apiVersion: kyverno.io/v1alpha1
kind: Policy
metadata:
  name: test-podtemplate
spec:
  rules:
    - name: podtemplate1
      resource:
        kinds :
        - PodTemplate
        selector:
          matchLabels:
            originalLabel: isHere
      mutate:
        overlay:
          template:
            spec:
              restartPolicy: Always
        patches:
        - path: "/metadata/labels/app"
          op : replace
          value : mutedApp
        - path: "/template/spec/containers/0/name"
          op : replace
          value : mongodb
        - path: "/template/spec/containers/0/image"
          op : replace
          value : mongodb
      validate:
        message: "Port 80 is only allowed"
        pattern:
          template:
            spec:
              containers:
                - name: "*"
                  ports:
                  - containerPort: 80