From fac61cfb873464d0fc38a8bb23cce8dbbee20c57 Mon Sep 17 00:00:00 2001 From: JJGadgets Date: Tue, 5 Dec 2023 20:22:39 +0800 Subject: [PATCH] fix(kyverno): disable ingress-tls-secretname --- .../_deps/kyverno-ingress-tls-secrets.yaml | 180 +++++++++--------- 1 file changed, 90 insertions(+), 90 deletions(-) diff --git a/kube/deploy/core/ingress/_deps/kyverno-ingress-tls-secrets.yaml b/kube/deploy/core/ingress/_deps/kyverno-ingress-tls-secrets.yaml index d85c6490..6eb1db5a 100644 --- a/kube/deploy/core/ingress/_deps/kyverno-ingress-tls-secrets.yaml +++ b/kube/deploy/core/ingress/_deps/kyverno-ingress-tls-secrets.yaml @@ -75,93 +75,93 @@ spec: name: "home-tls" clone: name: "home-tls" ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/kyverno.io/clusterpolicy_v1.json -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: "ingress-tls-secretname" -spec: - background: true - generateExisting: true - mutateExistingOnPolicyUpdate: true - rules: - - name: "secretName-long-domain-tls" - match: &m - any: - - resources: - kinds: ["Ingress"] - mutate: - targets: &t - - apiVersion: networking.k8s.io/v1 - kind: Ingress - name: "{{ request.object.metadata.name }}" - namespace: "{{ request.object.metadata.namespace }}" - foreach: - - list: &l "request.object.spec.tls[]" - preconditions: - all: - - &c - key: "{{element.hosts[]}}" - operator: AllIn - value: "*${DNS_MAIN}" - patchesJson6902: |- - - path: /spec/tls/{{elementIndex}}/secretName - op: add - value: "long-domain-tls" - - name: "secretName-vpn-tls" - match: *m - mutate: - targets: *t - foreach: - - list: *l - preconditions: - all: - - <<: *c - value: "*${DNS_VPN}" - patchesJson6902: |- - - path: /spec/tls/{{elementIndex}}/secretName - op: add - value: "vpn-tls" - - name: "secretName-stream-tls" - match: *m - mutate: - targets: *t - foreach: - - list: *l - preconditions: - all: - - <<: *c - value: "*${DNS_STREAM}" - patchesJson6902: |- - - path: /spec/tls/{{elementIndex}}/secretName - op: add - value: "stream-tls" - - name: "secretName-me-tls" - match: *m - mutate: - targets: *t - foreach: - - list: *l - preconditions: - all: - - <<: *c - value: "*${DNS_ME}" - patchesJson6902: |- - - path: /spec/tls/{{elementIndex}}/secretName - op: add - value: "me-tls" - - name: "secretName-home-tls" - match: *m - mutate: - targets: *t - foreach: - - list: *l - preconditions: - all: - - <<: *c - value: "*${DNS_HOME}" - patchesJson6902: |- - - path: /spec/tls/{{elementIndex}}/secretName - op: add - value: "home-tls" +# --- +# # yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/kyverno.io/clusterpolicy_v1.json +# apiVersion: kyverno.io/v1 +# kind: ClusterPolicy +# metadata: +# name: "ingress-tls-secretname" +# spec: +# background: true +# generateExisting: true +# mutateExistingOnPolicyUpdate: true +# rules: +# - name: "secretName-long-domain-tls" +# match: &m +# any: +# - resources: +# kinds: ["Ingress"] +# mutate: +# targets: &t +# - apiVersion: networking.k8s.io/v1 +# kind: Ingress +# name: "{{ request.object.metadata.name }}" +# namespace: "{{ request.object.metadata.namespace }}" +# foreach: +# - list: &l "request.object.spec.tls[]" +# preconditions: +# all: +# - &c +# key: "{{element.hosts[]}}" +# operator: AllIn +# value: "*${DNS_MAIN}" +# patchesJson6902: |- +# - path: /spec/tls/{{elementIndex}}/secretName +# op: add +# value: "long-domain-tls" +# - name: "secretName-vpn-tls" +# match: *m +# mutate: +# targets: *t +# foreach: +# - list: *l +# preconditions: +# all: +# - <<: *c +# value: "*${DNS_VPN}" +# patchesJson6902: |- +# - path: /spec/tls/{{elementIndex}}/secretName +# op: add +# value: "vpn-tls" +# - name: "secretName-stream-tls" +# match: *m +# mutate: +# targets: *t +# foreach: +# - list: *l +# preconditions: +# all: +# - <<: *c +# value: "*${DNS_STREAM}" +# patchesJson6902: |- +# - path: /spec/tls/{{elementIndex}}/secretName +# op: add +# value: "stream-tls" +# - name: "secretName-me-tls" +# match: *m +# mutate: +# targets: *t +# foreach: +# - list: *l +# preconditions: +# all: +# - <<: *c +# value: "*${DNS_ME}" +# patchesJson6902: |- +# - path: /spec/tls/{{elementIndex}}/secretName +# op: add +# value: "me-tls" +# - name: "secretName-home-tls" +# match: *m +# mutate: +# targets: *t +# foreach: +# - list: *l +# preconditions: +# all: +# - <<: *c +# value: "*${DNS_HOME}" +# patchesJson6902: |- +# - path: /spec/tls/{{elementIndex}}/secretName +# op: add +# value: "home-tls"