apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: normalize-image-tag
  annotations:
    policies.kyverno.io/title: "Нормализация тега образа"
    policies.kyverno.io/category: Governance
    policies.kyverno.io/severity: low
    policies.kyverno.io/subject: Deployment,StatefulSet,DaemonSet
    policies.kyverno.io/description: >-
      1. По условию заменяет тег образа на ":stable"
spec:
  rules:
    - name: normalize-image-tag
      match:
        resources:
          kinds:
          - Pod
      mutate:
        foreach:
        - list: "request.object.spec.containers"
          preconditions:
            any:
            - key: "{{ element.image }}"
              operator: EndsWith
              value: ":latest"
          patchStrategicMerge:
            spec:
              containers:
              - name: "{{ element.name }}"
                image: >-
                  {{ replace_all('{{ element.image }}', ':latest', ':stable') }}