[Bug] duplicate rules in ValidatingWebhookConfiguration
Kyverno Version
1.15.0
Description
Create several validatingPolicy objects targeting the same kind of resources
apiVersion: policies.kyverno.io/v1alpha1
kind: ValidatingPolicy
metadata:
name: policy1
spec:
validationActions:
- Audit
failurePolicy: Ignore
autogen:
podControllers:
controllers: []
evaluation:
background:
enabled: true
matchConstraints:
resourceRules:
- apiGroups: ["apps"]
apiVersions: ["v1"]
resources: ["deployments","statefulsets","daemonsets"]
operations: ["CREATE","UPDATE"]
validations:
- expression: "0 == 0"
message: 'never fails'
---
apiVersion: policies.kyverno.io/v1alpha1
kind: ValidatingPolicy
metadata:
name: policy2
spec:
validationActions:
- Audit
failurePolicy: Ignore
autogen:
podControllers:
controllers: []
evaluation:
background:
enabled: true
matchConstraints:
resourceRules:
- apiGroups: ["apps"]
apiVersions: ["v1"]
resources: ["deployments","statefulsets","daemonsets"]
operations: ["CREATE","UPDATE"]
validations:
- expression: "0 == 0"
message: 'never fails'The generated ValidatingWebhookConfiguration contains duplicate rules, like in (short version)
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
annotations:
admissions.enforcer/disabled: "true"
labels:
webhook.kyverno.io/managed-by: kyverno
name: kyverno-resource-validating-webhook-cfg
webhooks:
- admissionReviewVersions:
- v1
failurePolicy: Ignore
matchPolicy: Equivalent
name: vpol.validate.kyverno.svc-ignore
namespaceSelector:
matchExpressions:
- key: kubernetes.io/metadata.name
operator: NotIn
values:
- kyverno
objectSelector: {}
rules:
- apiGroups:
- apps
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- deployments
- statefulsets
- daemonsets
scope: '*'
- apiGroups:
- apps
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- deployments
- statefulsets
- daemonsets
scope: '*'
sideEffects: NoneOnDryRun
timeoutSeconds: 10The rules are identical, so they should be added there only if an identical block is not already present
Slack discussion
No response
Troubleshooting
-
I have read and followed the documentation AND the troubleshooting guide. -
I have searched other issues in this repository and mine is not recorded.