mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-31 03:45:17 +00:00
update documentation
This commit is contained in:
parent
fe5e9b0bb1
commit
ff03744958
4 changed files with 85 additions and 73 deletions
|
@ -14,12 +14,13 @@ metadata:
|
|||
spec:
|
||||
rules:
|
||||
- name: "Basic config generator for all namespaces"
|
||||
resource:
|
||||
kinds:
|
||||
- Namespace
|
||||
selector:
|
||||
matchLabels:
|
||||
LabelForSelector : "namespace2"
|
||||
match:
|
||||
resources:
|
||||
kinds:
|
||||
- Namespace
|
||||
selector:
|
||||
matchLabels:
|
||||
LabelForSelector : "namespace2"
|
||||
generate:
|
||||
kind: ConfigMap
|
||||
name: default-config
|
||||
|
@ -27,12 +28,13 @@ spec:
|
|||
namespace: default
|
||||
name: config-template
|
||||
- name: "Basic config generator for all namespaces"
|
||||
resource:
|
||||
kinds:
|
||||
- Namespace
|
||||
selector:
|
||||
matchLabels:
|
||||
LabelForSelector : "namespace2"
|
||||
match:
|
||||
resources:
|
||||
kinds:
|
||||
- Namespace
|
||||
selector:
|
||||
matchLabels:
|
||||
LabelForSelector : "namespace2"
|
||||
generate:
|
||||
kind: Secret
|
||||
name: mongo-creds
|
||||
|
@ -59,10 +61,11 @@ metadata:
|
|||
spec:
|
||||
rules:
|
||||
- name: "deny-all-traffic"
|
||||
resource:
|
||||
kinds:
|
||||
- Namespace
|
||||
name: "*"
|
||||
match:
|
||||
resources:
|
||||
kinds:
|
||||
- Namespace
|
||||
name: "*"
|
||||
generate:
|
||||
kind: NetworkPolicy
|
||||
name: deny-all-traffic
|
||||
|
|
|
@ -18,9 +18,10 @@ metadata :
|
|||
spec :
|
||||
rules:
|
||||
- name: "add-init-secrets"
|
||||
resource:
|
||||
kinds:
|
||||
- Deployment
|
||||
match:
|
||||
resources:
|
||||
kinds:
|
||||
- Deployment
|
||||
mutate:
|
||||
patches:
|
||||
- path: "/spec/template/spec/initContainers/0/"
|
||||
|
@ -46,9 +47,10 @@ metadata :
|
|||
spec :
|
||||
rules:
|
||||
- name: "Remove unwanted label"
|
||||
resource:
|
||||
kinds:
|
||||
- Secret
|
||||
match:
|
||||
resources:
|
||||
kinds:
|
||||
- Secret
|
||||
mutate:
|
||||
patches:
|
||||
- path: "/metadata/labels/purpose"
|
||||
|
@ -71,12 +73,13 @@ metadata :
|
|||
spec :
|
||||
rules:
|
||||
- name: "Set hard memory limit to 2Gi"
|
||||
resource:
|
||||
kinds:
|
||||
- Pod
|
||||
selector:
|
||||
matchLabels:
|
||||
memory: high
|
||||
match:
|
||||
resources:
|
||||
kinds:
|
||||
- Pod
|
||||
selector:
|
||||
matchLabels:
|
||||
memory: high
|
||||
mutate:
|
||||
overlay:
|
||||
spec:
|
||||
|
@ -103,9 +106,10 @@ metadata:
|
|||
spec:
|
||||
rules:
|
||||
- name: "Add IP to subsets"
|
||||
resource:
|
||||
kinds :
|
||||
- Endpoints
|
||||
match:
|
||||
resources:
|
||||
kinds :
|
||||
- Endpoints
|
||||
mutate:
|
||||
overlay:
|
||||
subsets:
|
||||
|
@ -128,9 +132,10 @@ metadata :
|
|||
spec :
|
||||
rules:
|
||||
- name: "Set port"
|
||||
resource:
|
||||
kinds :
|
||||
- Endpoints
|
||||
match:
|
||||
resources:
|
||||
kinds :
|
||||
- Endpoints
|
||||
mutate:
|
||||
overlay:
|
||||
subsets:
|
||||
|
@ -158,9 +163,10 @@ metadata :
|
|||
spec :
|
||||
rules:
|
||||
- name: "Set port"
|
||||
resource:
|
||||
kinds :
|
||||
- Endpoints
|
||||
match:
|
||||
resources:
|
||||
kinds :
|
||||
- Endpoints
|
||||
mutate:
|
||||
overlay:
|
||||
subsets:
|
||||
|
|
|
@ -44,16 +44,17 @@ metadata :
|
|||
spec :
|
||||
rules:
|
||||
- name: check-label
|
||||
resource:
|
||||
# Kind specifies one or more resource types to match
|
||||
kinds:
|
||||
- Deployment
|
||||
- StatefuleSet
|
||||
- DaemonSet
|
||||
# Name is optional and can use wildcards
|
||||
name: "*"
|
||||
# Selector is optional
|
||||
selector:
|
||||
match:
|
||||
resources:
|
||||
# Kind specifies one or more resource types to match
|
||||
kinds:
|
||||
- Deployment
|
||||
- StatefuleSet
|
||||
- DaemonSet
|
||||
# Name is optional and can use wildcards
|
||||
name: "*"
|
||||
# Selector is optional
|
||||
selector:
|
||||
validate:
|
||||
# Message is optional
|
||||
message: "The label app is required"
|
||||
|
@ -79,14 +80,15 @@ metadata :
|
|||
spec :
|
||||
rules:
|
||||
- name: check-memory_requests_link_in_yaml_relative
|
||||
resource:
|
||||
# Kind specifies one or more resource types to match
|
||||
kinds:
|
||||
- Deployment
|
||||
# Name is optional and can use wildcards
|
||||
name: "*"
|
||||
# Selector is optional
|
||||
selector:
|
||||
match:
|
||||
resources:
|
||||
# Kind specifies one or more resource types to match
|
||||
kinds:
|
||||
- Deployment
|
||||
# Name is optional and can use wildcards
|
||||
name: "*"
|
||||
# Selector is optional
|
||||
selector:
|
||||
validate:
|
||||
pattern:
|
||||
spec:
|
||||
|
|
|
@ -17,31 +17,32 @@ spec :
|
|||
# Each rule matches specific resource described by "match" field.
|
||||
match:
|
||||
resources:
|
||||
kinds:
|
||||
kinds: # Required, list of kinds
|
||||
- Deployment
|
||||
- StatefulSet
|
||||
- DaemonSet
|
||||
# A resource name is optional. Name supports wildcards * and ?
|
||||
name: "*"
|
||||
# A resoucre selector is optional. Selector values support wildcards * and ?
|
||||
selector:
|
||||
name: "mongo*" # Optional, a resource name is optional. Name supports wildcards * and ?
|
||||
namespaces: # Optional, list of namespaces
|
||||
- devtest2
|
||||
- devtest1
|
||||
selector: # Optional, a resource selector is optional. Selector values support wildcards * and ?
|
||||
matchLabels:
|
||||
app: mongodb
|
||||
matchExpressions:
|
||||
- {key: tier, operator: In, values: [database]}
|
||||
# Resources that need to be excluded
|
||||
# exclude:
|
||||
# resources:
|
||||
# kinds:
|
||||
# - Deployment
|
||||
# # A resource name is optional. Name supports wildcards * and ?
|
||||
# name: "*"
|
||||
# # A resoucre selector is optional. Selector values support wildcards * and ?
|
||||
# selector:
|
||||
# matchLabels:
|
||||
# app: mongodb
|
||||
# matchExpressions:
|
||||
# - {key: tier, operator: In, values: [database]}
|
||||
exclude: # Optional, resources to be excluded from evaulation
|
||||
resources:
|
||||
kinds:
|
||||
- Daemonsets
|
||||
name: "*"
|
||||
namespaces:
|
||||
- devtest2
|
||||
selector:
|
||||
matchLabels:
|
||||
app: mongodb
|
||||
matchExpressions:
|
||||
- {key: tier, operator: In, values: [database]}
|
||||
|
||||
# Each rule can contain a single validate, mutate, or generate directive
|
||||
...
|
||||
````
|
||||
|
|
Loading…
Add table
Reference in a new issue