apiVersion: kyverno.io/v2beta1
kind: ClusterPolicy
metadata:
  name: kube-vip-network-adapter
  annotations:
    pod-policies.kyverno.io/autogen-controllers: none
    policies.kyverno.io/title: Kube VIP adapter label
    policies.kyverno.io/category: Other
    policies.kyverno.io/subject: Pod
    kyverno.io/kyverno-version: 1.10.0
    policies.kyverno.io/minversion: 1.10.0
    kyverno.io/kubernetes-version: "1.26"
spec:
  background: false
  rules:
    - name: add-network-adapter-annotation
      match:
        any:
          - resources:
              kinds:
                - Pod/binding
              names:
                - kube-vip-*
      context:
        - name: node
          variable:
            jmesPath: request.object.target.name
            default: ""
        - name: adapter
          apiCall:
            urlPath: "/api/v1/nodes/{{node}}"
            jmesPath: 'metadata.labels."feature.node.kubernetes.io/network-adapter" || "empty"'
      mutate:
        patchStrategicMerge:
          metadata:
            annotations:
              feature.node.kubernetes.io/network-adapter: "{{ adapter }}"