mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-09 09:26:54 +00:00
31 lines
972 B
Markdown
31 lines
972 B
Markdown
|
<small>*[documentation](/README.md#documentation) / [Writing Policies](/documentation/writing-policies.md) / Preconditions*</small>
|
||
|
|
|
||
|
|
# Preconditions
|
||
|
|
|
||
|
|
Preconditions allow controlling policy rule execution based on variable values.
|
||
|
|
|
||
|
|
While `match` & `exclude` conditions allow filtering requests based on resource and user information, `preconditions` can be used to define custom filters for more granular control.
|
||
|
|
|
||
|
|
The following operators are currently supported for preconditon evaluation:
|
||
|
|
- Equal
|
||
|
|
- NotEqual
|
||
|
|
|
||
|
|
## Example
|
||
|
|
|
||
|
|
```yaml
|
||
|
|
- name: generate-owner-role
|
||
|
|
match:
|
||
|
|
resources:
|
||
|
|
kinds:
|
||
|
|
- Namespace
|
||
|
|
preconditions:
|
||
|
|
- key: "{{serviceAccountName}}"
|
||
|
|
operator: NotEqual
|
||
|
|
value: ""
|
||
|
|
```
|
||
|
|
|
||
|
|
In the above example, the rule is only applied to requests from service accounts i.e. when the `{{serviceAccountName}}` is not empty.
|
||
|
|
|
||
|
|
|
||
|
|
<small>*Read Next >> [Auto-Generation for Pod Controllers](/documentation/writing-policies-autogen.md)*</small>
|