Forte/launchpad
6
0
Fork 0
Code Issues Pull Requests Actions Packages Wiki Activity

method: GET

Browse Source
This commit is contained in:
Danijel Simeunovic
2026-03-13 12:26:44 +01:00
parent 4624cc7278
commit 0a803cda11
1 changed files with 2 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
cluster-resources/policies/auth-sidecar-injector.yaml
View File

@@ -10,13 +10,7 @@ metadata:
policies.kyverno.io/severity: medium
policies.kyverno.io/subject: Pod
policies.kyverno.io/description: >-
Injects an auth sidecar container into Pods annotated with
policies.forteapps.io/auth: "true". The sidecar proxies requests through
a token-based auth layer. If the auth-tokens Secret does not exist in the
namespace, an empty one is created to prevent volume mount failures.
Upstream URL and image can be overridden via
policies.forteapps.io/auth-upstream-url and
policies.forteapps.io/auth-image annotations.
Injects an auth sidecar container into Pods annotated with policies.forteapps.io/auth: "true". The sidecar proxies requests through a token-based auth layer. If the auth-tokens Secret does not exist in the namespace, an empty one is created to prevent volume mount failures. Upstream URL and image can be overridden via policies.forteapps.io/auth-upstream-url and policies.forteapps.io/auth-image annotations.
spec:
background: false
rules:
@@ -112,6 +106,7 @@ spec:
context:
- name: secretCount
apiCall:
method: GET
urlPath: /api/v1/namespaces/{{request.namespace}}/secrets
jmesPath: "items[?metadata.name == 'auth-tokens'] | length(@)"
preconditions: