mirror of
https://github.com/jpetazzo/container.training.git
synced 2026-02-14 17:49:59 +00:00
23 lines
521 B
YAML
23 lines
521 B
YAML
apiVersion: kyverno.io/v1
|
|
kind: ClusterPolicy
|
|
metadata:
|
|
name: pod-color-policy-1
|
|
spec:
|
|
validationFailureAction: enforce
|
|
rules:
|
|
- name: ensure-pod-color-is-valid
|
|
match:
|
|
resources:
|
|
kinds:
|
|
- Pod
|
|
selector:
|
|
matchExpressions:
|
|
- key: color
|
|
operator: Exists
|
|
- key: color
|
|
operator: NotIn
|
|
values: [ red, green, blue ]
|
|
validate:
|
|
message: "If it exists, the label color must be red, green, or blue."
|
|
deny: {}
|