diff --git a/apps/tekton/kustomization.yaml b/apps/tekton/kustomization.yaml index 760fd85..57bb294 100644 --- a/apps/tekton/kustomization.yaml +++ b/apps/tekton/kustomization.yaml @@ -4,4 +4,3 @@ kind: Kustomization resources: - https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml - https://storage.googleapis.com/tekton-releases/dashboard/latest/release.yaml - - https://raw.githubusercontent.com/openshift-pipelines/pipelines-as-code/stable/release.k8s.yaml diff --git a/management/platform-apps/bytestash.yaml b/management/platform-apps/bytestash.yaml index 78baf8d..dc95b94 100644 --- a/management/platform-apps/bytestash.yaml +++ b/management/platform-apps/bytestash.yaml @@ -20,3 +20,5 @@ spec: selfHeal: true syncOptions: - CreateNamespace=true + - ServerSideApply=true + - SkipDryRunOnMissingResource=true diff --git a/management/platform-apps/forgejo.yaml b/management/platform-apps/forgejo.yaml index 779bd6d..7c0826b 100644 --- a/management/platform-apps/forgejo.yaml +++ b/management/platform-apps/forgejo.yaml @@ -20,3 +20,4 @@ spec: selfHeal: true syncOptions: - CreateNamespace=true + - ServerSideApply=true diff --git a/management/platform-apps/kyverno-policies.yaml b/management/platform-apps/kyverno-policies.yaml index 7a23b59..18e7d89 100644 --- a/management/platform-apps/kyverno-policies.yaml +++ b/management/platform-apps/kyverno-policies.yaml @@ -18,3 +18,8 @@ spec: automated: prune: true selfHeal: true + syncOptions: + - CreateNamespace=false + - ServerSideApply=true + - Replace=true # <-- Policies have immutable fields so this helps deal with updates + - Force=true diff --git a/management/platform-apps/stirling-pdf.yaml b/management/platform-apps/stirling-pdf.yaml index 57873a7..e0eba73 100644 --- a/management/platform-apps/stirling-pdf.yaml +++ b/management/platform-apps/stirling-pdf.yaml @@ -20,4 +20,5 @@ spec: selfHeal: true syncOptions: - CreateNamespace=true + - ServerSideApply=true - SkipDryRunOnMissingResource=true diff --git a/management/platform-apps/yopass.yaml b/management/platform-apps/yopass.yaml index bec8f13..38f49ac 100644 --- a/management/platform-apps/yopass.yaml +++ b/management/platform-apps/yopass.yaml @@ -20,3 +20,4 @@ spec: selfHeal: true syncOptions: - CreateNamespace=true + - ServerSideApply=true diff --git a/platform/kyverno/policies/generate-ns-network-baseline.yaml b/platform/kyverno/policies/generate-ns-network-baseline.yaml index 20ab409..c7de5eb 100644 --- a/platform/kyverno/policies/generate-ns-network-baseline.yaml +++ b/platform/kyverno/policies/generate-ns-network-baseline.yaml @@ -5,8 +5,6 @@ metadata: annotations: policies.kyverno.io/title: Inject Namespace Baseline CNP policies.kyverno.io/description: Automatically provisions a local default-deny + DNS egress CNP inside new application namespaces. - argocd.argoproj.io/sync-options: Force=true,Replace=true - spec: background: true rules: @@ -34,7 +32,6 @@ spec: - monitoring - tekton-pipelines-resolvers - tekton-pipelines - - pipelines-as-code generate: apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy diff --git a/platform/kyverno/policies/require-requests-limits.yaml b/platform/kyverno/policies/require-requests-limits.yaml index 811c75c..b0a2824 100644 --- a/platform/kyverno/policies/require-requests-limits.yaml +++ b/platform/kyverno/policies/require-requests-limits.yaml @@ -36,7 +36,6 @@ spec: - monitoring - tekton-pipelines-resolvers - tekton-pipelines - - pipelines-as-code - cicd validate: message: "Resource discipline violation: Containers must declare cpu/memory requests and limits."