources:
kinds: ["Pod"]
exclude:
any:
- resources:
namespaceSelector:
matchLabels:
policy.home.arpa/allow-hostpath: "true"
validate:
message: "hostPath volumes are not allowed (escape risk)."

View file

@ -9,7 +9,7 @@ metadata:
policies.kyverno.io/description: >-
Automatically provisions a baseline CiliumNetworkPolicy
with default deny ingress and controlled DNS egress.
argocd.argoproj.io/sync-options: Force=true,Replace=true
argocd.argoproj.io/sync-options: Replace=true
spec:
background: true
@ -55,6 +55,8 @@ spec:
metadata:
labels:
security-tier: baseline
annotations:
argocd.argoproj.io/sync-options: Prune=false
spec:
endpointSelector: {}