github/container.training
1
0
Fork 0
mirror of https://github.com/jpetazzo/container.training.git synced 2026-02-14 17:49:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
556dbb965cd4be57577801068eb3f598795ba8bc
container.training/k8s/kyverno-pod-color-3.yaml
Jerome Petazzoni 0553a1ba8b Add chapter on Kyverno
2020-10-28 00:00:32 +01:00

26 lines
574 B
YAML
Raw Blame History

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: pod-color-policy-3
spec:
validationFailureAction: enforce
background: false
rules:
- name: prevent-color-removal
match:
resources:
kinds:
- Pod
selector:
matchExpressions:
- key: color
operator: DoesNotExist
validate:
message: "Once label color has been added, it cannot be removed."
deny:
conditions:
- key: "{{ request.oldObject.metadata.labels.color }}"
operator: NotIn
value: []
Reference in New Issue View Git Blame Copy Permalink