mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-31 03:45:17 +00:00
6359fd4a1a
* feat: generate VAPs from VPs Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix codegen Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix chainsaw tests Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
30 lines
784 B
YAML
30 lines
784 B
YAML
apiVersion: admissionregistration.k8s.io/v1
|
|
kind: ValidatingAdmissionPolicy
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/managed-by: kyverno
|
|
name: vpol-check-deployment-labels
|
|
ownerReferences:
|
|
- apiVersion: policies.kyverno.io/v1alpha1
|
|
kind: ValidatingPolicy
|
|
name: check-deployment-labels
|
|
spec:
|
|
failurePolicy: Fail
|
|
matchConstraints:
|
|
resourceRules:
|
|
- apiGroups:
|
|
- apps
|
|
apiVersions:
|
|
- v1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
resources:
|
|
- deployments
|
|
variables:
|
|
- expression: has(object.metadata.labels) && 'env' in object.metadata.labels &&
|
|
object.metadata.labels['env'] == 'prod'
|
|
name: environment
|
|
validations:
|
|
- expression: variables.environment == true
|
|
message: Deployment labels must be env=prod
|