mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-09 17:37:12 +00:00
d2e6759115
* fix:[Bug] [CLI] CEL scanning a namespace yaml object makes Kyverno crash Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com> * Fix nil pointer dereference in namespace handling for ValidatingAdmissionPolicy. Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com> * added test for namespace resource Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com> * fixed test Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com> * fixed test Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com> * fixed test, combined binding and policy Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com> --------- Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>
21 lines
578 B
YAML
21 lines
578 B
YAML
apiVersion: admissionregistration.k8s.io/v1
|
|
kind: ValidatingAdmissionPolicy
|
|
metadata:
|
|
name: validate-namespace-name
|
|
spec:
|
|
matchConstraints:
|
|
resourceRules:
|
|
- apiGroups: [""]
|
|
apiVersions: ["v1"]
|
|
resources: ["namespaces"]
|
|
validations:
|
|
- expression: "object.metadata.name.startsWith('valid-')"
|
|
message: "Namespace name must start with 'valid-'."
|
|
---
|
|
apiVersion: admissionregistration.k8s.io/v1
|
|
kind: ValidatingAdmissionPolicyBinding
|
|
metadata:
|
|
name: validate-namespace-binding
|
|
spec:
|
|
policyName: validate-namespace-name
|
|
validationActions: [Deny]
|