♻️ renove kyverno annotations

2025-09-17 18:24:14 +02:00 · 2023-11-30 22:17:46 +01:00
parent d4edfcea49
commit e8df666789
37 changed files with 129 additions and 118 deletions
--- a/kubernetes/apps/networking/ingress-nginx/app/clusterpolicy.yaml
+++ b/kubernetes/apps/networking/ingress-nginx/app/clusterpolicy.yaml
@@ -1,76 +0,0 @@
---
-apiVersion: kyverno.io/v1
-kind: ClusterPolicy
-metadata:
-  name: ingress-auth-annotations
-  annotations:
-    policies.kyverno.io/title: Ingress Auth Annotations
-    policies.kyverno.io/subject: Ingress
-    policies.kyverno.io/description: >-
-      This policy creates auth annotations on ingresses. When
-      the `auth.home.arpa/enabled` annotation is `true` it
-      applies the nginx auth annotations for use with Authelia.
-spec:
-  mutateExistingOnPolicyUpdate: true
-  generateExistingOnPolicyUpdate: true
-  rules:
-    - name: auth
-      match:
-        any:
-          - resources:
-              kinds: ["Ingress"]
-              annotations:
-                auth.home.arpa/enabled: "true"
-      mutate:
-        targets:
-          - apiVersion: networking.k8s.io/v1
-            kind: Ingress
-            name: "{{request.object.metadata.name}}"
-            namespace: "{{ request.object.metadata.namespace }}"
-        patchStrategicMerge:
-          metadata:
-            annotations:
-              +(nginx.ingress.kubernetes.io/auth-method): GET
-              +(nginx.ingress.kubernetes.io/auth-url): |-
-                http://authelia.default.svc.cluster.local.:8888/api/verify
-              +(nginx.ingress.kubernetes.io/auth-signin): |-
-                https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
-              +(nginx.ingress.kubernetes.io/auth-response-headers): |-
-                Remote-User,Remote-Name,Remote-Groups,Remote-Email
-              +(nginx.ingress.kubernetes.io/auth-snippet): |
-                proxy_set_header X-Forwarded-Method $request_method;
---
-apiVersion: kyverno.io/v1
-kind: ClusterPolicy
-metadata:
-  name: ingress-external-dns-annotations
-  annotations:
-    policies.kyverno.io/title: Ingress External-DNS Annotations
-    policies.kyverno.io/subject: Ingress
-    policies.kyverno.io/description: >-
-      This policy creates external-dns annotations on ingresses.
-      When the `external-dns.home.arpa/enabled` annotation is `true`
-      it applies the external-dns annotations for use with external
-      application access.
-spec:
-  mutateExistingOnPolicyUpdate: true
-  generateExistingOnPolicyUpdate: true
-  rules:
-    - name: external-dns
-      match:
-        any:
-          - resources:
-              kinds: ["Ingress"]
-              annotations:
-                external-dns.home.arpa/enabled: "true"
-      mutate:
-        targets:
-          - apiVersion: networking.k8s.io/v1
-            kind: Ingress
-            name: "{{request.object.metadata.name}}"
-            namespace: "{{ request.object.metadata.namespace }}"
-        patchStrategicMerge:
-          metadata:
-            annotations:
-              +(external-dns.alpha.kubernetes.io/target): |-
-                services.${SECRET_DOMAIN}.
--- a/kubernetes/apps/networking/ingress-nginx/app/kustomization.yaml
+++ b/kubernetes/apps/networking/ingress-nginx/app/kustomization.yaml
@@ -6,4 +6,3 @@ namespace: networking
 resources:
  - ./dashboard
  - ./helmrelease.yaml
-  - ./clusterpolicy.yaml