kyverno/examples/ConfigMapGenerator-SecretGenerator/policy-namespace-patch-cmgCG-sgCG.yaml

# This is a test-policy with patch, configMapGenerator with and without "copyFrom" option,
# secretGenerator with and without "copyFrom" option.
# To apply this policy you need to create secret and configMap in "default" namespace 
# and then create a namespace

apiVersion : policy.nirmata.io/v1alpha1
kind : Policy
metadata :
  name : "policy-ns-patch-cmg-sg"
spec :
  failurePolicy: stopOnError
  rules:
  - resource :
      kind : Namespace
      selector:
        matchLabels:
          LabelForSelector : "namespace2"
    patch:
    - path: "/metadata/labels/isMutatedByPolicy"
      op: add
      value: "true"

  - resource :
      kind : Namespace
      selector:
        matchLabels:
          LabelForSelector : "namespace2"
    configMapGenerator :
      name : copied-cm
      copyFrom :
        namespace : default
        name : game-config
      data :
        secretData: "data from cmg"
        
  - resource :
      kind : Namespace
      selector:
        matchLabels:
          LabelForSelector : "namespace2"
    configMapGenerator :
      name : generated-cm
      data :
        secretData: "very sensitive data from cmg"
        database: mongodb
        database_uri: mongodb://localhost:27017
  
        keys: | 
          image.public.key=771 
          rsa.public.key=42
  
  - resource :
      kind : Namespace
      selector:
        matchLabels:
          LabelForSelector : "namespace2"

    secretGenerator :
      name : generated-secrets
      data :
        foo : bar
        app.properties : /
          foo1=bar1
          foo2=bar2
        ui.properties : /
          foo1=bar1
          foo2=bar2

  - resource :
      kind : Namespace
      selector:
        matchLabels:
          LabelForSelector : "namespace2"

    secretGenerator :
      name : copied-secrets
      copyFrom :
        namespace : default
        name : mysecret
      data :
        foo : bar
        secretData: "data from sg"
NK-14: Updated documentation, added examples. 2019-03-19 14:06:12 +02:00			`# This is a test-policy with patch, configMapGenerator with and without "copyFrom" option,`
			`# secretGenerator with and without "copyFrom" option.`
			`# To apply this policy you need to create secret and configMap in "default" namespace`
			`# and then create a namespace`

			`apiVersion : policy.nirmata.io/v1alpha1`
			`kind : Policy`
			`metadata :`
			`name : "policy-ns-patch-cmg-sg"`
			`spec :`
			`failurePolicy: stopOnError`
			`rules:`
			`- resource :`
			`kind : Namespace`
			`selector:`
			`matchLabels:`
			`LabelForSelector : "namespace2"`
			`patch:`
			`- path: "/metadata/labels/isMutatedByPolicy"`
			`op: add`
			`value: "true"`

			`- resource :`
			`kind : Namespace`
			`selector:`
			`matchLabels:`
			`LabelForSelector : "namespace2"`
			`configMapGenerator :`
			`name : copied-cm`
			`copyFrom :`
			`namespace : default`
			`name : game-config`
			`data :`
			`secretData: "data from cmg"`

			`- resource :`
			`kind : Namespace`
			`selector:`
			`matchLabels:`
			`LabelForSelector : "namespace2"`
			`configMapGenerator :`
			`name : generated-cm`
			`data :`
			`secretData: "very sensitive data from cmg"`
			`database: mongodb`
			`database_uri: mongodb://localhost:27017`

			`keys: \|`
			`image.public.key=771`
			`rsa.public.key=42`

			`- resource :`
			`kind : Namespace`
			`selector:`
			`matchLabels:`
			`LabelForSelector : "namespace2"`

			`secretGenerator :`
			`name : generated-secrets`
			`data :`
			`foo : bar`
			`app.properties : /`
			`foo1=bar1`
			`foo2=bar2`
			`ui.properties : /`
			`foo1=bar1`
			`foo2=bar2`

			`- resource :`
			`kind : Namespace`
			`selector:`
			`matchLabels:`
			`LabelForSelector : "namespace2"`

			`secretGenerator :`
			`name : copied-secrets`
			`copyFrom :`
			`namespace : default`
			`name : mysecret`
			`data :`
			`foo : bar`
			`secretData: "data from sg"`