mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-01-20 18:52:16 +00:00
Code Activity
kyverno/samples/RequireLabels.md
Chip Zoller b268935aa3 add samples for Pod labels
2020-11-11 20:17:48 -05:00

1.2 KiB
Raw Blame History

Require labels

Labels are a fundamental and important way to assign descriptive metadata to Kubernetes resources, especially Pods. Labels are especially important as the number of applications grow and are composed in different ways.

This sample policy requires that the label app.kubernetes.io/name be defined on all Pods. If you wish to require that all Pods have multiple labels defined (as opposed to any labels from an approved list), this policy can be altered by adding an additional rule block which checks for a second (or third, etc.) label name.

More Information

Policy YAML

require_labels.yaml

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: require-labels
spec:
  validationFailureAction: audit
  rules:
  - name: check-for-labels
    match:
      resources:
        kinds:
        - Pod
    validate:
      message: "The label `app.kubernetes.io/name` is required."
      pattern:
        metadata:
          labels:
            app.kubernetes.io/name: "?*"