[ci skip] Fix Kyverno priority injection to remove default priority/preemptionPolicy

The priority injection policy was setting priorityClassName on pods but Kubernetes had already defaulted priority=0 and preemptionPolicy=PreemptLowerPriority on those pods, causing admission controller to reject the mismatch. Switch from patchStrategicMerge to patchesJson6902 to explicitly remove the priority and preemptionPolicy fields before setting priorityClassName.
2026-02-21 23:11:35 +00:00 · 2026-02-21 23:11:35 +00:00 · a0394f4bef
commit a0394f4bef
parent c279d453a6
1 changed files with 14 additions and 4 deletions
--- a/modules/kubernetes/kyverno/resource-governance.tf
+++ b/modules/kubernetes/kyverno/resource-governance.tf
@ -719,11 +719,21 @@ resource "kubernetes_manifest" "mutate_priority_from_tier" {
            ]
          }
          mutate = {
-            patchStrategicMerge = {
-              spec = {
-                priorityClassName = "tier-{{tierLabel}}"
+            patchesJson6902 = yamlencode([
+              {
+                op    = "remove"
+                path  = "/spec/priority"
+              },
+              {
+                op    = "remove"
+                path  = "/spec/preemptionPolicy"
+              },
+              {
+                op    = "add"
+                path  = "/spec/priorityClassName"
+                value = "tier-{{tierLabel}}"
              }
-            }
+            ])
          }
        }
      ]