mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity
kyverno/samples/RequireLabels.md
Chip Zoller c52f07b615
new samples; updates (#1259) 
* new samples; updates

* typos

* add policy to restrict LoadBalancer

* correct sample numbering

* fix typos
2020-11-16 13:39:59 -08:00

1.3 KiB
Raw Blame History

Require labels

Labels are a fundamental and important way to assign descriptive metadata to Kubernetes resources, especially Pods. Labels are especially important as the number of applications grow and are composed in different ways.

This sample policy requires that the label app.kubernetes.io/name be defined on all Pods. If you wish to require that all Pods have multiple labels defined (as opposed to any labels from an approved list), this policy can be altered by adding more labels.

More Information

Policy YAML

require_labels.yaml

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: require-labels
spec:
  validationFailureAction: audit
  rules:
  - name: check-for-labels
    match:
      resources:
        kinds:
        - Pod
    validate:
      message: "The label `app.kubernetes.io/name` is required."
      pattern:
        metadata:
          labels:
            app.kubernetes.io/name: "?*"
            # You can add more labels if you wish the policy to validate more than just one is present. Uncomment the below line, or add new ones.
            #app.kubernetes.io/component: "?*