From 241795d8f55b63e4d3aa24c231365dc4911f2a86 Mon Sep 17 00:00:00 2001 From: auricom <27022259+auricom@users.noreply.github.com> Date: Sat, 4 Nov 2023 18:48:51 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A5=20kyverno=20policy?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../ingress-nginx/app/clusterpolicy.yaml | 38 ------------------- 1 file changed, 38 deletions(-) diff --git a/kubernetes/apps/networking/ingress-nginx/app/clusterpolicy.yaml b/kubernetes/apps/networking/ingress-nginx/app/clusterpolicy.yaml index 08cffc224..8951d5005 100644 --- a/kubernetes/apps/networking/ingress-nginx/app/clusterpolicy.yaml +++ b/kubernetes/apps/networking/ingress-nginx/app/clusterpolicy.yaml @@ -74,41 +74,3 @@ spec: annotations: +(external-dns.alpha.kubernetes.io/target): |- services.${SECRET_DOMAIN}. ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: ingress-whitelist-annotations - annotations: - policies.kyverno.io/title: Ingress Whitelist Annotations - policies.kyverno.io/subject: Ingress - policies.kyverno.io/description: >- - This policy creates annotations on ingresses. When - the `external-dns.home.arpa/enabled` annotation is not - set it applies the nginx annotations for use with only - internal application access. -spec: - mutateExistingOnPolicyUpdate: true - generateExistingOnPolicyUpdate: true - rules: - - name: whitelist - match: - any: - - resources: - kinds: ["Ingress"] - exclude: - any: - - resources: - annotations: - external-dns.home.arpa/enabled: "true" - mutate: - targets: - - apiVersion: networking.k8s.io/v1 - kind: Ingress - name: "{{request.object.metadata.name}}" - namespace: "{{ request.object.metadata.namespace }}" - patchStrategicMerge: - metadata: - annotations: - +(nginx.ingress.kubernetes.io/whitelist-source-range): |- - 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16