mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

update documentation

Browse source
This commit is contained in:
shivkumar dudhani 2019-10-02 15:00:09 -07:00
parent e63a5ff97e
commit 667efabc10
1 changed files with 10 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
documentation/writing-policies-validate.md
View file

@ -36,9 +36,9 @@ There is no operator for `equals` as providing a field value in the pattern requ
## Anchors
| Anchor | Tag | Behavior |
|------------- |----- |---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Conditional | () | If tag with the given value is specified, then following resource elements must satisfy the conditions.<br>e.g. <br><code> (image):"*:latest" <br>imagePullPolicy: "!IfNotPresent"</code><br> If image has tag latest then, imagePullPolicy cannot be IfNotPresent. |
| Equality | =() | if tag is specified, then it should have the provided value.<br>e.g.<br><code> =(hostPath):<br> path: "!/var/lib" </code><br> If hostPath is defined then the path cannot be /var/lib |
| Existance | ^() | It can be specified on the list/array type only. If there exists at least one resource in the list that satisfies the pattern.<br>e.g. <br><code> ^(containers):<br> - image: nginx:latest </code><br> There must exist at least one container with image nginx:latest. |
| Conditional | () | If tag with the given value is specified, then following resource elements must satisfy the conditions.<br/>e.g. <br/><code> (image):"*:latest" <br/> imagePullPolicy: "!IfNotPresent"</code> <br/> If image has tag latest then, imagePullPolicy cannot be IfNotPresent. |
| Equality | =() | if tag is specified, then it should have the provided value.<br/>e.g.<br/><code> =(hostPath):<br/> path: "!/var/lib" </code><br/> If hostPath is defined then the path cannot be /var/lib |
| Existance | ^() | It can be specified on the list/array type only. If there exists at least one resource in the list that satisfies the pattern.<br/>e.g. <br/><code> ^(containers):<br/> - image: nginx:latest </code><br/> There must exist at least one container with image nginx:latest. |
## Example
The next rule prevents the creation of Deployment, StatefuleSet and DaemonSet resources without label 'app' in selector:
````yaml
@ -98,13 +98,13 @@ spec :
validate:
pattern:
spec:
containers:
- ^(name): "*"
resources:
requests:
memory: "$(<=./../../limits/memory)"
limits:
memory: "2048Mi"
^(containers):
- (name): "*"
resources:
requests:
memory: "$(<=./../../limits/memory)"
limits:
memory: "2048Mi"
````
### Allow OR across overlay pattern