From 5efbfe80c9af162dd93911e9ecc588e0d0a0b4a6 Mon Sep 17 00:00:00 2001 From: Anton Kostenko Date: Fri, 21 Jun 2019 15:41:39 +0300 Subject: [PATCH] removed extra changes --- README.md | 4 +-- documentation/writing-policies-mutate.md | 38 ++++++++++++++---------- test/README.md | 2 +- 3 files changed, 26 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 9b5081bcb7..b4b436aa9f 100644 --- a/README.md +++ b/README.md @@ -46,8 +46,8 @@ spec: - name: "*" resources: limits: - # '?' requires 1 alphanumeric character and '*' means that there can be 0 or more characters. - # Using them togther e.g. '?*' requires at least one character. + # '?' requires 1 alphanumeric character and '*' means that there can be 0 or more characters. + # Using them together e.g. '?*' requires at least one character. memory: "?*" cpu: "?*" requests: diff --git a/documentation/writing-policies-mutate.md b/documentation/writing-policies-mutate.md index 924da8b0b8..aab1b5e246 100644 --- a/documentation/writing-policies-mutate.md +++ b/documentation/writing-policies-mutate.md @@ -47,7 +47,8 @@ spec : rules: - name: "Remove unwanted label" resource: - kind: Secret + kinds: + - Secret mutate: patches: - path: "/metadata/labels/purpose" @@ -71,7 +72,8 @@ spec : rules: - name: "Set hard memory limit to 2Gi" resource: - kind: Pod + kinds: + - Pod selector: matchLabels: memory: high @@ -80,7 +82,7 @@ spec : spec: containers: # the wildcard * will match all containers in the list - - name: * + - (name): "*" resources: requests: memory: "10Gi" @@ -94,37 +96,41 @@ spec : Applying overlays to a list type without is fairly straightforward: new items will be added to the list, unless they already ecist. For example, the next overlay will add IP "192.168.10.172" to all addresses in all Endpoints: ````yaml -apiVersion: policy.nirmata.io/v1alpha1 +apiVersion: kyverno.io/v1alpha1 kind: Policy metadata: name: policy-endpoints spec: rules: - - resource: - kind : Endpoints + - name: "Add IP to subsets" + resource: + kinds : + - Endpoints mutate: overlay: subsets: - addresses: - - ip: 192.168.10.172 + - ip: 192.168.42.172 ```` ### Conditional logic using anchors -An **anchor** field, marked by parentheses, allows conditional processing of configurations. Processing stops when the anchor value does not match. Once processing stops, any child elements or any remaining siblings in a list, will not be processed. +An **anchor** field, marked by parentheses, allows conditional processing of configurations. Processing stops when the anchor value does not match. Once processing stops, any child elements or any remaining siblings in a list, will not be processed. For example, this overlay will add or replace the value 6443 for the port field, for all ports with a name value that starts with "secure": ````yaml -apiVersion : policy.nirmata.io/v1alpha1 +apiVersion: kyverno.io/v1alpha1 kind : Policy metadata : name : policy-set-port spec : rules: - - resource: - kind : Endpoints + - name: "Set port" + resource: + kinds : + - Endpoints mutate: overlay: subsets: @@ -145,18 +151,20 @@ A variation of an anchor, is to add a field value if it is not already defined. For example, this overlay will set the port to 6443, if a port is not already defined: ````yaml -apiVersion : policy.nirmata.io/v1alpha1 +apiVersion: kyverno.io/v1alpha1 kind : Policy metadata : name : policy-set-port spec : rules: - - resource: - kind : Endpoints + - name: "Set port" + resource: + kinds : + - Endpoints mutate: overlay: subsets: - - ports: + - (ports): +(port): 6443 ```` diff --git a/test/README.md b/test/README.md index 124c3fcb11..2ab66f7fff 100644 --- a/test/README.md +++ b/test/README.md @@ -46,7 +46,7 @@ metadata : name : policy-endpoints spec : rules: - - name: + - name: "" resource: kinds: - Endpoints