admin/stonks-oracle
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a5f2bcde557d8bfc894d97dd63414ea36deac1d7
stonks-oracle/pipelines/woodpecker/kyverno-proxy-ca.yaml
T
Celes Renata 390cb0b4bf fix: remove proxy injection from build pods 
SSL filtering is off on the proxy. The proxy env vars were causing
Docker login failures (proxy intercepting Harbor auth) and pip hash
mismatches (proxy caching stale packages). Keep only the CA cert
mount for any remaining TLS needs.
2026-04-21 04:02:23 +00:00

46 lines
1.2 KiB
YAML
Raw Blame History

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: woodpecker-proxy-ca
annotations:
policies.kyverno.io/title: "Woodpecker Proxy CA Injection"
policies.kyverno.io/category: "Networking"
policies.kyverno.io/subject: "Pod"
spec:
rules:
- name: inject-ca-cert
match:
any:
- resources:
kinds:
- Pod
namespaces:
- woodpecker
exclude:
any:
- resources:
selector:
matchLabels:
app.kubernetes.io/name: server
- resources:
selector:
matchLabels:
app.kubernetes.io/name: agent
mutate:
patchStrategicMerge:
spec:
containers:
- (name): "*"
env:
- name: SSL_CERT_FILE
value: "/etc/ssl/certs/proxy-ca.crt"
volumeMounts:
- name: proxy-ca
mountPath: /etc/ssl/certs/proxy-ca.crt
subPath: ca.crt
readOnly: true
volumes:
- name: proxy-ca
configMap:
name: proxy-ca-cert
Reference in New Issue View Git Blame Copy Permalink