mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-06 07:57:07 +00:00
8781a38849
* feat: configure webhook scope based on policy type Signed-off-by: Florian Hopfensperger <florian.hopfensperger@allianz.de> * Update pkg/controllers/webhook/controller.go Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: shuting <shuting@nirmata.com> * feat: configure webhook scope based on resource type Signed-off-by: Florian Hopfensperger <florian.hopfensperger@allianz.de> * review comments Signed-off-by: Florian Hopfensperger <florian.hopfensperger@allianz.de> * sorting of webhooks Signed-off-by: Florian Hopfensperger <florian.hopfensperger@allianz.de> * Update pkg/controllers/webhook/utils.go Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix imports Signed-off-by: Florian Hopfensperger <florian.hopfensperger@allianz.de> --------- Signed-off-by: Florian Hopfensperger <florian.hopfensperger@allianz.de> Signed-off-by: shuting <shuting@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
23 lines
533 B
YAML
23 lines
533 B
YAML
apiVersion: kyverno.io/v1
|
|
kind: ClusterPolicy
|
|
metadata:
|
|
name: require-labels
|
|
annotations:
|
|
pod-policies.kyverno.io/autogen-controllers: none
|
|
spec:
|
|
validationFailureAction: Audit
|
|
background: false
|
|
rules:
|
|
- name: require-team
|
|
match:
|
|
any:
|
|
- resources:
|
|
kinds:
|
|
- 'ConfigMap'
|
|
- 'CustomResourceDefinition'
|
|
validate:
|
|
message: 'The label `team` is required.'
|
|
pattern:
|
|
metadata:
|
|
labels:
|
|
team: '?*'
|