From 99d6600598765ce4ca7fbc7b933f684d24db9f0f Mon Sep 17 00:00:00 2001
From: juvdiaz <juvenal.diaz@oracle.com>
Date: Thu, 28 May 2026 15:52:09 -0600
Subject: [PATCH] Move Kyverno to app workers

---
 bootstrap/platform/main.tf | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/bootstrap/platform/main.tf b/bootstrap/platform/main.tf
index 4b7669e..11815f0 100644
--- a/bootstrap/platform/main.tf
+++ b/bootstrap/platform/main.tf
@@ -110,6 +110,10 @@ EOT
     "kubernetes.io/os"      = "linux"
     "homelab.dev/node-role" = "app"
   }
+  kyverno_node_selector = {
+    "kubernetes.io/os"      = "linux"
+    "homelab.dev/node-role" = "app"
+  }
 }
 
 resource "helm_release" "calico_crds" {
@@ -779,7 +783,8 @@ resource "helm_release" "kyverno" {
   values = [
     yamlencode({
       admissionController = {
-        replicas = 1
+        nodeSelector = local.kyverno_node_selector
+        replicas     = 1
         resources = {
           requests = {
             cpu    = "50m"
@@ -791,7 +796,8 @@ resource "helm_release" "kyverno" {
         }
       }
       backgroundController = {
-        replicas = 1
+        nodeSelector = local.kyverno_node_selector
+        replicas     = 1
         resources = {
           requests = {
             cpu    = "25m"
@@ -803,7 +809,8 @@ resource "helm_release" "kyverno" {
         }
       }
       cleanupController = {
-        replicas = 1
+        nodeSelector = local.kyverno_node_selector
+        replicas     = 1
         resources = {
           requests = {
             cpu    = "10m"
@@ -815,7 +822,8 @@ resource "helm_release" "kyverno" {
         }
       }
       reportsController = {
-        replicas = 1
+        nodeSelector = local.kyverno_node_selector
+        replicas     = 1
         resources = {
           requests = {
             cpu    = "25m"