[Bug] Two mutate policies overrides each other
Kyverno Version
1.9.2
Kubernetes Version
1.27
Kubernetes Platform
Bare metal
Description
We have two mutation policies trying to append extra fields under envFrom using patchStrategicMerge. If any of them gets triggered standalone, it works as expected. However, if both of them get triggered, there is only one field gets appended. Looks like one will override the other one.
Steps to reproduce
- The first mutation policy -
mutate:
patchStrategicMerge:
spec:
podTemplate:
spec:
containers:
- envFrom:
- configMapRef:
name: '{{ EnvConfigMapName }}'
name: flink-main-container- The second mutation policy -
mutate:
patchStrategicMerge:
spec:
podTemplate:
spec:
containers:
- envFrom:
- prefix: '{{ identitySpec.type | to_upper(@) }}_'
secretRef:
name: '{{ identitySpec.secret }}'
name: flink-main-container- Each of them works as expected separately, however if triggers at the same time, we will only see one of them get applied.
envFrom:
- configMapRef:
name: dice-usageor
envFrom:
- prefix: "IAM"
secretRef:
name: dice-usage-secretExpected behavior
We would like to see something like this
envFrom:
- configMapRef:
name: dice-usage
- prefix: "IAM"
secretRef:
name: dice-usage-secretScreenshots
No response
Kyverno logs
Slack discussion
No response
Troubleshooting
-
I have read and followed the documentation AND the troubleshooting guide. -
I have searched other issues in this repository and mine is not recorded.