From 1609f6afde01ca93469576b1257a0fc979a3ca8f Mon Sep 17 00:00:00 2001
From: snothub <danijels@gmail.com>
Date: Thu, 26 Mar 2026 13:34:00 +0100
Subject: [PATCH] exclude trivy-system from kyverno policies

---
 cluster-resources/policies/deployment-verifier.yaml | 2 ++
 cluster-resources/policies/label-checker.yaml       | 1 +
 2 files changed, 3 insertions(+)

diff --git a/cluster-resources/policies/deployment-verifier.yaml b/cluster-resources/policies/deployment-verifier.yaml
index 8e827cc..9770218 100644
--- a/cluster-resources/policies/deployment-verifier.yaml
+++ b/cluster-resources/policies/deployment-verifier.yaml
@@ -23,6 +23,7 @@ spec:
           - monitoring
           - argocd
           - traefik-system
+          - trivy-system
     context:
     - name: ownerReplicaSet
       apiCall:
@@ -59,6 +60,7 @@ spec:
           - monitoring
           - argocd
           - traefik-system
+          - trivy-system
     skipBackgroundRequests: true
     validate:
       allowExistingViolations: true
diff --git a/cluster-resources/policies/label-checker.yaml b/cluster-resources/policies/label-checker.yaml
index 129007a..8a8efd3 100644
--- a/cluster-resources/policies/label-checker.yaml
+++ b/cluster-resources/policies/label-checker.yaml
@@ -26,6 +26,7 @@ spec:
           - monitoring
           - secrets
           - kyverno
+          - trivy-system
     match:
       any:
       - resources: