Add kyverno policy to fix jobs security context

Loic Nicollerequested to merge
fix_rke2_machine_cleanup into main

What does this MR do and why?

This MR add a kyverno policy to add missing security context for some job created by rancher cronjob

Security context set by the policy is the same as the one we use for kube-cronjob

Related reference(s)

close #1834 (closed)

Test coverage

Manually applied the policy on a dev platform and create with success a job from each cronjobs

CI configuration

CI pipelines perform an update for both management and workload clusters, this update will NOT perform a ClusterAPI rolling update (deletion and creation of new K8s nodes) by default.

For some cases, it may be relevant to perform more complex tests.

Theses features can be activated in an MR by adding one of these labels to the MR and will apply to the next pipelines.

  • adding the label ci-featuretest-rolling-update pipelines will perform a node rolling update in the -update jobs (without version upgrades)
  • adding the label ci-featuretest-upgrade-from-1.1.1 pipelines will perform an upgrade from Sylva 1.1.1 to your dev branch (including a k8s version upgrade resulting in a node rolling update)
Edited by Loic Nicolle

Merge request reports