mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-06 16:06:56 +00:00
c796bb765c
* fix: return policies with either audit or enforce rules from the cache Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * feat: introduce validationFailureAction under verifyImage rules Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * feat: add chainsaw tests Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>
36 lines
1.1 KiB
YAML
36 lines
1.1 KiB
YAML
---
|
|
apiVersion: kyverno.io/v1
|
|
kind: ClusterPolicy
|
|
metadata:
|
|
annotations:
|
|
policies.kyverno.io/category: Sample
|
|
policies.kyverno.io/description: 'Secrets like registry credentials often need
|
|
to exist in multiple Namespaces so Pods there have access. Manually duplicating
|
|
those Secrets is time consuming and error prone. This policy will copy all Secrets
|
|
with the appropriate label which exists in the `default` Namespace to new Namespaces
|
|
when they are created. It will also push updates to the copied Secrets should the
|
|
source Secret be changed.'
|
|
policies.kyverno.io/subject: Secret
|
|
policies.kyverno.io/title: Clone List Secrets
|
|
name: clone-list-secrets
|
|
spec:
|
|
admission: true
|
|
background: true
|
|
rules:
|
|
- generate:
|
|
cloneList:
|
|
namespace: default
|
|
kinds:
|
|
- v1/Secret
|
|
- v1/ConfigMap
|
|
selector:
|
|
matchLabels:
|
|
allowedToBeCloned: "true"
|
|
namespace: '{{request.object.metadata.name}}'
|
|
synchronize: true
|
|
match:
|
|
any:
|
|
- resources:
|
|
kinds:
|
|
- Namespace
|
|
name: clone-list-labelled-secrets
|