kyverno: bump to v1.15.2 in development overlay

components/kyverno/development/kustomization.yaml

@@ -6,30 +6,6 @@ namespace: konflux-kyverno
 generators:
   - kyverno-helm-generator.yaml
 
-replacements:
-  # enforce serviceAccountName is used instead of serviceAccount in Jobs
-  # TODO: these replacements can be removed when bumping to kyverno:1.14
-  # https://github.com/kyverno/kyverno/pull/12158
-  - source:
-      group: batch
-      version: v1
-      kind: Job
-      name: konflux-kyverno-migrate-resources
-      namespace: konflux-kyverno
-      fieldPath: spec.template.spec.serviceAccount
-    targets:
-      - select:
-          group: batch
-          version: v1
-          kind: Job
-          namespace: konflux-kyverno
-          name: konflux-kyverno-migrate-resources
-        fieldPaths:
-          - spec.template.spec.serviceAccountName
-        options:
-          create: true
-
-# set resources to jobs
 patches:
   - path: job_resources.yaml
     target:

components/kyverno/development/kyverno-helm-generator.yaml

@@ -4,10 +4,7 @@ metadata:
   name: kyverno
 name: kyverno
 repo: https://kyverno.github.io/kyverno/
-# TODO: when bumping to kyverno:1.14 we can remove ServiceAccountName 
-# replacements from the kustomization.yaml file
-# https://github.com/kyverno/kyverno/pull/12158
-version: 3.3.7
+version: 3.5.2
 namespace: konflux-kyverno
 valuesFile: kyverno-helm-values.yaml
 releaseName: kyverno

components/kyverno/development/kyverno-helm-values.yaml

@@ -26,6 +26,11 @@ admissionController:
         - "ALL"
   metering:
     disabled: false
+  podDisruptionBudget:
+    enabled: true
+    maxUnavailable: 2
+    minAvailable: null
+    unhealthyPodEvictionPolicy: AlwaysAllow
   serviceMonitor:
     enabled: true
     # kyverno doesn't seem to support HTTPS on metrics