Jasdeep Basra requested to merge merge-kyverno into main Oct 10, 2024

General MR

Summary

Combined kyverno and kyvenro-policies. Kyverno is now a subchart in the kyverno-policies repo: https://repo1.dso.mil/big-bang/product/packages/kyverno-policies/-/tree/merge-kyverno/chart/charts/kyverno

It was not possible to package as helm dependency since it becomes too large, and this layout will simplify future renovates. BigBang deployment will continue to deploy kyverno and kyvenro-policies seperately, since it takes time for kyverno to become ready to install. However, they will be deployed together at the package level allowing for combined testing and CI/CD from blocking updates that would break kyverno-policies.

Some modifications are needed at the bigbang level and are detailed here: big-bang/bigbang!5367 (diffs)

Mainly, kyverno git url will point to the kyverno-policies repo.

Another thing to point out for kyverno-policies repo is the dependecies.yaml so that gitlab doesn't install kyverno separately. Keeping it will cause upgrade to fail since kyverno is installed separately.

Used to uninstall previous kyverno if installed independently of bigbang. If installed with bb no changes are needed.

ClusterRole=$(kubectl get ClusterRole | grep kyverno | awk '{print $1}' | tr '\n' ' ')
ClusterRoleBinding=$(kubectl get ClusterRoleBinding | grep kyverno | awk '{print $1}' | tr '\n' ' ')
CRDS=$(kubectl get crds | grep kyverno | awk '{print $1}' | tr '\n' ' ')
kubectl delete namespace kyverno
kubectl delete crds $CRDS
kubectl delete crds policyreports.wgpolicyk8s.io clusterpolicyreports.wgpolicyk8s.io
kubectl delete ClusterRole $ClusterRole
kubectl delete ClusterRoleBinding $ClusterRoleBinding

#check for any kyverno resources:
kubectl get namespace kyverno
kubectl get all --all-namespaces -l='app.kubernetes.io/managed-by=Helm,app.kubernetes.io/instance=kyverno'