mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-10 18:06:55 +00:00
Code Activity
kyverno/test/cli/test-mutate/connection-draining/policy.yaml
Charles-Edouard Brétéché 9e950b9892
fix: Kyverno test fails to load resources (#8349) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-09-12 09:45:24 +00:00

71 lines
No EOL
2.2 KiB
YAML
Raw Blame History

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: disable-connection-draining
annotations:
policies.kyverno.io/title: Configure Connection Draining
policies.kyverno.io/category: Best Practices
policies.kyverno.io/subject: Service
spec:
background: true
rules:
- name: clb
match:
resources:
kinds:
- Service
context:
- name: connection_draining_check
variable:
default: "empty"
jmesPath: request.object.metadata.annotations."service.beta.kubernetes.io/aws-load-balancer-connection-draining-enabled"
- name: nlb_check
variable:
default: "false"
jmesPath: request.object.metadata.annotations."service.beta.kubernetes.io/aws-load-balancer-type"
preconditions:
all:
- key: "{{ request.object.spec.type }}"
operator: Equals
value: "LoadBalancer"
- key: "{{ connection_draining_check }}"
operator: AnyIn
value: ["true", "empty"]
- key: "{{ nlb_check }}"
operator: AnyNotIn
value: ["external", "nlb"]
mutate:
patchStrategicMerge:
metadata:
annotations:
service.beta.kubernetes.io/aws-load-balancer-connection-draining-enabled: "false"
- name: nlb-no-attributes
match:
resources:
kinds:
- Service
context:
- name: nlb_check
variable:
default: "false"
jmesPath: request.object.metadata.annotations."service.beta.kubernetes.io/aws-load-balancer-type"
- name: tg_attributes
variable:
default: "false"
jmesPath: request.object.metadata.annotations."service.beta.kubernetes.io/aws-load-balancer-target-group-attributes"
preconditions:
all:
- key: "{{ request.object.spec.type }}"
operator: Equals
value: "LoadBalancer"
- key: "{{ nlb_check }}"
operator: Equals
value: "external"
- key: "{{ tg_attributes }}"
operator: Equals
value: "false"
mutate:
patchStrategicMerge:
metadata:
annotations:
service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: "deregistration_delay.connection_termination.enabled=true,deregistration_delay.timeout_seconds=0"
View git blame Copy permalink