From 5c43091d8e9790d70b563afb7432bee7edb1dc7a Mon Sep 17 00:00:00 2001
From: Damien Chomat <damien.chomat@gmail.com>
Date: Mon, 25 Nov 2024 15:53:19 -0600
Subject: [PATCH] feat: add kyverno component

---
 gitops/components/kyverno/kustomize.yaml |  5 ++
 gitops/components/kyverno/resources.yaml | 74 ++++++++++++++++++++++++
 2 files changed, 79 insertions(+)
 create mode 100644 gitops/components/kyverno/kustomize.yaml
 create mode 100644 gitops/components/kyverno/resources.yaml

diff --git a/gitops/components/kyverno/kustomize.yaml b/gitops/components/kyverno/kustomize.yaml
new file mode 100644
index 0000000..3b42c63
--- /dev/null
+++ b/gitops/components/kyverno/kustomize.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+
+resources:
+  - ./resources.yaml
diff --git a/gitops/components/kyverno/resources.yaml b/gitops/components/kyverno/resources.yaml
new file mode 100644
index 0000000..ba0313e
--- /dev/null
+++ b/gitops/components/kyverno/resources.yaml
@@ -0,0 +1,74 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: kyverno
+  namespace: argocd
+spec:
+  destination:
+    namespace: kyverno
+    server: https://kubernetes.default.svc
+  project: admins
+  source:
+    chart: kyverno
+    repoURL: https://kyverno.github.io/kyverno
+    targetRevision: 3.3.3
+    helm:
+      valuesObject:
+        features:
+          backgroundScan:
+            backgroundScanInterval: 1h
+        admissionController:
+          hostNetwork: true
+          dnsPolicy: ClusterFirstWithHostNet
+          webhookServer:
+            port: 9443
+          metricsService:
+            port: 9444
+          startupProbe:
+            httpGet:
+              port: 9443
+          livenessProbe:
+            httpGet:
+              port: 9443
+          readinessProbe:
+            httpGet:
+              port: 9443
+        backgroundController:
+          hostNetwork: true
+          dnsPolicy: ClusterFirstWithHostNet
+          server:
+            port: 9445
+          metricsService:
+            port: 9446
+        cleanupController:
+          hostNetwork: true
+          dnsPolicy: ClusterFirstWithHostNet
+          server:
+            port: 9447
+          webhookServer:
+            port: 9448
+          metricsService:
+            port: 9449
+          startupProbe:
+            httpGet:
+              port: 9447
+          livenessProbe:
+            httpGet:
+              port: 9447
+          readinessProbe:
+            httpGet:
+              port: 9447
+        reportsController:
+          hostNetwork: true
+          dnsPolicy: ClusterFirstWithHostNet
+          server:
+            port: 9450
+          metricsService:
+            port: 9451
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - ServerSideApply=true
+      - CreateNamespace=true