gitea_admin/k8s-and-chill
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
k8s-and-chill/rendered/envs/production/argocd
History
Felix Wolf 4d4f51c179 feat: drop 5 namespaces from PSS privileged to restricted 
argocd, cert-manager, cloudnative-pg already compliant — label flip only.
ocis: add overlay injecting seccompProfile=RuntimeDefault, drop ALL caps,
allowPrivilegeEscalation=false across all chart Deployments/CronJobs;
patch idm initContainer; harden custom precheck Job; refactor s3-backup
to rclone/rclone image (avoids apk-add-as-root).
victoria-metrics-single: overlay sets full restricted SC on the StatefulSet
that ships with empty securityContext: {}.

forgejo, traefik, kube-system stay privileged (hostPort / CSI driver).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-03 00:52:45 +02:00
..
clusterrole-argo-cd-argocd-application-controller.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
clusterrole-argo-cd-argocd-notifications-controller.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
clusterrole-argo-cd-argocd-server.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
clusterrolebinding-argo-cd-argocd-application-controller.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
clusterrolebinding-argo-cd-argocd-notifications-controller.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
clusterrolebinding-argo-cd-argocd-server.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
configmap-argo-cd-argocd-redis-health-configmap.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
configmap-argocd-cm.yaml feat: Add VictoriaMetrics monitoring stack 2026-03-31 00:20:23 +02:00
configmap-argocd-cmd-params-cm.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
configmap-argocd-gpg-keys-cm.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
configmap-argocd-notifications-cm.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
configmap-argocd-rbac-cm.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
configmap-argocd-ssh-known-hosts-cm.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
configmap-argocd-tls-certs-cm.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
customresourcedefinition-applications.argoproj.io.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
customresourcedefinition-applicationsets.argoproj.io.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
customresourcedefinition-appprojects.argoproj.io.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
deployment-argo-cd-argocd-applicationset-controller.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
deployment-argo-cd-argocd-dex-server.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
deployment-argo-cd-argocd-notifications-controller.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
deployment-argo-cd-argocd-redis.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
deployment-argo-cd-argocd-repo-server.yaml feat: Add VictoriaMetrics monitoring stack 2026-03-31 00:20:23 +02:00
deployment-argo-cd-argocd-server.yaml feat: Add VictoriaMetrics monitoring stack 2026-03-31 00:20:23 +02:00
ingress-argo-cd-argocd-server.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
job-argo-cd-argocd-redis-secret-init.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
namespace-argocd.yaml feat: drop 5 namespaces from PSS privileged to restricted 2026-05-03 00:52:45 +02:00
role-argo-cd-argocd-application-controller.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
role-argo-cd-argocd-applicationset-controller.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
role-argo-cd-argocd-dex-server.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
role-argo-cd-argocd-notifications-controller.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
role-argo-cd-argocd-redis-secret-init.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
role-argo-cd-argocd-repo-server.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
role-argo-cd-argocd-server.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
rolebinding-argo-cd-argocd-application-controller.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
rolebinding-argo-cd-argocd-applicationset-controller.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
rolebinding-argo-cd-argocd-dex-server.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
rolebinding-argo-cd-argocd-notifications-controller.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
rolebinding-argo-cd-argocd-redis-secret-init.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
rolebinding-argo-cd-argocd-repo-server.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
rolebinding-argo-cd-argocd-server.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
secret-argocd-notifications-secret.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
secret-argocd-secret.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
service-argo-cd-argocd-application-controller-metrics.yaml feat: Add VictoriaMetrics monitoring stack 2026-03-31 00:20:23 +02:00
service-argo-cd-argocd-applicationset-controller-metrics.yaml feat: Add VictoriaMetrics monitoring stack 2026-03-31 00:20:23 +02:00
service-argo-cd-argocd-applicationset-controller.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
service-argo-cd-argocd-dex-server.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
service-argo-cd-argocd-redis.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
service-argo-cd-argocd-repo-server-metrics.yaml feat: Add VictoriaMetrics monitoring stack 2026-03-31 00:20:23 +02:00
service-argo-cd-argocd-repo-server.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
service-argo-cd-argocd-server-metrics.yaml feat: Add VictoriaMetrics monitoring stack 2026-03-31 00:20:23 +02:00
service-argo-cd-argocd-server.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
serviceaccount-argo-cd-argocd-redis-secret-init.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
serviceaccount-argo-cd-argocd-repo-server.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
serviceaccount-argocd-application-controller.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
serviceaccount-argocd-applicationset-controller.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
serviceaccount-argocd-dex-server.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
serviceaccount-argocd-notifications-controller.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
serviceaccount-argocd-server.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
statefulset-argo-cd-argocd-application-controller.yaml feat: Add VictoriaMetrics monitoring stack 2026-03-31 00:20:23 +02:00