From 0ffc3c25502f42817588f6295475b8181c095346 Mon Sep 17 00:00:00 2001
From: Richard Wall <richard.wall@venafi.com>
Date: Tue, 20 Feb 2024 14:46:56 +0000
Subject: [PATCH 1/3] Fix broken upstream Kyverno policy link

Signed-off-by: Richard Wall <richard.wall@venafi.com>
---
 make/config/kyverno/kustomization.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/make/config/kyverno/kustomization.yaml b/make/config/kyverno/kustomization.yaml
index a0eedafd4..cf718d1fb 100644
--- a/make/config/kyverno/kustomization.yaml
+++ b/make/config/kyverno/kustomization.yaml
@@ -15,8 +15,8 @@
 #
 resources:
   - https://github.com/kyverno/policies/pod-security/enforce
-  - https://raw.githubusercontent.com/kyverno/policies/main/other/res/restrict-automount-sa-token/restrict-automount-sa-token.yaml
-  - https://github.com/kyverno/policies/raw/main//best-practices/require-ro-rootfs/require-ro-rootfs.yaml
+  - https://github.com/kyverno/policies/raw/main/other/restrict-automount-sa-token/restrict-automount-sa-token.yaml
+  - https://github.com/kyverno/policies/raw/main/best-practices/require-ro-rootfs/require-ro-rootfs.yaml
 
 patches:
   - target:

From bbc006760f23bb63c011e933f3f5589a2cc05782 Mon Sep 17 00:00:00 2001
From: Richard Wall <richard.wall@venafi.com>
Date: Tue, 20 Feb 2024 14:47:31 +0000
Subject: [PATCH 2/3] Add e2e-vault-mtls to the list of excluded namespaces

Signed-off-by: Richard Wall <richard.wall@venafi.com>
---
 make/config/kyverno/kustomization.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/make/config/kyverno/kustomization.yaml b/make/config/kyverno/kustomization.yaml
index cf718d1fb..32ed09d46 100644
--- a/make/config/kyverno/kustomization.yaml
+++ b/make/config/kyverno/kustomization.yaml
@@ -32,6 +32,7 @@ patches:
             namespaces:
               - bind
               - e2e-vault
+              - e2e-vault-mtls
               - gateway-system
               - ingress-nginx
               - pebble

From 541798c9e293d90ef98d17882259332cd3334d6b Mon Sep 17 00:00:00 2001
From: Richard Wall <richard.wall@venafi.com>
Date: Tue, 20 Feb 2024 14:49:12 +0000
Subject: [PATCH 3/3] kustomize build . > policy.yaml

Signed-off-by: Richard Wall <richard.wall@venafi.com>
---
 make/config/kyverno/policy.yaml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/make/config/kyverno/policy.yaml b/make/config/kyverno/policy.yaml
index a524781eb..fb53096e5 100644
--- a/make/config/kyverno/policy.yaml
+++ b/make/config/kyverno/policy.yaml
@@ -20,6 +20,7 @@ spec:
         namespaces:
         - bind
         - e2e-vault
+        - e2e-vault-mtls
         - gateway-system
         - ingress-nginx
         - pebble
@@ -85,6 +86,7 @@ spec:
         namespaces:
         - bind
         - e2e-vault
+        - e2e-vault-mtls
         - gateway-system
         - ingress-nginx
         - pebble
@@ -161,6 +163,7 @@ spec:
         namespaces:
         - bind
         - e2e-vault
+        - e2e-vault-mtls
         - gateway-system
         - ingress-nginx
         - pebble
@@ -206,6 +209,7 @@ spec:
         namespaces:
         - bind
         - e2e-vault
+        - e2e-vault-mtls
         - gateway-system
         - ingress-nginx
         - pebble
@@ -249,6 +253,7 @@ spec:
         namespaces:
         - bind
         - e2e-vault
+        - e2e-vault-mtls
         - gateway-system
         - ingress-nginx
         - pebble
@@ -302,6 +307,7 @@ spec:
         namespaces:
         - bind
         - e2e-vault
+        - e2e-vault-mtls
         - gateway-system
         - ingress-nginx
         - pebble
@@ -357,6 +363,7 @@ spec:
         namespaces:
         - bind
         - e2e-vault
+        - e2e-vault-mtls
         - gateway-system
         - ingress-nginx
         - pebble
@@ -408,6 +415,7 @@ spec:
         namespaces:
         - bind
         - e2e-vault
+        - e2e-vault-mtls
         - gateway-system
         - ingress-nginx
         - pebble
@@ -460,6 +468,7 @@ spec:
         namespaces:
         - bind
         - e2e-vault
+        - e2e-vault-mtls
         - gateway-system
         - ingress-nginx
         - pebble
@@ -512,6 +521,7 @@ spec:
         namespaces:
         - bind
         - e2e-vault
+        - e2e-vault-mtls
         - gateway-system
         - ingress-nginx
         - pebble
@@ -606,6 +616,7 @@ spec:
         namespaces:
         - bind
         - e2e-vault
+        - e2e-vault-mtls
         - gateway-system
         - ingress-nginx
         - pebble
@@ -649,6 +660,7 @@ spec:
         namespaces:
         - bind
         - e2e-vault
+        - e2e-vault-mtls
         - gateway-system
         - ingress-nginx
         - pebble
@@ -704,6 +716,7 @@ spec:
         namespaces:
         - bind
         - e2e-vault
+        - e2e-vault-mtls
         - gateway-system
         - ingress-nginx
         - pebble
@@ -771,6 +784,7 @@ spec:
         namespaces:
         - bind
         - e2e-vault
+        - e2e-vault-mtls
         - gateway-system
         - ingress-nginx
         - pebble
@@ -817,6 +831,7 @@ spec:
         namespaces:
         - bind
         - e2e-vault
+        - e2e-vault-mtls
         - gateway-system
         - ingress-nginx
         - pebble
@@ -864,6 +879,7 @@ spec:
         namespaces:
         - bind
         - e2e-vault
+        - e2e-vault-mtls
         - gateway-system
         - ingress-nginx
         - pebble
@@ -925,6 +941,7 @@ spec:
         namespaces:
         - bind
         - e2e-vault
+        - e2e-vault-mtls
         - gateway-system
         - ingress-nginx
         - pebble
@@ -998,6 +1015,7 @@ spec:
         namespaces:
         - bind
         - e2e-vault
+        - e2e-vault-mtls
         - gateway-system
         - ingress-nginx
         - pebble
@@ -1047,6 +1065,7 @@ spec:
         namespaces:
         - bind
         - e2e-vault
+        - e2e-vault-mtls
         - gateway-system
         - ingress-nginx
         - pebble