Problem Statement

I’m using the kyverno-policies helm chart to great effect across the cluster… given that the policies in the chart are of kind ClusterPolicy… But there is no option to have it deploy policies as kind: Policy with the view of applying them into a particular namespace?

I have a use case where a given cluster has some namespaces with workloads in them that cannot comply with cluster-wide PSS Baseline policies, which I do need to enforce, however, on a specific namespace. Hence I don't think we should use a cluster-scoped ClusterPolicy but a Policy instead… To do that, I need to drop the helm chart and use self-managed policies instead.

Solution Description

Perhaps the kind and namespace could be templated in the chart and exposed as options in the values.yaml to allow users of the chart to deploy its policies into a namespace as kind: Policy.

Alternatives

No response

Additional Context

No response

Slack discussion

https://kubernetes.slack.com/archives/CLGR9BJU9/p1696170518685969

Research

• I have read and followed the documentation AND the troubleshooting guide.
• I have searched other issues in this repository and mine is not recorded.