Add imagePullSecrets for Containers and InitContainers

[linuxbsdfreak]

I tried the policy

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: add-imagepullsecrets-for-containers-and-initcontainers
  annotations:
    pod-policies.kyverno.io/autogen-controllers: Deployment,Job,StatefulSet,DaemonSet
    policies.kyverno.io/title: Add imagePullSecrets for Containers and InitContainers
    policies.kyverno.io/category: Sample
    policies.kyverno.io/subject: Pod
    policies.kyverno.io/minversion: 1.6.0
    kyverno.io/kyverno-version: 1.6.2
    kyverno.io/kubernetes-version: "1.23"
    policies.kyverno.io/description: >-
      Images coming from certain registries require authentication in order to pull them,
      and the kubelet uses this information in the form of an imagePullSecret to pull
      those images on behalf of your Pod. This policy searches for images coming from a
      registry called `corp.reg.com` referenced by either one of the containers or one 
      of the init containers and, if found, will mutate the Pod to add an
      imagePullSecret called `my-secret`.      
spec:
  rules:
  - name: add-imagepullsecret
    match:
      any:
      - resources:
          kinds:
          - Pod
    preconditions:
      any:
      - key: "corp.reg.com"
        operator: AnyIn
        value: "{{ images.initContainers.*.registry || `[]` }}"
      - key: "corp.reg.com"          
        operator: AnyIn
        value: "{{ images.containers.*.registry }}"
    mutate:
      patchStrategicMerge:
        spec:
          imagePullSecrets:
          - name: my-secret

Added the annotation

pod-policies.kyverno.io/autogen-controllers: Deployment,Job,StatefulSet,DaemonSet

It mutates the pods correctly but it does not mutate the deployment