admin/stonks-oracle
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
36ea1fc585fe64dd626771c313134c446e2d93d4
stonks-oracle/pipelines/woodpecker/kyverno-proxy-ca.yaml
T
Celes Renata b0e64bf90f fix: add .celestium.life to NO_PROXY in Kyverno build pod policy 
The Kyverno policy injected HTTP_PROXY into build pods but NO_PROXY
was missing .celestium.life. Docker login to registry.celestium.life
was going through the Squid proxy which does SSL interception,
causing auth failures.
2026-04-21 02:55:46 +00:00

54 lines
1.7 KiB
YAML
Raw Blame History

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: woodpecker-proxy-ca
annotations:
policies.kyverno.io/title: "Woodpecker Proxy CA Injection"
policies.kyverno.io/category: "Networking"
policies.kyverno.io/subject: "Pod"
spec:
rules:
- name: inject-ca-cert
match:
any:
- resources:
kinds:
- Pod
namespaces:
- woodpecker
exclude:
any:
- resources:
selector:
matchLabels:
app.kubernetes.io/name: server
- resources:
selector:
matchLabels:
app.kubernetes.io/name: agent
mutate:
patchStrategicMerge:
spec:
containers:
- (name): "*"
env:
- name: HTTP_PROXY
value: "http://192.168.42.1:3128"
- name: HTTPS_PROXY
value: "http://192.168.42.1:3128"
- name: NO_PROXY
value: "10.0.0.0/8,192.168.0.0/16,127.0.0.1,localhost,.local,.celestium.life"
- name: no_proxy
value: "10.0.0.0/8,192.168.0.0/16,127.0.0.1,localhost,.local,.celestium.life"
- name: SSL_CERT_FILE
value: "/etc/ssl/certs/proxy-ca.crt"
volumeMounts:
- name: proxy-ca
mountPath: /etc/ssl/certs/proxy-ca.crt
subPath: ca.crt
readOnly: true
volumes:
- name: proxy-ca
configMap:
name: proxy-ca-cert
Reference in New Issue View Git Blame Copy Permalink