init

03-mutation/01-basics/normalize.yaml

@@ -0,0 +1,32 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: normalize-image-tag
+  annotations:
+    policies.kyverno.io/title: "Нормализация тега образа"
+    policies.kyverno.io/category: Governance
+    policies.kyverno.io/severity: low
+    policies.kyverno.io/subject: Deployment,StatefulSet,DaemonSet
+    policies.kyverno.io/description: >-
+      1. По условию заменяет тег образа на ":stable"
+spec:
+  rules:
+    - name: normalize-image-tag
+      match:
+        resources:
+          kinds:
+          - Pod
+      mutate:
+        foreach:
+        - list: "request.object.spec.containers"
+          preconditions:
+            any:
+            - key: "{{ element.image }}"
+              operator: EndsWith
+              value: ":latest"
+          patchStrategicMerge:
+            spec:
+              containers:
+              - name: "{{ element.name }}"
+                image: >-
+                  {{ replace_all('{{ element.image }}', ':latest', ':stable') }}