add cicd exclude to resource limits

Signed-off-by: gwg313 <gwg313@pm.me>
2026-06-05 21:01:02 +00:00 · 2026-05-22 23:04:07 -04:00
8 changed files with 10 additions and 5 deletions
--- a/apps/tekton/kustomization.yaml
+++ b/apps/tekton/kustomization.yaml
@ -4,4 +4,3 @@ kind: Kustomization
 resources:
  - https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
  - https://storage.googleapis.com/tekton-releases/dashboard/latest/release.yaml
-  - https://raw.githubusercontent.com/openshift-pipelines/pipelines-as-code/stable/release.k8s.yaml
--- a/management/platform-apps/bytestash.yaml
+++ b/management/platform-apps/bytestash.yaml
@ -20,3 +20,5 @@ spec:
      selfHeal: true
    syncOptions:
      - CreateNamespace=true
+      - ServerSideApply=true
+      - SkipDryRunOnMissingResource=true
--- a/management/platform-apps/forgejo.yaml
+++ b/management/platform-apps/forgejo.yaml
@ -20,3 +20,4 @@ spec:
      selfHeal: true
    syncOptions:
      - CreateNamespace=true
+      - ServerSideApply=true
--- a/management/platform-apps/kyverno-policies.yaml
+++ b/management/platform-apps/kyverno-policies.yaml
@ -18,3 +18,8 @@ spec:
    automated:
      prune: true
      selfHeal: true
+    syncOptions:
+      - CreateNamespace=false
+      - ServerSideApply=true
+      - Replace=true # <-- Policies have immutable fields so this helps deal with updates
+      - Force=true
--- a/management/platform-apps/stirling-pdf.yaml
+++ b/management/platform-apps/stirling-pdf.yaml
@ -20,4 +20,5 @@ spec:
      selfHeal: true
    syncOptions:
      - CreateNamespace=true
+      - ServerSideApply=true
      - SkipDryRunOnMissingResource=true
--- a/management/platform-apps/yopass.yaml
+++ b/management/platform-apps/yopass.yaml
@ -20,3 +20,4 @@ spec:
      selfHeal: true
    syncOptions:
      - CreateNamespace=true
+      - ServerSideApply=true
--- a/platform/kyverno/policies/generate-ns-network-baseline.yaml
+++ b/platform/kyverno/policies/generate-ns-network-baseline.yaml
@ -5,8 +5,6 @@ metadata:
  annotations:
    policies.kyverno.io/title: Inject Namespace Baseline CNP
    policies.kyverno.io/description: Automatically provisions a local default-deny + DNS egress CNP inside new application namespaces.
-    argocd.argoproj.io/sync-options: Force=true,Replace=true
-
 spec:
  background: true
  rules:
@ -34,7 +32,6 @@ spec:
                - monitoring
                - tekton-pipelines-resolvers
                - tekton-pipelines
-                - pipelines-as-code
      generate:
        apiVersion: cilium.io/v2
        kind: CiliumNetworkPolicy
--- a/platform/kyverno/policies/require-requests-limits.yaml
+++ b/platform/kyverno/policies/require-requests-limits.yaml
@ -36,7 +36,6 @@ spec:
                - monitoring
                - tekton-pipelines-resolvers
                - tekton-pipelines
-                - pipelines-as-code
                - cicd
      validate:
        message: "Resource discipline violation: Containers must declare cpu/memory requests and limits."