diff --git a/apps/harbor/values.yaml b/apps/harbor/values.yaml index 6ef23a6..2cd3499 100644 --- a/apps/harbor/values.yaml +++ b/apps/harbor/values.yaml @@ -1,5 +1,7 @@ harbor: externalURL: https://registry.gwg313.xyz + updateStrategy: + type: Recreate nginx: replicas: 0 @@ -21,8 +23,6 @@ harbor: memory: 128Mi core: - updateStrategy: - type: Recreate resources: requests: cpu: 100m @@ -32,8 +32,6 @@ harbor: memory: 512Mi jobservice: - updateStrategy: - type: Recreate resources: requests: cpu: 100m diff --git a/apps/tekton/kustomization.yaml b/apps/tekton/kustomization.yaml index 57bb294..760fd85 100644 --- a/apps/tekton/kustomization.yaml +++ b/apps/tekton/kustomization.yaml @@ -4,3 +4,4 @@ kind: Kustomization resources: - https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml - https://storage.googleapis.com/tekton-releases/dashboard/latest/release.yaml + - https://raw.githubusercontent.com/openshift-pipelines/pipelines-as-code/stable/release.k8s.yaml diff --git a/management/platform-apps/bytestash.yaml b/management/platform-apps/bytestash.yaml index dc95b94..78baf8d 100644 --- a/management/platform-apps/bytestash.yaml +++ b/management/platform-apps/bytestash.yaml @@ -20,5 +20,3 @@ spec: selfHeal: true syncOptions: - CreateNamespace=true - - ServerSideApply=true - - SkipDryRunOnMissingResource=true diff --git a/management/platform-apps/forgejo.yaml b/management/platform-apps/forgejo.yaml index 7c0826b..779bd6d 100644 --- a/management/platform-apps/forgejo.yaml +++ b/management/platform-apps/forgejo.yaml @@ -20,4 +20,3 @@ spec: selfHeal: true syncOptions: - CreateNamespace=true - - ServerSideApply=true diff --git a/management/platform-apps/kyverno-policies.yaml b/management/platform-apps/kyverno-policies.yaml index 18e7d89..7a23b59 100644 --- a/management/platform-apps/kyverno-policies.yaml +++ b/management/platform-apps/kyverno-policies.yaml @@ -18,8 +18,3 @@ spec: automated: prune: true selfHeal: true - syncOptions: - - CreateNamespace=false - - ServerSideApply=true - - Replace=true # <-- Policies have immutable fields so this helps deal with updates - - Force=true diff --git a/management/platform-apps/stirling-pdf.yaml b/management/platform-apps/stirling-pdf.yaml index e0eba73..57873a7 100644 --- a/management/platform-apps/stirling-pdf.yaml +++ b/management/platform-apps/stirling-pdf.yaml @@ -20,5 +20,4 @@ spec: selfHeal: true syncOptions: - CreateNamespace=true - - ServerSideApply=true - SkipDryRunOnMissingResource=true diff --git a/management/platform-apps/yopass.yaml b/management/platform-apps/yopass.yaml index 38f49ac..bec8f13 100644 --- a/management/platform-apps/yopass.yaml +++ b/management/platform-apps/yopass.yaml @@ -20,4 +20,3 @@ spec: selfHeal: true syncOptions: - CreateNamespace=true - - ServerSideApply=true diff --git a/platform/kyverno/policies/generate-ns-network-baseline.yaml b/platform/kyverno/policies/generate-ns-network-baseline.yaml index c7de5eb..20ab409 100644 --- a/platform/kyverno/policies/generate-ns-network-baseline.yaml +++ b/platform/kyverno/policies/generate-ns-network-baseline.yaml @@ -5,6 +5,8 @@ metadata: annotations: policies.kyverno.io/title: Inject Namespace Baseline CNP policies.kyverno.io/description: Automatically provisions a local default-deny + DNS egress CNP inside new application namespaces. + argocd.argoproj.io/sync-options: Force=true,Replace=true + spec: background: true rules: @@ -32,6 +34,7 @@ spec: - monitoring - tekton-pipelines-resolvers - tekton-pipelines + - pipelines-as-code generate: apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy diff --git a/platform/kyverno/policies/require-requests-limits.yaml b/platform/kyverno/policies/require-requests-limits.yaml index 8294fb3..811c75c 100644 --- a/platform/kyverno/policies/require-requests-limits.yaml +++ b/platform/kyverno/policies/require-requests-limits.yaml @@ -36,6 +36,8 @@ spec: - monitoring - tekton-pipelines-resolvers - tekton-pipelines + - pipelines-as-code + - cicd validate: message: "Resource discipline violation: Containers must declare cpu/memory requests and limits." pattern: