Add Kyverno to platform

README.md

@@ -134,6 +134,7 @@ Each Kadras package included in the platform can be configured independently.
 | `conventions.spring_boot` | `{}` | Configuration for the Spring Boot Conventions package. |
 | `flux.source_controller` | `{}` | Configuration for the FluxCD Source Controller package. |
 | `knative.serving` | `{}` | Configuration for the Knative Serving package. |
+| `kyverno.core` | `{}` | Configuration for the Kyverno package. |
 | `metrics_server` | `{}` | Configuration for the Metrics Server package. |
 | `secretgen_controller` | `{}` | Configuration for the Secretgen Controller package. |
 | `tekton.catalog` | `{}` | Configuration for the Tekton Catalog package. |

package/config/kyverno.yml

@@ -0,0 +1,46 @@
+#@ load("@ytt:data", "data")
+#@ load("@ytt:struct", "struct")
+#@ load("@ytt:yaml", "yaml")
+#@ load("/helpers.star", "is_package_enabled")
+
+#@ if is_package_enabled("kyverno"):
+
+#@ def compute_package_values():
+#@   values = struct.decode(data.values.kyverno.core)
+#@
+#@   #! Compute values for CA Certificates
+#@   if data.values.platform.ca_cert_data:
+#@     values["ca_cert_data"] = values["ca_cert_data"] + data.values.platform.ca_cert_data
+#@   end
+#@
+#@   return struct.encode(values)
+#@ end
+
+---
+apiVersion: packaging.carvel.dev/v1alpha1
+kind: PackageInstall
+metadata:
+  name: kyverno
+  namespace: #@ data.values.platform.namespace
+  annotations:
+    kapp.k14s.io/change-group: kyverno
+    kapp.k14s.io/change-rule.serviceaccount: delete before deleting serviceaccount
+spec:
+  serviceAccountName: kadras-install-sa
+  packageRef:
+    refName: kyverno.packages.kadras.io
+    versionSelection:
+      constraints: 1.10.3+kadras.1
+  values:
+    - secretRef:
+        name: kyverno-values
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: kyverno-values
+  namespace: #@ data.values.platform.namespace
+stringData:
+  values.yaml: #@ yaml.encode(compute_package_values())
+
+#@ end

package/config/values-schema.yml

@@ -131,6 +131,12 @@ knative:
   #@schema/type any=True
   serving: {}
 
+#@schema/desc "Configuration for the Kyverno related packages."
+kyverno:
+  #@schema/desc "Configuration for the Kyverno package."
+  #@schema/type any=True
+  core: {}
+
 #@schema/desc "Configuration for the Metrics Server package."
 #@schema/type any=True
 metrics_server: {}

test/integration/kuttl-test.yml

@@ -8,39 +8,15 @@ parallel: 1
 startKIND: true
 kindContext: integration
 kindNodeCache: true
-timeout: 120
+timeout: 300
 artifactsDir: /tmp/kuttl-artifacts
 commands:
   - script: |
       kapp deploy -a kapp-controller -y \
         -f https://github.com/carvel-dev/kapp-controller/releases/latest/download/release.yml
   - script: |
-      kubectl create namespace kadras-packages
-  - script: |
-      kapp deploy -a cert-manager-issuers-package -n kadras-packages -y \
-        -f https://github.com/kadras-io/cert-manager-issuers/releases/latest/download/metadata.yml \
-        -f https://github.com/kadras-io/cert-manager-issuers/releases/latest/download/package.yml
-  - script: |
-      kapp deploy -a cert-manager-package -n kadras-packages -y \
-        -f https://github.com/kadras-io/package-for-cert-manager/releases/latest/download/metadata.yml \
-        -f https://github.com/kadras-io/package-for-cert-manager/releases/latest/download/package.yml
-  - script: |
-      kapp deploy -a contour-package -n kadras-packages -y \
-        -f https://github.com/kadras-io/package-for-contour/releases/latest/download/metadata.yml \
-        -f https://github.com/kadras-io/package-for-contour/releases/latest/download/package.yml
+      cd test/setup/dependencies
+      vendir sync
   - script: |
-      kapp deploy -a knative-serving-package -n kadras-packages -y \
-        -f https://github.com/kadras-io/package-for-knative-serving/releases/latest/download/metadata.yml \
-        -f https://github.com/kadras-io/package-for-knative-serving/releases/latest/download/package.yml
-  - script: |
-      kapp deploy -a metrics-server-package -n kadras-packages -y \
-        -f https://github.com/kadras-io/package-for-metrics-server/releases/latest/download/metadata.yml \
-        -f https://github.com/kadras-io/package-for-metrics-server/releases/latest/download/package.yml
-  - script: |
-      kapp deploy -a secretgen-controller-package -n kadras-packages -y \
-        -f https://github.com/kadras-io/package-for-secretgen-controller/releases/latest/download/metadata.yml \
-        -f https://github.com/kadras-io/package-for-secretgen-controller/releases/latest/download/package.yml
-  - script: |
-      kapp deploy -a workspace-provisioner-package -n kadras-packages -y \
-        -f https://github.com/kadras-io/workspace-provisioner/releases/latest/download/metadata.yml \
-        -f https://github.com/kadras-io/workspace-provisioner/releases/latest/download/package.yml
+      kubectl create namespace kadras-packages
+      kapp deploy -a kadras-packages -n kadras-packages -f test/setup/dependencies/package-repo -y

test/integration/serving/config/values.yml

@@ -11,3 +11,5 @@ stringData:
       infrastructure_provider: local
       ingress:
         domain: 127.0.0.1.sslip.io
+      excluded_packages:
+        - kyverno

test/setup/dependencies/.gitignore

@@ -0,0 +1,2 @@
+package-repo/
+vendir.lock.yml

test/setup/dependencies/vendir.yml

@@ -0,0 +1,13 @@
+apiVersion: vendir.k14s.io/v1alpha1
+directories:
+- contents:
+  - git:
+      ref: main
+      url: https://github.com/kadras-io/kadras-packages
+    includePaths:
+      - repo/packages/**/*
+    newRootPath: repo/packages
+    path: .
+  path: package-repo
+kind: Config
+minimumRequiredVersion: 0.32.0