github-personal/Biohazard
1
0
Fork 0
mirror of https://github.com/outbackdingo/Biohazard.git synced 2026-01-28 10:18:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(kyverno): disable ingress-tls-secretname

Browse Source
This commit is contained in:
JJGadgets
2023-12-05 20:22:39 +08:00
parent cea6638907
commit fac61cfb87
1 changed files with 90 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

180
kube/deploy/core/ingress/_deps/kyverno-ingress-tls-secrets.yaml
View File

@@ -75,93 +75,93 @@ spec:
name: "home-tls"
clone:
name: "home-tls"
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/kyverno.io/clusterpolicy_v1.json
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: "ingress-tls-secretname"
spec:
background: true
generateExisting: true
mutateExistingOnPolicyUpdate: true
rules:
- name: "secretName-long-domain-tls"
match: &m
any:
- resources:
kinds: ["Ingress"]
mutate:
targets: &t
- apiVersion: networking.k8s.io/v1
kind: Ingress
name: "{{ request.object.metadata.name }}"
namespace: "{{ request.object.metadata.namespace }}"
foreach:
- list: &l "request.object.spec.tls[]"
preconditions:
all:
- &c
key: "{{element.hosts[]}}"
operator: AllIn
value: "*${DNS_MAIN}"
patchesJson6902: |-
- path: /spec/tls/{{elementIndex}}/secretName
op: add
value: "long-domain-tls"
- name: "secretName-vpn-tls"
match: *m
mutate:
targets: *t
foreach:
- list: *l
preconditions:
all:
- <<: *c
value: "*${DNS_VPN}"
patchesJson6902: |-
- path: /spec/tls/{{elementIndex}}/secretName
op: add
value: "vpn-tls"
- name: "secretName-stream-tls"
match: *m
mutate:
targets: *t
foreach:
- list: *l
preconditions:
all:
- <<: *c
value: "*${DNS_STREAM}"
patchesJson6902: |-
- path: /spec/tls/{{elementIndex}}/secretName
op: add
value: "stream-tls"
- name: "secretName-me-tls"
match: *m
mutate:
targets: *t
foreach:
- list: *l
preconditions:
all:
- <<: *c
value: "*${DNS_ME}"
patchesJson6902: |-
- path: /spec/tls/{{elementIndex}}/secretName
op: add
value: "me-tls"
- name: "secretName-home-tls"
match: *m
mutate:
targets: *t
foreach:
- list: *l
preconditions:
all:
- <<: *c
value: "*${DNS_HOME}"
patchesJson6902: |-
- path: /spec/tls/{{elementIndex}}/secretName
op: add
value: "home-tls"
# ---
# # yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/kyverno.io/clusterpolicy_v1.json
# apiVersion: kyverno.io/v1
# kind: ClusterPolicy
# metadata:
# name: "ingress-tls-secretname"
# spec:
# background: true
# generateExisting: true
# mutateExistingOnPolicyUpdate: true
# rules:
# - name: "secretName-long-domain-tls"
# match: &m
# any:
# - resources:
# kinds: ["Ingress"]
# mutate:
# targets: &t
# - apiVersion: networking.k8s.io/v1
# kind: Ingress
# name: "{{ request.object.metadata.name }}"
# namespace: "{{ request.object.metadata.namespace }}"
# foreach:
# - list: &l "request.object.spec.tls[]"
# preconditions:
# all:
# - &c
# key: "{{element.hosts[]}}"
# operator: AllIn
# value: "*${DNS_MAIN}"
# patchesJson6902: |-
# - path: /spec/tls/{{elementIndex}}/secretName
# op: add
# value: "long-domain-tls"
# - name: "secretName-vpn-tls"
# match: *m
# mutate:
# targets: *t
# foreach:
# - list: *l
# preconditions:
# all:
# - <<: *c
# value: "*${DNS_VPN}"
# patchesJson6902: |-
# - path: /spec/tls/{{elementIndex}}/secretName
# op: add
# value: "vpn-tls"
# - name: "secretName-stream-tls"
# match: *m
# mutate:
# targets: *t
# foreach:
# - list: *l
# preconditions:
# all:
# - <<: *c
# value: "*${DNS_STREAM}"
# patchesJson6902: |-
# - path: /spec/tls/{{elementIndex}}/secretName
# op: add
# value: "stream-tls"
# - name: "secretName-me-tls"
# match: *m
# mutate:
# targets: *t
# foreach:
# - list: *l
# preconditions:
# all:
# - <<: *c
# value: "*${DNS_ME}"
# patchesJson6902: |-
# - path: /spec/tls/{{elementIndex}}/secretName
# op: add
# value: "me-tls"
# - name: "secretName-home-tls"
# match: *m
# mutate:
# targets: *t
# foreach:
# - list: *l
# preconditions:
# all:
# - <<: *c
# value: "*${DNS_HOME}"
# patchesJson6902: |-
# - path: /spec/tls/{{elementIndex}}/secretName
# op: add
# value: "home-tls"