47 lines
1.5 KiB
YAML
47 lines
1.5 KiB
YAML
apiVersion: kyverno.io/v1
|
||
kind: ClusterPolicy
|
||
metadata:
|
||
name: require-standard-labels
|
||
annotations:
|
||
policies.kyverno.io/title: "Обязательные стандартные лейблы"
|
||
policies.kyverno.io/category: Governance
|
||
policies.kyverno.io/severity: medium
|
||
policies.kyverno.io/subject: Deployment,StatefulSet,DaemonSet
|
||
policies.kyverno.io/description: >-
|
||
Требует наличия стандартных лейблов у workload ресурсов.
|
||
Лейблы используются для мониторинга, алертинга и распределения затрат.
|
||
Допустимые значения environment: dev | staging | production
|
||
spec:
|
||
validationFailureAction: Enforce
|
||
background: true
|
||
rules:
|
||
- name: check-required-labels
|
||
match:
|
||
resources:
|
||
kinds:
|
||
- Deployment
|
||
- StatefulSet
|
||
- DaemonSet
|
||
exclude:
|
||
resources:
|
||
namespaces:
|
||
- kube-system
|
||
- kyverno
|
||
validate:
|
||
message: >-
|
||
Ресурс '{{ request.object.metadata.name }}' должен иметь лейблы:
|
||
app, version, team, environment (dev|staging|production)
|
||
Пример:
|
||
labels:
|
||
app: my-service
|
||
version: "1.0.0"
|
||
team: payments
|
||
environment: production
|
||
pattern:
|
||
metadata:
|
||
labels:
|
||
app: "?*"
|
||
version: "?*"
|
||
team: "?*"
|
||
environment: "^(dev|staging|production)$"
|