gitea_admin/k8s-and-chill
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
k8s-and-chill/rendered/envs/production/cert-manager
History
Felix Wolf 33c52be1c5 feat(pss): drop 5 namespaces from PSS privileged to restricted 
argocd, cert-manager, cloudnative-pg already compliant — label flip only.
ocis: add overlay injecting seccompProfile=RuntimeDefault, drop ALL caps,
allowPrivilegeEscalation=false across all chart Deployments/CronJobs;
patch idm initContainer; harden custom precheck Job; refactor s3-backup
to rclone/rclone image (avoids apk-add-as-root).
victoria-metrics-single: overlay sets full restricted SC on the StatefulSet
that ships with empty securityContext: {}.

forgejo, traefik, kube-system stay privileged (hostPort / CSI driver).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-03 01:24:59 +02:00
..
clusterissuer-letsencrypt.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
clusterissuer-selfsigned.yaml feat: replace secret-init Jobs with mittwald operator + cert-manager 2026-05-03 00:00:07 +02:00
clusterrole-cert-manager-cainjector.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
clusterrole-cert-manager-cluster-view.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
clusterrole-cert-manager-controller-approve_cert-manager-io.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
clusterrole-cert-manager-controller-certificates.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
clusterrole-cert-manager-controller-certificatesigningrequests.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
clusterrole-cert-manager-controller-challenges.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
clusterrole-cert-manager-controller-clusterissuers.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
clusterrole-cert-manager-controller-ingress-shim.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
clusterrole-cert-manager-controller-issuers.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
clusterrole-cert-manager-controller-orders.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
clusterrole-cert-manager-edit.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
clusterrole-cert-manager-view.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
clusterrole-cert-manager-webhook_subjectaccessreviews.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
clusterrolebinding-cert-manager-cainjector.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
clusterrolebinding-cert-manager-controller-approve_cert-manager-io.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
clusterrolebinding-cert-manager-controller-certificates.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
clusterrolebinding-cert-manager-controller-certificatesigningrequests.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
clusterrolebinding-cert-manager-controller-challenges.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
clusterrolebinding-cert-manager-controller-clusterissuers.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
clusterrolebinding-cert-manager-controller-ingress-shim.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
clusterrolebinding-cert-manager-controller-issuers.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
clusterrolebinding-cert-manager-controller-orders.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
clusterrolebinding-cert-manager-webhook_subjectaccessreviews.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
customresourcedefinition-certificaterequests.cert-manager.io.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
customresourcedefinition-certificates.cert-manager.io.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
customresourcedefinition-challenges.acme.cert-manager.io.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
customresourcedefinition-clusterissuers.cert-manager.io.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
customresourcedefinition-issuers.cert-manager.io.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
customresourcedefinition-orders.acme.cert-manager.io.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
deployment-cert-manager-cainjector.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
deployment-cert-manager-webhook.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
deployment-cert-manager.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
job-cert-manager-startupapicheck.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
mutatingwebhookconfiguration-cert-manager-webhook.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
namespace-cert-manager.yaml feat(pss): drop 5 namespaces from PSS privileged to restricted 2026-05-03 01:24:59 +02:00
role-cert-manager-cainjector_leaderelection.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
role-cert-manager-startupapicheck_create-cert.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
role-cert-manager-tokenrequest.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
role-cert-manager-webhook_dynamic-serving.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
role-cert-manager_leaderelection.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
rolebinding-cert-manager-cainjector_leaderelection.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
rolebinding-cert-manager-cert-manager-tokenrequest.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
rolebinding-cert-manager-startupapicheck_create-cert.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
rolebinding-cert-manager-webhook_dynamic-serving.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
rolebinding-cert-manager_leaderelection.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
service-cert-manager-cainjector.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
service-cert-manager-webhook.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
service-cert-manager.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
serviceaccount-cert-manager-cainjector.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
serviceaccount-cert-manager-startupapicheck.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
serviceaccount-cert-manager-webhook.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
serviceaccount-cert-manager.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00
validatingwebhookconfiguration-cert-manager-webhook.yaml feat: Wire ArgoCD to Forgejo for GitOps management 2026-03-30 23:09:50 +02:00