diff --git a/values/system/ekman/kyverno/sync-keyvault-secret.yaml b/values/system/ekman/kyverno/sync-keyvault-secret.yaml index 31968227..54ce8f69 100644 --- a/values/system/ekman/kyverno/sync-keyvault-secret.yaml +++ b/values/system/ekman/kyverno/sync-keyvault-secret.yaml @@ -18,7 +18,7 @@ spec: namespace: sorcerer kind: Secret name: azure-keyvault - namespace: '{{request.object.metadata.namespace}}' + namespace: '{{`{{request.object.metadata.namespace}}`}}' synchronize: true match: any: diff --git a/values/system/ekman/kyverno/sync-oceanbox-regcred.yaml b/values/system/ekman/kyverno/sync-oceanbox-regcred.yaml index 26a3514a..83469b27 100644 --- a/values/system/ekman/kyverno/sync-oceanbox-regcred.yaml +++ b/values/system/ekman/kyverno/sync-oceanbox-regcred.yaml @@ -25,7 +25,7 @@ spec: kind: Secret # name: oceanbox-regcred name: gitlab-pull-secret - namespace: '{{request.object.metadata.name}}' + namespace: '{{`{{request.object.metadata.name}}`}}' synchronize: true exclude: any: diff --git a/values/system/ekman/kyverno/sync-sorcerer-secrets.yaml b/values/system/ekman/kyverno/sync-sorcerer-secrets.yaml index 9479b8d9..c0831635 100644 --- a/values/system/ekman/kyverno/sync-sorcerer-secrets.yaml +++ b/values/system/ekman/kyverno/sync-sorcerer-secrets.yaml @@ -10,8 +10,8 @@ spec: generate: apiVersion: v1 kind: Secret - name: '{{ request.object.metadata.name }}' - namespace: '{{ request.object.metadata.namespace }}' + name: '{{`{{ request.object.metadata.name }}`}}' + namespace: '{{`{{ request.object.metadata.namespace }}`}}' synchronize: true clone: name: staging-sorcerer-env @@ -34,8 +34,8 @@ spec: generate: apiVersion: v1 kind: Secret - name: '{{ request.object.metadata.name }}' - namespace: '{{ request.object.metadata.namespace }}' + name: '{{`{{ request.object.metadata.name }}`}}' + namespace: '{{`{{ request.object.metadata.namespace }}`}}' synchronize: true clone: name: dapr-api-token diff --git a/values/system/oceanbox/kyverno/add-openfga-secret.yaml b/values/system/oceanbox/kyverno/add-openfga-secret.yaml index 14965eec..5a3b9ab3 100644 --- a/values/system/oceanbox/kyverno/add-openfga-secret.yaml +++ b/values/system/oceanbox/kyverno/add-openfga-secret.yaml @@ -22,11 +22,11 @@ spec: targets: - apiVersion: v1 kind: Secret - name: "{{ request.object.metadata.name }}" + name: '{{`{{ request.object.metadata.name }}`}}' patchStrategicMerge: stringData: - postgres-password: '{{ request.object.data.password | base64_decode(@) }}' - uri: 'postgres://{{ request.object.data.username | base64_decode(@) }}:{{ request.object.data.password | base64_decode(@) }}@{{ request.object.metadata.labels."cnpg.io/cluster" }}-rw/app?sslmode=disable' + postgres-password: '{{`{{ request.object.data.password | base64_decode(@) }}`}}' + uri: '{{`postgres://{{ request.object.data.username | base64_decode(@) }}:{{ request.object.data.password | base64_decode(@) }}@{{ request.object.metadata.labels."cnpg.io/cluster" }}-rw/app?sslmode=disable`}}' skipBackgroundRequests: true validationFailureAction: Audit diff --git a/values/system/oceanbox/kyverno/sync-atlantis-secrets.yaml b/values/system/oceanbox/kyverno/sync-atlantis-secrets.yaml index 02cc15f6..01097996 100644 --- a/values/system/oceanbox/kyverno/sync-atlantis-secrets.yaml +++ b/values/system/oceanbox/kyverno/sync-atlantis-secrets.yaml @@ -10,8 +10,8 @@ spec: generate: apiVersion: v1 kind: Secret - name: '{{ request.object.metadata.name }}' - namespace: '{{ request.object.metadata.namespace }}' + name: '{{`{{ request.object.metadata.name }}`}}' + namespace: '{{`{{ request.object.metadata.namespace }}`}}' synchronize: true clone: name: prod-rabbitmq @@ -35,8 +35,8 @@ spec: generate: apiVersion: v1 kind: Secret - name: '{{ request.object.metadata.name }}' - namespace: '{{ request.object.metadata.namespace }}' + name: '{{`{{ request.object.metadata.name }}`}}' + namespace: '{{`{{ request.object.metadata.namespace }}`}}' synchronize: true clone: name: staging-rabbitmq @@ -60,8 +60,8 @@ spec: generate: apiVersion: v1 kind: Secret - name: '{{ request.object.metadata.name }}' - namespace: '{{ request.object.metadata.namespace }}' + name: '{{`{{ request.object.metadata.name }}`}}' + namespace: '{{`{{ request.object.metadata.namespace }}`}}' synchronize: true clone: name: staging-atlantis-env @@ -84,8 +84,8 @@ spec: generate: apiVersion: v1 kind: Secret - name: '{{ request.object.metadata.name }}' - namespace: '{{ request.object.metadata.namespace }}' + name: '{{`{{ request.object.metadata.name }}`}}' + namespace: '{{`{{ request.object.metadata.namespace }}`}}' synchronize: true clone: name: azure-keyvault @@ -108,8 +108,8 @@ spec: generate: apiVersion: v1 kind: Secret - name: '{{ request.object.metadata.name }}' - namespace: '{{ request.object.metadata.namespace }}' + name: '{{`{{ request.object.metadata.name }}`}}' + namespace: '{{`{{ request.object.metadata.namespace }}`}}' synchronize: true clone: name: dapr-api-token @@ -133,7 +133,7 @@ spec: apiVersion: v1 kind: Secret name: prod-atlantis-db-ca - namespace: '{{ request.object.metadata.namespace }}' + namespace: '{{`{{ request.object.metadata.namespace }}`}}' synchronize: true clone: namespace: prod-atlantis @@ -152,7 +152,7 @@ spec: apiVersion: v1 kind: Secret name: prod-atlantis-db-replication - namespace: '{{ request.object.metadata.namespace }}' + namespace: '{{`{{ request.object.metadata.namespace }}`}}' synchronize: true clone: namespace: prod-atlantis diff --git a/values/system/oceanbox/kyverno/sync-keyvault-secret.yaml b/values/system/oceanbox/kyverno/sync-keyvault-secret.yaml index eb6ec222..ec2c584e 100644 --- a/values/system/oceanbox/kyverno/sync-keyvault-secret.yaml +++ b/values/system/oceanbox/kyverno/sync-keyvault-secret.yaml @@ -18,7 +18,7 @@ spec: namespace: atlantis kind: Secret name: azure-keyvault - namespace: '{{request.object.metadata.name}}' + namespace: '{{`{{request.object.metadata.name}}`}}' synchronize: true match: any: diff --git a/values/system/oceanbox/kyverno/sync-regcred.yaml b/values/system/oceanbox/kyverno/sync-regcred.yaml index 87790582..bd69c3ca 100644 --- a/values/system/oceanbox/kyverno/sync-regcred.yaml +++ b/values/system/oceanbox/kyverno/sync-regcred.yaml @@ -25,7 +25,7 @@ spec: kind: Secret # name: oceanbox-regcred name: gitlab-pull-secret - namespace: '{{request.object.metadata.name}}' + namespace: '{{`{{request.object.metadata.name}}`}}' synchronize: true exclude: any: diff --git a/values/system/oceanbox/network/atlantis/atlantis-policies.yaml b/values/system/oceanbox/network/atlantis/atlantis-policies.yaml index fe53f6e0..09b6771d 100644 --- a/values/system/oceanbox/network/atlantis/atlantis-policies.yaml +++ b/values/system/oceanbox/network/atlantis/atlantis-policies.yaml @@ -10,17 +10,16 @@ spec: k8s:io.kubernetes.pod.namespace: dapr-system - toEndpoints: - matchLabels: - k8s:io.kubernetes.pod.namespace: {{ .Values.rabbitmq.namespace | default "rabbitmq" }} + k8s:io.kubernetes.pod.namespace: rabbitmq - toEndpoints: - matchLabels: - k8s:io.kubernetes.pod.namespace: {{ .Values.tracing.namespace | default "otel" }} + k8s:io.kubernetes.pod.namespace: otel - toFQDNs: - matchName: dapr.github.io - matchName: analytics.loft.rocks + - matchPattern: '*.oceanbox.io' # - matchName: gitlab.com # - matchName: api.github.com - - matchPattern: "*.k1.itpartner.no" - - matchPattern: '*.oceanbox.io' # - matchPattern: '*.gitlab.com' endpointSelector: matchLabels: {}