mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity

updated readme

Browse source
This commit is contained in:
NoSkillGirl 2020-06-25 17:51:53 +05:30
parent b589169b5e
commit 356d749103
1 changed files with 16 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
documentation/writing-policies-preconditions.md
View file

@ -9,6 +9,8 @@ While `match` & `exclude` conditions allow filtering requests based on resource
The following operators are currently supported for preconditon evaluation: The following operators are currently supported for preconditon evaluation:
- Equal - Equal
- NotEqual - NotEqual
- In
- NotIn
## Example ## Example
@ -26,5 +28,19 @@ The following operators are currently supported for preconditon evaluation:
In the above example, the rule is only applied to requests from service accounts i.e. when the `{{serviceAccountName}}` is not empty. In the above example, the rule is only applied to requests from service accounts i.e. when the `{{serviceAccountName}}` is not empty.
```yaml
- name: generate-default-build-role
match:
resources:
kinds:
- Namespace
preconditions:
- key: "{{serviceAccountName}}"
operator: In
value: ["build-default", "build-base"]
```
In the above example, the rule is only applied to requests from service account with name `build-default` and `build-base`.
<small>*Read Next >> [Auto-Generation for Pod Controllers](/documentation/writing-policies-autogen.md)*</small> <small>*Read Next >> [Auto-Generation for Pod Controllers](/documentation/writing-policies-autogen.md)*</small>