mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-06 16:06:56 +00:00
93 lines
2.1 KiB
YAML
93 lines
2.1 KiB
YAML
# This is a test-policy with patch, configMapGenerator with and without "copyFrom" option,
|
|
# secretGenerator with and without "copyFrom" option.
|
|
# To apply this policy you need to create secret and configMap in "default" namespace
|
|
# and then create a namespace
|
|
|
|
apiVersion : kyverno.io/v1alpha1
|
|
kind : ClusterPolicy
|
|
metadata :
|
|
name : "policy-ns-patch-cmg-sg"
|
|
spec :
|
|
rules:
|
|
- name: "patchNamespace2"
|
|
match:
|
|
resources:
|
|
kinds :
|
|
- Namespace
|
|
selector:
|
|
matchLabels:
|
|
LabelForSelector : "namespace2"
|
|
mutate:
|
|
patches:
|
|
- path: "/metadata/labels/isMutatedByPolicy"
|
|
op: add
|
|
value: "true"
|
|
|
|
- name: "copyCM"
|
|
match:
|
|
resources:
|
|
kinds :
|
|
- Namespace
|
|
selector:
|
|
matchLabels:
|
|
LabelForSelector : "namespace2"
|
|
generate :
|
|
kind: ConfigMap
|
|
name : copied-cm
|
|
clone:
|
|
namespace : default
|
|
name : game-config
|
|
|
|
- name: "generateCM"
|
|
match:
|
|
resources:
|
|
kinds :
|
|
- Namespace
|
|
selector:
|
|
matchLabels:
|
|
LabelForSelector : "namespace2"
|
|
generate :
|
|
kind: ConfigMap
|
|
name : generated-cm
|
|
data :
|
|
data:
|
|
secretData: "very sensitive data from cmg"
|
|
database: mongodb
|
|
database_uri: mongodb://localhost:27017
|
|
keys: |
|
|
image.public.key=771
|
|
rsa.public.key=42
|
|
|
|
- name: "generateSecret"
|
|
match:
|
|
resources:
|
|
kinds :
|
|
- Namespace
|
|
name: ns2
|
|
generate :
|
|
kind: Secret
|
|
name : generated-secrets
|
|
data :
|
|
foo : bar
|
|
app.properties : /
|
|
foo1=bar1
|
|
foo2=bar2
|
|
ui.properties : /
|
|
foo1=bar1
|
|
foo2=bar2
|
|
|
|
- name: "copySecret"
|
|
match:
|
|
resources:
|
|
kinds :
|
|
- Namespace
|
|
name: ns2
|
|
generate :
|
|
kind: Secret
|
|
name : copied-secrets
|
|
copyFrom :
|
|
namespace : default
|
|
name : mysecret
|
|
data :
|
|
foo : bar
|
|
secretData: "data from sg"
|