kyverno/test/cli/test-mutate/connection-draining/policy.yaml

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: disable-connection-draining
  annotations:
    policies.kyverno.io/title: Configure Connection Draining
    policies.kyverno.io/category: Best Practices
    policies.kyverno.io/subject: Service
spec:
  background: true
  rules:
  - name: clb
    match:
      resources:
        kinds:
        - Service
    context:
    - name: connection_draining_check
      variable:
        default: "empty"
        jmesPath: request.object.metadata.annotations."service.beta.kubernetes.io/aws-load-balancer-connection-draining-enabled"
    - name: nlb_check
      variable:
        default: "false"
        jmesPath: request.object.metadata.annotations."service.beta.kubernetes.io/aws-load-balancer-type"
    preconditions:
      all:
      - key: "{{ request.object.spec.type }}"
        operator: Equals
        value: "LoadBalancer"
      - key: "{{ connection_draining_check }}"
        operator: AnyIn
        value: ["true", "empty"]
      - key: "{{ nlb_check }}"
        operator: AnyNotIn
        value: ["external", "nlb"]
    mutate:
      patchStrategicMerge:
        metadata:
          annotations:
            service.beta.kubernetes.io/aws-load-balancer-connection-draining-enabled: "false"
  - name: nlb-no-attributes
    match:
      resources:
        kinds:
        - Service
    context:
    - name: nlb_check
      variable:
        default: "false"
        jmesPath: request.object.metadata.annotations."service.beta.kubernetes.io/aws-load-balancer-type"
    - name: tg_attributes
      variable:
        default: "false"
        jmesPath: request.object.metadata.annotations."service.beta.kubernetes.io/aws-load-balancer-target-group-attributes"
    preconditions:
      all:
      - key: "{{ request.object.spec.type }}"
        operator: Equals
        value: "LoadBalancer"
      - key: "{{ nlb_check }}"
        operator: Equals
        value: "external"
      - key: "{{ tg_attributes }}"
        operator: Equals
        value: "false"
    mutate:
      patchStrategicMerge:
        metadata:
          annotations:
            service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: "deregistration_delay.connection_termination.enabled=true,deregistration_delay.timeout_seconds=0"
fix: Kyverno test fails to load resources (#8349) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-09-12 11:45:24 +02:00			`apiVersion: kyverno.io/v1`
			`kind: ClusterPolicy`
			`metadata:`
			`name: disable-connection-draining`
			`annotations:`
			`policies.kyverno.io/title: Configure Connection Draining`
			`policies.kyverno.io/category: Best Practices`
			`policies.kyverno.io/subject: Service`
			`spec:`
			`background: true`
			`rules:`
			`- name: clb`
			`match:`
			`resources:`
			`kinds:`
			`- Service`
			`context:`
			`- name: connection_draining_check`
			`variable:`
			`default: "empty"`
			`jmesPath: request.object.metadata.annotations."service.beta.kubernetes.io/aws-load-balancer-connection-draining-enabled"`
			`- name: nlb_check`
			`variable:`
			`default: "false"`
			`jmesPath: request.object.metadata.annotations."service.beta.kubernetes.io/aws-load-balancer-type"`
			`preconditions:`
			`all:`
			`- key: "{{ request.object.spec.type }}"`
			`operator: Equals`
			`value: "LoadBalancer"`
			`- key: "{{ connection_draining_check }}"`
			`operator: AnyIn`
			`value: ["true", "empty"]`
			`- key: "{{ nlb_check }}"`
			`operator: AnyNotIn`
			`value: ["external", "nlb"]`
			`mutate:`
			`patchStrategicMerge:`
			`metadata:`
			`annotations:`
			`service.beta.kubernetes.io/aws-load-balancer-connection-draining-enabled: "false"`
			`- name: nlb-no-attributes`
			`match:`
			`resources:`
			`kinds:`
			`- Service`
			`context:`
			`- name: nlb_check`
			`variable:`
			`default: "false"`
			`jmesPath: request.object.metadata.annotations."service.beta.kubernetes.io/aws-load-balancer-type"`
			`- name: tg_attributes`
			`variable:`
			`default: "false"`
			`jmesPath: request.object.metadata.annotations."service.beta.kubernetes.io/aws-load-balancer-target-group-attributes"`
			`preconditions:`
			`all:`
			`- key: "{{ request.object.spec.type }}"`
			`operator: Equals`
			`value: "LoadBalancer"`
			`- key: "{{ nlb_check }}"`
			`operator: Equals`
			`value: "external"`
			`- key: "{{ tg_attributes }}"`
			`operator: Equals`
			`value: "false"`
			`mutate:`
			`patchStrategicMerge:`
			`metadata:`
			`annotations:`
			`service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: "deregistration_delay.connection_termination.enabled=true,deregistration_delay.timeout_seconds=0"`