From b0e64bf90f8320d272cf55c6e8544c2e3eeaf78b Mon Sep 17 00:00:00 2001
From: Celes Renata <celes@frameshift.net>
Date: Tue, 21 Apr 2026 02:55:46 +0000
Subject: [PATCH] fix: add .celestium.life to NO_PROXY in Kyverno build pod
 policy

The Kyverno policy injected HTTP_PROXY into build pods but NO_PROXY
was missing .celestium.life. Docker login to registry.celestium.life
was going through the Squid proxy which does SSL interception,
causing auth failures.
---
 pipelines/woodpecker/kyverno-proxy-ca.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pipelines/woodpecker/kyverno-proxy-ca.yaml b/pipelines/woodpecker/kyverno-proxy-ca.yaml
index 8acdc66..c8d673c 100644
--- a/pipelines/woodpecker/kyverno-proxy-ca.yaml
+++ b/pipelines/woodpecker/kyverno-proxy-ca.yaml
@@ -37,9 +37,9 @@ spec:
                   - name: HTTPS_PROXY
                     value: "http://192.168.42.1:3128"
                   - name: NO_PROXY
-                    value: "10.0.0.0/8,192.168.0.0/16,127.0.0.1,localhost,.local"
+                    value: "10.0.0.0/8,192.168.0.0/16,127.0.0.1,localhost,.local,.celestium.life"
                   - name: no_proxy
-                    value: "10.0.0.0/8,192.168.0.0/16,127.0.0.1,localhost,.local"
+                    value: "10.0.0.0/8,192.168.0.0/16,127.0.0.1,localhost,.local,.celestium.life"
                   - name: SSL_CERT_FILE
                     value: "/etc/ssl/certs/proxy-ca.crt"
                 volumeMounts: