mirror of
https://github.com/jpetazzo/container.training.git
synced 2026-02-14 09:39:56 +00:00
32 lines
819 B
YAML
32 lines
819 B
YAML
apiVersion: kyverno.io/v1
|
|
kind: ClusterPolicy
|
|
metadata:
|
|
name: pod-color-policy-2
|
|
spec:
|
|
background: false
|
|
rules:
|
|
- name: prevent-color-change
|
|
match:
|
|
resources:
|
|
kinds:
|
|
- Pod
|
|
preconditions:
|
|
- key: "{{ request.operation }}"
|
|
operator: Equals
|
|
value: UPDATE
|
|
- key: "{{ request.oldObject.metadata.labels.color || '' }}"
|
|
operator: NotEquals
|
|
value: ""
|
|
- key: "{{ request.object.metadata.labels.color || '' }}"
|
|
operator: NotEquals
|
|
value: ""
|
|
validate:
|
|
failureAction: Enforce
|
|
message: "Once label color has been added, it cannot be changed."
|
|
deny:
|
|
conditions:
|
|
- key: "{{ request.object.metadata.labels.color }}"
|
|
operator: NotEquals
|
|
value: "{{ request.oldObject.metadata.labels.color }}"
|
|
|