github/container.training
1
0
Fork 0
mirror of https://github.com/jpetazzo/container.training.git synced 2026-02-14 17:49:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

🐛 Fix issues in Kyverno policies

Browse Source
This commit is contained in:
Jérôme Petazzoni
2021-11-04 21:40:08 +01:00
parent 055c0a304f
commit 10b16ce9e9
3 changed files with 46 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
k8s/kyverno-pod-color-2.yaml
View File

@@ -16,11 +16,11 @@ spec:
operator: Equals
value: UPDATE
- key: "{{ request.oldObject.metadata.labels.color }}"
operator: Equals
value: "*"
operator: NotEquals
value: ""
- key: "{{ request.object.metadata.labels.color }}"
operator: Equals
value: "*"
operator: NotEquals
value: ""
validate:
message: "Once label color has been added, it cannot be changed."
deny:

19
k8s/kyverno-pod-color-3.yaml
View File

@@ -6,20 +6,23 @@ spec:
validationFailureAction: enforce
background: false
rules:
- name: prevent-color-removal
- name: prevent-color-change
match:
resources:
kinds:
- Pod
selector:
matchExpressions:
- key: color
operator: DoesNotExist
preconditions:
- key: "{{ request.operation }}"
operator: Equals
value: UPDATE
- key: "{{ request.oldObject.metadata.labels.color }}"
operator: NotEquals
value: ""
- key: "{{ request.object.metadata.labels.color }}"
operator: Equals
value: ""
validate:
message: "Once label color has been added, it cannot be removed."
deny:
conditions:
- key: "{{ request.oldObject.metadata.labels.color }}"
operator: NotIn
value: []