add cicd exclude to resource limits

Signed-off-by: gwg313 <gwg313@pm.me>
2026-06-05 19:00:59 +00:00 · 2026-05-22 22:33:09 -04:00 · 2026-05-22 22:33:09 -04:00 · d3da92bbb8
commit d3da92bbb8
parent 3cd820c135
5 changed files with 8 additions and 9 deletions
--- a/apps/harbor/values.yaml
+++ b/apps/harbor/values.yaml
@ -1,5 +1,7 @@
 harbor:
  externalURL: https://registry.gwg313.xyz
+  updateStrategy:
+    type: Recreate
  
  nginx:
    replicas: 0
@ -21,8 +23,6 @@ harbor:
        memory: 128Mi

  core:
-    updateStrategy:
-      type: Recreate
    resources:
      requests:
        cpu: 100m
@ -32,8 +32,6 @@ harbor:
        memory: 512Mi

  jobservice:
-    updateStrategy:
-      type: Recreate
    resources:
      requests:
        cpu: 100m
--- a/apps/tekton/kustomization.yaml
+++ b/apps/tekton/kustomization.yaml
@ -4,3 +4,4 @@ kind: Kustomization
 resources:
  - https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
  - https://storage.googleapis.com/tekton-releases/dashboard/latest/release.yaml
+  - https://raw.githubusercontent.com/openshift-pipelines/pipelines-as-code/stable/release.k8s.yaml
--- a/management/platform-apps/kyverno-policies.yaml
+++ b/management/platform-apps/kyverno-policies.yaml
@ -18,8 +18,3 @@ spec:
    automated:
      prune: true
      selfHeal: true
-    syncOptions:
-      - CreateNamespace=false
-      - ServerSideApply=true
-      - Replace=true # <-- Policies have immutable fields so this helps deal with updates
-      - Force=true
--- a/platform/kyverno/policies/generate-ns-network-baseline.yaml
+++ b/platform/kyverno/policies/generate-ns-network-baseline.yaml
@ -5,6 +5,8 @@ metadata:
  annotations:
    policies.kyverno.io/title: Inject Namespace Baseline CNP
    policies.kyverno.io/description: Automatically provisions a local default-deny + DNS egress CNP inside new application namespaces.
+    argocd.argoproj.io/sync-options: Force=true,Replace=true
+
 spec:
  background: true
  rules:
@ -32,6 +34,7 @@ spec:
                - monitoring
                - tekton-pipelines-resolvers
                - tekton-pipelines
+                - pipelines-as-code
      generate:
        apiVersion: cilium.io/v2
        kind: CiliumNetworkPolicy
--- a/platform/kyverno/policies/require-requests-limits.yaml
+++ b/platform/kyverno/policies/require-requests-limits.yaml
@ -36,6 +36,8 @@ spec:
                - monitoring
                - tekton-pipelines-resolvers
                - tekton-pipelines
+                - pipelines-as-code
+                - cicd
      validate:
        message: "Resource discipline violation: Containers must declare cpu/memory requests and limits."
        pattern: