mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity

tyxed some typos

Browse source 
whitespace before `:` in YAML
This commit is contained in:
Norbert Kiesel 2020-04-02 22:26:02 -07:00 committed by GitHub
parent a2d6732adf
commit cbe20995b2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 24 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
documentation/writing-policies-mutate.md
View file

@ -4,7 +4,7 @@
The ```mutate``` rule can be used to add, replace, or delete elements in matching resources. A mutate rule can be written as a JSON Patch or as an overlay.
By using a ```patch``` in the (JSONPatch - RFC 6902)[http://jsonpatch.com/] format, you can make precise changes to the resource being created. Using an ```overlay``` is convenient for describing the desired state of the resource.
By using a ```patch``` in the [JSONPatch - RFC 6902](http://jsonpatch.com/) format, you can make precise changes to the resource being created. Using an ```overlay``` is convenient for describing the desired state of the resource.
Resource mutation occurs before validation, so the validation rules should not contradict the changes performed by the mutation section.
@ -23,11 +23,11 @@ With Kyverno, the add and replace have the same behavior i.e. both operations wi
This patch adds an init container to all deployments.
````yaml
apiVersion : kyverno.io/v1
kind : ClusterPolicy
metadata :
name : policy-v1
spec :
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: policy-v1
spec:
rules:
- name: "add-init-secrets"
match:
@ -47,11 +47,11 @@ spec :
Here is the example of a patch that removes a label from the secret:
````yaml
apiVersion : kyverno.io/v1
kind : ClusterPolicy
metadata :
name : policy-remove-label
spec :
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: policy-remove-label
spec:
rules:
- name: "Remove unwanted label"
match:
@ -72,14 +72,14 @@ A mutation overlay describes the desired form of resource. The existing resource
The overlay cannot be used to delete values in a resource: use **patches** for this purpose.
The following mutation overlay will add (or replace) the memory request and limit to 10Gi for every Pod with a label ```memory: high```:
The following mutation overlay will add (or replace) the memory request and limit to 10Gi for every Pod with a label `memory: high`:
````yaml
apiVersion : kyverno.io/v1
kind : ClusterPolicy
metadata :
name : policy-change-memory-limit
spec :
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: policy-change-memory-limit
spec:
rules:
- name: "Set hard memory limit to 2Gi"
match:
@ -117,7 +117,7 @@ spec:
- name: "Add IP to subsets"
match:
resources:
kinds :
kinds:
- Endpoints
mutate:
overlay:
@ -148,14 +148,14 @@ The **anchors** values support **wildcards**:
A `conditional anchor` evaluates to `true` if the anchor tag exists and if the value matches the specified value. Processing stops if a tag does not exist or when the value does not match. Once processing stops, any child elements or any remaining siblings in a list, will not be processed.
For example, this overlay will add or replace the value 6443 for the port field, for all ports with a name value that starts with "secure":
For example, this overlay will add or replace the value `6443` for the `port` field, for all ports with a name value that starts with "secure":
````yaml
apiVersion: kyverno.io/v1
kind : ClusterPolicy
metadata :
name : policy-set-port
spec :
kind: ClusterPolicy
metadata:
name: policy-set-port
spec:
rules:
- name: "Set port"
match:
@ -174,7 +174,7 @@ If the anchor tag value is an object or array, the entire object or array must m
### Add if not present anchor
A variation of an anchor, is to add a field value if it is not already defined. This is done by using the `add anchor` (short for `add if not present anchor`) with the notation ````+(...)```` for the tag.
A variation of an anchor, is to add a field value if it is not already defined. This is done by using the `add anchor` (short for `add if not present anchor`) with the notation `+(...)` for the tag.
An `add anchor` is processed as part of applying the mutation. Typically, every non-anchor tag-value is applied as part of the mutation. If the `add anchor` is set on a tag, the tag and value are only applied if they do not exist in the resource.