rverchere/mutate-rancher-secrets-webhookconfiguration.yaml

## mutate-rancher-secrets-webhookconfiguration.yaml
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: mutate-rancher-secrets-webhookconfiguration
  annotations:
    policies.kyverno.io/title: Filter Rancher secrets WebhookConfiguration
    policies.kyverno.io/description: >-
      Filter Rancher WebhookConfiguration to match secrets not in the `kube-system` namespace
spec:
  mutateExistingOnPolicyUpdate: true
  rules:
    - name: mutate-rancher-secrets-mutatingwebhookconfiguration
      match:
        any:
        - resources:
            kinds:
            - MutatingWebhookConfiguration
            names:
            - rancher.cattle.io
      mutate:
        targets:
        - apiVersion: admissionregistration.k8s.io/v1
          kind: MutatingWebhookConfiguration
          name: rancher.cattle.io
        patchStrategicMerge:
          webhooks:
            - name: rancher.cattle.io.secrets
              namespaceSelector:
                matchExpressions:
                  - key: kubernetes.io/metadata.name
                    operator: NotIn
                    values:
                      - kube-system
    - name: mutate-rancher-secrets-validatingwebhookconfigurations
      match:
        any:
        - resources:
            kinds:
            - ValidatingWebhookConfiguration
            names:
            - rancher.cattle.io
      mutate:
        targets:
        - apiVersion: admissionregistration.k8s.io/v1
          kind: ValidatingWebhookConfiguration
          name: rancher.cattle.io
        patchStrategicMerge:
          webhooks:
            - name: rancher.cattle.io.secrets
              namespaceSelector:
                matchExpressions:
                  - key: kubernetes.io/metadata.name
                    operator: NotIn
                    values:
                      - kube-system
	apiVersion: kyverno.io/v1
	kind: ClusterPolicy
	metadata:
	name: mutate-rancher-secrets-webhookconfiguration
	annotations:
	policies.kyverno.io/title: Filter Rancher secrets WebhookConfiguration
	policies.kyverno.io/description: >-
	Filter Rancher WebhookConfiguration to match secrets not in the `kube-system` namespace
	spec:
	mutateExistingOnPolicyUpdate: true
	rules:
	- name: mutate-rancher-secrets-mutatingwebhookconfiguration
	match:
	any:
	- resources:
	kinds:
	- MutatingWebhookConfiguration
	names:
	- rancher.cattle.io
	mutate:
	targets:
	- apiVersion: admissionregistration.k8s.io/v1
	kind: MutatingWebhookConfiguration
	name: rancher.cattle.io
	patchStrategicMerge:
	webhooks:
	- name: rancher.cattle.io.secrets
	namespaceSelector:
	matchExpressions:
	- key: kubernetes.io/metadata.name
	operator: NotIn
	values:
	- kube-system
	- name: mutate-rancher-secrets-validatingwebhookconfigurations
	match:
	any:
	- resources:
	kinds:
	- ValidatingWebhookConfiguration
	names:
	- rancher.cattle.io
	mutate:
	targets:
	- apiVersion: admissionregistration.k8s.io/v1
	kind: ValidatingWebhookConfiguration
	name: rancher.cattle.io
	patchStrategicMerge:
	webhooks:
	- name: rancher.cattle.io.secrets
	namespaceSelector:
	matchExpressions:
	- key: kubernetes.io/metadata.name
	operator: NotIn
	values:
	- kube-system
No results found