pub/kyverno-2026-example
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix pols for 1.18

Browse Source
This commit is contained in:
Vassiliy Yegorov
2026-05-14 18:55:39 +07:00
parent 5578400e7f
commit ffa61ab646
19 changed files with 266 additions and 180 deletions
Download Patch File Download Diff File Expand all files Collapse all files
03-mutation/01-basics/normalize.yaml
+1 -2
View File
@@ -28,5 +28,4 @@ spec:
spec:
containers:
- name: "{{ element.name }}"
image: >-
{{ replace_all('{{ element.image }}', ':latest', ':stable') }}
image: "{{ replace_all(element.image, ':latest', ':stable') }}"
03-mutation/01-basics/pre-conditions.yaml
+6 -6
View File
@@ -41,12 +41,12 @@ spec:
- list: "request.object.spec.containers"
preconditions:
any:
- key: "{{ element.image }}"
operator: Contains
value: "openjdk-v1"
- key: "{{ element.image }}"
operator: Contains
value: "eclipse-v1"
- key: "{{ regex_match('openjdk-v1', element.image) }}"
operator: Equals
value: true
- key: "{{ regex_match('eclipse-v1', element.image) }}"
operator: Equals
value: true
patchStrategicMerge:
spec:
containers:
03-mutation/03-advanced/add-creator-audit-annotation.yaml
+1 -1
View File
@@ -31,7 +31,7 @@ spec:
audit.company.com/created-by: "{{ request.userInfo.username }}"
audit.company.com/created-at: "{{ time_now_utc() }}"
audit.company.com/user-groups: >-
{{ request.userInfo.groups | join(', ', @) }}
{{ join(', ', request.userInfo.groups) }}
- name: set-environment-labels
match:
03-mutation/03-advanced/set-dynamic-resource-limits.yaml
+5 -4
View File
@@ -29,6 +29,9 @@ spec:
configMap:
name: kyverno-global-config
namespace: kyverno
- name: serviceType
variable:
value: "{{ request.object.metadata.labels.\"service-type\" || 'default' }}"
mutate:
foreach:
- list: "request.object.spec.containers"
@@ -38,7 +41,5 @@ spec:
- name: "{{ element.name }}"
resources:
limits:
+(memory): >-
{{ globalConfig.data.\"{{ request.object.metadata.labels.\"service-type\" || 'default' }}_memory\" || '256Mi' }}
+(cpu): >-
{{ globalConfig.data.\"{{ request.object.metadata.labels.\"service-type\" || 'default' }}_cpu\" || '250m' }}
+(memory): "{{ globalConfig.data.\"{{ serviceType }}_memory\" || '256Mi' }}"
+(cpu): "{{ globalConfig.data.\"{{ serviceType }}_cpu\" || '250m' }}"