apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
  name: kyverno
  namespace: kyverno
spec:
  interval: 12h
  type: oci
  url: oci://ghcr.io/kyverno/charts
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: kyverno
  namespace: kyverno
spec:
  serviceAccountName: flux
  interval: 1h
  chart:
    spec:
      version: "3.6.2" # {"$imagepolicy": "flux-system:kyverno:tag"}
      chart: kyverno
      sourceRef:
        kind: HelmRepository
        name: kyverno
      interval: 12h
  install:
    crds: Create
    timeout: 9m
  upgrade:
    crds: CreateReplace
    timeout: 9m
  values:
    admissionController:
      serviceMonitor:
        enabled: true
      rbac:
        clusterRole:
          extraResources:
          - apiGroups: [""]
            resources: [secrets]
            verbs: [get, list]
    backgroundController:
      serviceMonitor:
        enabled: true
      rbac:
        clusterRole:
          extraResources:
          - apiGroups: [""]
            resources: [secrets]
            verbs: [get, list, create, update, delete]