deploy/kustomize/kyverno/mutate/mutate-semaphore-xds-clients-env.yaml

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: mutate-semaphore-xds-bootstrap-config
  annotations:
    policies.kyverno.io/title: Mutate Sempaphore-xDS Bootstrap Config
    policies.kyverno.io/category: xDS
    policies.kyverno.io/subject: Pod
    policies.kyverno.io/description: >-
      This policy ensures that pods labelled as clients of semaphore-xDS server
      will have the needed xDS bootstrap configuration available as an
      environment variable.
spec:
  background: false
  mutateExistingOnPolicyUpdate: false
  rules:
  - name: xds-clients-inject-env
    match:
      resources:
        kinds:
        - Pod
        operations:
        - CREATE
        selector:
          matchLabels:
            xds.semaphore.uw.systems/client: "true"
    mutate:
      patchStrategicMerge:
        spec:
          initContainers:
            - (name): "*"
              env:
              - name: POD_NAME
                valueFrom:
                  fieldRef:
                    fieldPath: metadata.name
              - name: GRPC_XDS_BOOTSTRAP_CONFIG
                value: >-
                  {
                    "xds_servers": [{
                      "server_uri": "semaphore-xds.sys-semaphore.svc.cluster.local:18000",
                      "channel_creds": [{"type": "insecure"}],
                      "server_features": ["xds_v3"]}
                    ],
                    "node":{
                      "id":"{{request.object.metadata.namespace}}/\$(POD_NAME)",
                      "locality":{}
                    },
                    "authorities": {
                      "aws": {
                        "xds_servers": [{
                          "server_uri": "semaphore-xds.sys-semaphore.svc.cluster.aws:18000",
                          "channel_creds": [{"type": "insecure"}],
                          "server_features": ["xds_v3"]}
                        ]
                      },
                      "gcp": {
                        "xds_servers": [{
                          "server_uri": "semaphore-xds.sys-semaphore.svc.cluster.gcp:18000",
                          "channel_creds": [{"type": "insecure"}],
                          "server_features": ["xds_v3"]}
                        ]
                      },
                      "merit": {
                        "xds_servers": [{
                          "server_uri": "semaphore-xds.sys-semaphore.svc.cluster.merit:18000",
                          "channel_creds": [{"type": "insecure"}],
                          "server_features": ["xds_v3"]}
                        ]
                      }
                    }
                  }
          containers:
            - (name): "*"
              env:
              - name: POD_NAME
                valueFrom:
                  fieldRef:
                    fieldPath: metadata.name
              - name: GRPC_XDS_BOOTSTRAP_CONFIG
                value: >- 
                  {
                    "xds_servers": [{
                      "server_uri": "semaphore-xds.sys-semaphore.svc.cluster.local:18000",
                      "channel_creds": [{"type": "insecure"}],
                      "server_features": ["xds_v3"]}
                    ],
                    "node":{
                      "id":"{{request.object.metadata.namespace}}/\$(POD_NAME)",
                      "locality":{}
                    },
                    "authorities": {
                      "aws": {
                        "xds_servers": [{
                          "server_uri": "semaphore-xds.sys-semaphore.svc.cluster.aws:18000",
                          "channel_creds": [{"type": "insecure"}],
                          "server_features": ["xds_v3"]}
                        ]
                      },
                      "gcp": {
                        "xds_servers": [{
                          "server_uri": "semaphore-xds.sys-semaphore.svc.cluster.gcp:18000",
                          "channel_creds": [{"type": "insecure"}],
                          "server_features": ["xds_v3"]}
                        ]
                      },
                      "merit": {
                        "xds_servers": [{
                          "server_uri": "semaphore-xds.sys-semaphore.svc.cluster.merit:18000",
                          "channel_creds": [{"type": "insecure"}],
                          "server_features": ["xds_v3"]}
                        ]
                      }
                    }
                  }