fix: fix kyvero whitelisting rules to use annotation, not label

values/system/oceanbox/kyverno/whitelist-internal-ingresses.yaml

@@ -9,7 +9,7 @@ metadata:
     policies.clusterConfig.kyverno.io/severity: medium
     policies.clusterConfig.kyverno.io/subject: Ingress
     policies.clusterConfig.kyverno.io/description: >-
-      Ingresses with the label "internal=true" should be whitelisted.
+      Ingresses with the annotation "oceanbox.io/expose=internal" should be whitelisted.
       If no whitelist exists, add the default values, otherwise append
       whitelist to the already existing ones
 spec:
@@ -22,9 +22,8 @@ spec:
       resources:
         kinds:
           - Ingress
-        selector:
-          matchLabels:
-            internal: "true"
+        annotations:
+          oceanbox.io/expose: internal
     mutate:
       patchStrategicMerge:
         metadata:
@@ -36,9 +35,8 @@ spec:
       resources:
         kinds:
           - Ingress
-        selector:
-          matchLabels:
-            internal: "true"
+        annotations:
+          oceanbox.io/expose: internal
     preconditions:
       any:
       - key: "{{`{{request.object.metadata.annotations.\"nginx.ingress.kubernetes.io/whitelist-source-range\"}}`}}"
@@ -57,9 +55,8 @@ spec:
       resources:
         kinds:
           - Ingress
-        selector:
-          matchLabels:
-            internal: "true"
+        annotations:
+          oceanbox.io/expose: internal
     preconditions:
       any:
       - key: "{{`{{request.object.metadata.annotations.\"nginx.ingress.kubernetes.io/whitelist-source-range\"}}`}}"