platform/manifests
1
0
Fork 0
Code Issues 7 Pull Requests 5 Actions Packages Projects Releases Wiki Activity

fix: fix kyverno object exapnsion esacpes

Browse Source
This commit is contained in:
Jonas Juselius
2025-06-19 18:23:58 +02:00
parent bb0c042182
commit e156888679
8 changed files with 26 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files
values/system/oceanbox/kyverno/add-openfga-secret.yaml
+3 -3
View File
@@ -22,11 +22,11 @@ spec:
targets:
- apiVersion: v1
kind: Secret
name: "{{ request.object.metadata.name }}"
name: '{{`{{ request.object.metadata.name }}`}}'
patchStrategicMerge:
stringData:
postgres-password: '{{ request.object.data.password | base64_decode(@) }}'
uri: 'postgres://{{ request.object.data.username | base64_decode(@) }}:{{ request.object.data.password | base64_decode(@) }}@{{ request.object.metadata.labels."cnpg.io/cluster" }}-rw/app?sslmode=disable'
postgres-password: '{{`{{ request.object.data.password | base64_decode(@) }}`}}'
uri: '{{`postgres://{{ request.object.data.username | base64_decode(@) }}:{{ request.object.data.password | base64_decode(@) }}@{{ request.object.metadata.labels."cnpg.io/cluster" }}-rw/app?sslmode=disable`}}'
skipBackgroundRequests: true
validationFailureAction: Audit
values/system/oceanbox/kyverno/sync-atlantis-secrets.yaml
+12 -12
View File
@@ -10,8 +10,8 @@ spec:
generate:
apiVersion: v1
kind: Secret
name: '{{ request.object.metadata.name }}'
namespace: '{{ request.object.metadata.namespace }}'
name: '{{`{{ request.object.metadata.name }}`}}'
namespace: '{{`{{ request.object.metadata.namespace }}`}}'
synchronize: true
clone:
name: prod-rabbitmq
@@ -35,8 +35,8 @@ spec:
generate:
apiVersion: v1
kind: Secret
name: '{{ request.object.metadata.name }}'
namespace: '{{ request.object.metadata.namespace }}'
name: '{{`{{ request.object.metadata.name }}`}}'
namespace: '{{`{{ request.object.metadata.namespace }}`}}'
synchronize: true
clone:
name: staging-rabbitmq
@@ -60,8 +60,8 @@ spec:
generate:
apiVersion: v1
kind: Secret
name: '{{ request.object.metadata.name }}'
namespace: '{{ request.object.metadata.namespace }}'
name: '{{`{{ request.object.metadata.name }}`}}'
namespace: '{{`{{ request.object.metadata.namespace }}`}}'
synchronize: true
clone:
name: staging-atlantis-env
@@ -84,8 +84,8 @@ spec:
generate:
apiVersion: v1
kind: Secret
name: '{{ request.object.metadata.name }}'
namespace: '{{ request.object.metadata.namespace }}'
name: '{{`{{ request.object.metadata.name }}`}}'
namespace: '{{`{{ request.object.metadata.namespace }}`}}'
synchronize: true
clone:
name: azure-keyvault
@@ -108,8 +108,8 @@ spec:
generate:
apiVersion: v1
kind: Secret
name: '{{ request.object.metadata.name }}'
namespace: '{{ request.object.metadata.namespace }}'
name: '{{`{{ request.object.metadata.name }}`}}'
namespace: '{{`{{ request.object.metadata.namespace }}`}}'
synchronize: true
clone:
name: dapr-api-token
@@ -133,7 +133,7 @@ spec:
apiVersion: v1
kind: Secret
name: prod-atlantis-db-ca
namespace: '{{ request.object.metadata.namespace }}'
namespace: '{{`{{ request.object.metadata.namespace }}`}}'
synchronize: true
clone:
namespace: prod-atlantis
@@ -152,7 +152,7 @@ spec:
apiVersion: v1
kind: Secret
name: prod-atlantis-db-replication
namespace: '{{ request.object.metadata.namespace }}'
namespace: '{{`{{ request.object.metadata.namespace }}`}}'
synchronize: true
clone:
namespace: prod-atlantis
values/system/oceanbox/kyverno/sync-keyvault-secret.yaml
+1 -1
View File
@@ -18,7 +18,7 @@ spec:
namespace: atlantis
kind: Secret
name: azure-keyvault
namespace: '{{request.object.metadata.name}}'
namespace: '{{`{{request.object.metadata.name}}`}}'
synchronize: true
match:
any:
values/system/oceanbox/kyverno/sync-regcred.yaml
+1 -1
View File
@@ -25,7 +25,7 @@ spec:
kind: Secret
# name: oceanbox-regcred
name: gitlab-pull-secret
namespace: '{{request.object.metadata.name}}'
namespace: '{{`{{request.object.metadata.name}}`}}'
synchronize: true
exclude:
any: