mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 07:57:07 +00:00
Code Activity
kyverno/documentation/writing-policies.md
Jim Bugwadia 25b60590ca - add validation example 
- update docs for validation
2019-05-22 00:09:45 -07:00

1.4 KiB
Raw Blame History

documentation / Writing Policies

Writing Policies

A Kyverno policy contains a set of rules. Each rule matches resources by kind, name, or selectors.

apiVersion : kyverno.io/v1alpha1
kind : Policy
metadata :
  name : policy
spec :

  # Each policy has a list of rules applied in declaration order
  rules:

    # Rules must have a name
    - name: "check-pod-controller-labels"
      
      # Each rule matches specific resource described by "resource" field.
      resource:
        kind: Deployment, StatefulSet, DaemonSet
        # Name is optional. By default validation policy is applicable to any resource of supported kinds.
        # Name supports wildcards * and ?
        name: "*"
        # Selector is optional and can be used to match specific resources
        # Selector values support wildcards * and ?
        selector:
            # A selector can use match
            matchLabels:
                app: mongodb
            matchExpressions:
                - {key: tier, operator: In, values: [database]}


     # Each rule can contain a single validate, mutate, or generate directive
     ...

Each rule can validate, mutate, or generate configurations of matching resources. A rule definition can contain only a single validate, mutate, or generate child node.

Read Next >> Validate