apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: add-wait-for-db
  annotations:
    policies.kyverno.io/title: "Добавление init-контейнера для ожидания PostgreSQL"
    policies.kyverno.io/category: Governance
    policies.kyverno.io/severity: low
    policies.kyverno.io/subject: Deployment,StatefulSet,DaemonSet
    policies.kyverno.io/description: >-
      1. По условию добавляет init-контейнер для ожидания PostgreSQL
spec:
  rules:
    - name: add-wait-for-db
      match:
        resources:
          kinds:
          - Pod
      preconditions:
        any:
        - key: "{{ request.object.metadata.annotations.\"init.company.com/wait-for-db\" }}"
          operator: Equals
          value: "true"
      mutate:
        patchStrategicMerge:
          spec:
            initContainers:
            - name: wait-for-db
              image: registry.company.com/busybox:1.36
              command:
              - sh
              - -c
              - until nc -z postgres-service 5432; do echo "Ожидаем PostgreSQL..."; sleep 2; done