rename annotation

2026-03-26 13:25:53 +01:00
parent 5640a5ca4a
commit 8029b7816d
1 changed files with 6 additions and 6 deletions
--- a/cluster-resources/policies/auth-sidecar-injector.yaml
+++ b/cluster-resources/policies/auth-sidecar-injector.yaml
@@ -10,7 +10,7 @@ metadata:
    policies.kyverno.io/severity: medium
    policies.kyverno.io/subject: Pod
    policies.kyverno.io/description: >-
-      Injects an auth sidecar container into Pods annotated with policies.forteapps.io/auth: "true". Supports three auth modes controlled by the policies.forteapps.io/auth-type annotation: "token" (default), "oidc", and "mcp". In token mode the sidecar reads credentials from a mounted Secret volume. In OIDC mode the sidecar uses OpenID Connect with authority and client-id provided via required annotations (policies.forteapps.io/auth-oidc-authority and policies.forteapps.io/auth-oidc-client-id) and secrets from an auth-oidc Secret. In MCP mode the sidecar implements OAuth 2.0 for MCP servers per RFC 9728 (Protected Resource Metadata) and RFC 7591 (Dynamic Client Registration), configured via policies.forteapps.io/auth-mcp-resource and policies.forteapps.io/auth-mcp-authority annotations. The sidecar port defaults to 8080 and can be overridden via the policies.forteapps.io/auth-sidecar-port annotation. A NetworkPolicy is generated to restrict ingress to the sidecar port only.
+      Injects an auth sidecar container into Pods annotated with policies.forteapps.io/auth: "true". Supports three auth modes controlled by the policies.forteapps.io/auth-type annotation: "token" (default), "oidc", and "mcp". In token mode the sidecar reads credentials from a mounted Secret volume. In OIDC mode the sidecar uses OpenID Connect with authority and client-id provided via required annotations (policies.forteapps.io/auth-oidc-authority and policies.forteapps.io/auth-oidc-client-id) and secrets from an auth-oidc Secret. In MCP mode the sidecar implements OAuth 2.0 for MCP servers per RFC 9728 (Protected Resource Metadata) and RFC 7591 (Dynamic Client Registration), configured via policies.forteapps.io/auth-mcp-resource and policies.forteapps.io/auth-mcp-authority annotations. The sidecar port defaults to 8080 and can be overridden via the policies.forteapps.io/auth-port annotation. A NetworkPolicy is generated to restrict ingress to the sidecar port only.
 spec:
  background: false
  rules:
@@ -121,7 +121,7 @@ spec:
        jmesPath: request.object.spec.containers[?name != 'authn'] | [0].ports[0].containerPort || `3000`
    - name: sidecarPort
      variable:
-        jmesPath: to_number(request.object.metadata.annotations."policies.forteapps.io/auth-sidecar-port" || '8080')
+        jmesPath: to_number(request.object.metadata.annotations."policies.forteapps.io/auth-port" || '8080')
    mutate:
      patchStrategicMerge:
        spec:
@@ -202,7 +202,7 @@ spec:
        jmesPath: request.object.spec.containers[?name != 'authn'] | [0].ports[0].containerPort || `3000`
    - name: sidecarPort
      variable:
-        jmesPath: to_number(request.object.metadata.annotations."policies.forteapps.io/auth-sidecar-port" || '8080')
+        jmesPath: to_number(request.object.metadata.annotations."policies.forteapps.io/auth-port" || '8080')
    mutate:
      patchStrategicMerge:
        spec:
@@ -295,7 +295,7 @@ spec:
        jmesPath: request.object.spec.containers[?name != 'authn'] | [0].ports[0].containerPort || `3000`
    - name: sidecarPort
      variable:
-        jmesPath: to_number(request.object.metadata.annotations."policies.forteapps.io/auth-sidecar-port" || '8080')
+        jmesPath: to_number(request.object.metadata.annotations."policies.forteapps.io/auth-port" || '8080')
    mutate:
      patchStrategicMerge:
        spec:
@@ -374,7 +374,7 @@ spec:
        jmesPath: request.object.spec.containers[?name != 'authn'] | [0].ports[0].containerPort || `3000`
    - name: sidecarPort
      variable:
-        jmesPath: to_number(request.object.metadata.annotations."policies.forteapps.io/auth-sidecar-port" || '8080')
+        jmesPath: to_number(request.object.metadata.annotations."policies.forteapps.io/auth-port" || '8080')
    mutate:
      patchStrategicMerge:
        spec:
@@ -469,7 +469,7 @@ spec:
    context:
    - name: sidecarPort
      variable:
-        jmesPath: to_number(request.object.metadata.annotations."policies.forteapps.io/auth-sidecar-port" || '8080')
+        jmesPath: to_number(request.object.metadata.annotations."policies.forteapps.io/auth-port" || '8080')
    generate:
      synchronize: false
      apiVersion: networking.k8s.io/v1