kyverno/test/cli/test-generate/add-network-policy/policy.yaml

---
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  annotations:
    policies.kyverno.io/category: Multi-Tenancy
    policies.kyverno.io/description: 'By default, Kubernetes allows communications
      across all Pods within a cluster. The NetworkPolicy resource and a CNI plug-in
      that supports NetworkPolicy must be used to restrict communications. A default
      NetworkPolicy should be configured for each Namespace to default deny all ingress
      and egress traffic to the Pods in the Namespace. Application teams can then
      configure additional NetworkPolicy resources to allow desired traffic to application
      Pods from select sources. This policy will create a new NetworkPolicy resource
      named `default-deny` which will deny all traffic anytime a new Namespace is
      created.      '
    policies.kyverno.io/subject: NetworkPolicy
    policies.kyverno.io/title: Add Network Policy
  name: add-networkpolicy
spec:
  admission: true
  background: true
  rules:
  - generate:
      apiVersion: networking.k8s.io/v1
      data:
        spec:
          podSelector: {}
          policyTypes:
          - Ingress
          - Egress
      kind: NetworkPolicy
      name: default-deny
      namespace: '{{request.object.metadata.name}}'
      synchronize: true
    match:
      any:
      - resources:
          kinds:
          - Namespace
    name: default-deny
chore: apply policy fixes (#8425) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-09-15 18:18:46 +02:00			`---`
feat: Extend CLI to cover generate policies (#3456) - Change in namespace for test-generate example - Change cloneResource to cloneSourceResource - Add support for namespaced Policy and fix log messages - Add test-generate in Makefile and an example of namespaced Policy - Fix namespaced policy issue and add comments - Refactor according to new generate controller - Add json tag to GeneratedResource field of RuleResponse struct Signed-off-by: Shubham Nazare <shubham4443@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> 2022-05-25 19:56:22 +05:30			`apiVersion: kyverno.io/v1`
			`kind: ClusterPolicy`
			`metadata:`
			`annotations:`
			`policies.kyverno.io/category: Multi-Tenancy`
chore: apply policy fixes (#8425) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-09-15 18:18:46 +02:00			`policies.kyverno.io/description: 'By default, Kubernetes allows communications`
			`across all Pods within a cluster. The NetworkPolicy resource and a CNI plug-in`
			`that supports NetworkPolicy must be used to restrict communications. A default`
			`NetworkPolicy should be configured for each Namespace to default deny all ingress`
			`and egress traffic to the Pods in the Namespace. Application teams can then`
			`configure additional NetworkPolicy resources to allow desired traffic to application`
			`Pods from select sources. This policy will create a new NetworkPolicy resource`
			named `default-deny` which will deny all traffic anytime a new Namespace is
			`created. '`
feat: Extend CLI to cover generate policies (#3456) - Change in namespace for test-generate example - Change cloneResource to cloneSourceResource - Add support for namespaced Policy and fix log messages - Add test-generate in Makefile and an example of namespaced Policy - Fix namespaced policy issue and add comments - Refactor according to new generate controller - Add json tag to GeneratedResource field of RuleResponse struct Signed-off-by: Shubham Nazare <shubham4443@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> 2022-05-25 19:56:22 +05:30			`policies.kyverno.io/subject: NetworkPolicy`
chore: apply policy fixes (#8425) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-09-15 18:18:46 +02:00			`policies.kyverno.io/title: Add Network Policy`
			`name: add-networkpolicy`
feat: Extend CLI to cover generate policies (#3456) - Change in namespace for test-generate example - Change cloneResource to cloneSourceResource - Add support for namespaced Policy and fix log messages - Add test-generate in Makefile and an example of namespaced Policy - Fix namespaced policy issue and add comments - Refactor according to new generate controller - Add json tag to GeneratedResource field of RuleResponse struct Signed-off-by: Shubham Nazare <shubham4443@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> 2022-05-25 19:56:22 +05:30			`spec:`
chore: apply policy fixes (#8425) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-09-15 18:18:46 +02:00			`admission: true`
			`background: true`
feat: Extend CLI to cover generate policies (#3456) - Change in namespace for test-generate example - Change cloneResource to cloneSourceResource - Add support for namespaced Policy and fix log messages - Add test-generate in Makefile and an example of namespaced Policy - Fix namespaced policy issue and add comments - Refactor according to new generate controller - Add json tag to GeneratedResource field of RuleResponse struct Signed-off-by: Shubham Nazare <shubham4443@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> 2022-05-25 19:56:22 +05:30			`rules:`
chore: apply policy fixes (#8425) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-09-15 18:18:46 +02:00			`- generate:`
feat: Extend CLI to cover generate policies (#3456) - Change in namespace for test-generate example - Change cloneResource to cloneSourceResource - Add support for namespaced Policy and fix log messages - Add test-generate in Makefile and an example of namespaced Policy - Fix namespaced policy issue and add comments - Refactor according to new generate controller - Add json tag to GeneratedResource field of RuleResponse struct Signed-off-by: Shubham Nazare <shubham4443@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> 2022-05-25 19:56:22 +05:30			`apiVersion: networking.k8s.io/v1`
			`data:`
			`spec:`
			`podSelector: {}`
			`policyTypes:`
			`- Ingress`
chore: apply policy fixes (#8425) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-09-15 18:18:46 +02:00			`- Egress`
			`kind: NetworkPolicy`
			`name: default-deny`
			`namespace: '{{request.object.metadata.name}}'`
			`synchronize: true`
			`match:`
			`any:`
			`- resources:`
			`kinds:`
			`- Namespace`
			`name: default-deny`