From 70b666e53c9a6253d5ee2c70edb14df60734a0db Mon Sep 17 00:00:00 2001 From: shuting Date: Mon, 25 Nov 2024 23:10:23 +0800 Subject: [PATCH] fix: add conversion function in Helm template (#11651) * fix: add conversion function in Helm template Signed-off-by: ShutingZhao * fix: retain object as is Signed-off-by: ShutingZhao * fix: json format Signed-off-by: ShutingZhao * fix: code-gen Signed-off-by: ShutingZhao --------- Signed-off-by: ShutingZhao --- charts/kyverno/templates/config/_helpers.tpl | 27 +++++++++++++++----- config/install-latest-testing.yaml | 2 +- 2 files changed, 22 insertions(+), 7 deletions(-) diff --git a/charts/kyverno/templates/config/_helpers.tpl b/charts/kyverno/templates/config/_helpers.tpl index 2d1d4262b1..05c6932714 100644 --- a/charts/kyverno/templates/config/_helpers.tpl +++ b/charts/kyverno/templates/config/_helpers.tpl @@ -56,12 +56,27 @@ {{- define "kyverno.config.webhooks" -}} {{- $excludeDefault := dict "key" "kubernetes.io/metadata.name" "operator" "NotIn" "values" (list (include "kyverno.namespace" .)) }} -{{- $webhook := .Values.config.webhooks }} -{{- $namespaceSelector := default dict $webhook.namespaceSelector }} -{{- $matchExpressions := default list $namespaceSelector.matchExpressions }} -{{- $newNamespaceSelector := dict "matchLabels" $namespaceSelector.matchLabels "matchExpressions" (append $matchExpressions $excludeDefault) }} -{{- $newWebhook := merge (omit $webhook "namespaceSelector") (dict "namespaceSelector" $newNamespaceSelector) }} -{{- $newWebhook | toJson }} +{{- $webhooks := .Values.config.webhooks -}} +{{- if $webhooks | typeIs "slice" -}} + {{- $newWebhooks := dict -}} + {{- range $index, $webhook := $webhooks -}} + {{- if $webhook.namespaceSelector -}} + {{- $namespaceSelector := $webhook.namespaceSelector }} + {{- $matchExpressions := default (list) $namespaceSelector.matchExpressions }} + {{- $newNamespaceSelector := dict "matchLabels" $namespaceSelector.matchLabels "matchExpressions" (append $matchExpressions $excludeDefault) }} + {{- $newWebhook := merge (omit $webhook "namespaceSelector") (dict "namespaceSelector" $newNamespaceSelector) }} + {{- $newWebhooks = merge $newWebhooks (dict $webhook.name $newWebhook) }} + {{- end -}} + {{- end -}} + {{- $newWebhooks | toJson | nindent 2 }} +{{- else -}} + {{- $webhook := $webhooks }} + {{- $namespaceSelector := default (dict) $webhook.namespaceSelector }} + {{- $matchExpressions := default (list) $namespaceSelector.matchExpressions }} + {{- $newNamespaceSelector := dict "matchLabels" $namespaceSelector.matchLabels "matchExpressions" (append $matchExpressions $excludeDefault) }} + {{- $newWebhook := merge (omit $webhook "namespaceSelector") (dict "namespaceSelector" $newNamespaceSelector) }} + {{- $newWebhook | toJson | nindent 2 }} +{{- end -}} {{- end -}} {{- define "kyverno.config.imagePullSecret" -}} diff --git a/config/install-latest-testing.yaml b/config/install-latest-testing.yaml index 1bd3e82d26..e87b45aae7 100644 --- a/config/install-latest-testing.yaml +++ b/config/install-latest-testing.yaml @@ -175,7 +175,7 @@ data: [Secret,kyverno,kyverno-svc.kyverno.svc.*] [Secret,kyverno,kyverno-cleanup-controller.kyverno.svc.*] updateRequestThreshold: "1000" - webhooks: "{\"namespaceSelector\":{\"matchExpressions\":[{\"key\":\"kubernetes.io/metadata.name\",\"operator\":\"NotIn\",\"values\":[\"kube-system\"]},{\"key\":\"kubernetes.io/metadata.name\",\"operator\":\"NotIn\",\"values\":[\"kyverno\"]}],\"matchLabels\":null}}" + webhooks: "\n {\"namespaceSelector\":{\"matchExpressions\":[{\"key\":\"kubernetes.io/metadata.name\",\"operator\":\"NotIn\",\"values\":[\"kube-system\"]},{\"key\":\"kubernetes.io/metadata.name\",\"operator\":\"NotIn\",\"values\":[\"kyverno\"]}],\"matchLabels\":null}}" webhookAnnotations: "{\"admissions.enforcer/disabled\":\"true\"}" --- apiVersion: v1