pub/kyverno-2026-example
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
34fbdd14124eb5ed68a58ad25b5b894fb4d75678
kyverno-2026-example/04-generation/01-configmaps-secrets/generate-namespace-config.yaml
Vassiliy Yegorov 34fbdd1412 init
2026-04-08 20:22:14 +07:00

46 lines
1.5 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: generate-namespace-config
annotations:
policies.kyverno.io/title: "Генерация ConfigMap при создании Namespace"
policies.kyverno.io/category: Governance
policies.kyverno.io/severity: low
policies.kyverno.io/subject: Namespace
policies.kyverno.io/description: >-
При создании нового Namespace автоматически создаёт ConfigMap
с базовой конфигурацией. synchronize: true — ConfigMap обновляется
при изменении namespace и удаляется вместе с ним.
spec:
rules:
- name: generate-config
match:
resources:
kinds:
- Namespace
exclude:
resources:
names:
- kube-system
- kube-public
- kube-node-lease
- kyverno
generate:
apiVersion: v1
kind: ConfigMap
name: namespace-config
namespace: "{{ request.object.metadata.name }}"
synchronize: true
data:
kind: ConfigMap
metadata:
labels:
generated-by: kyverno
policy: generate-namespace-config
data:
namespace: "{{ request.object.metadata.name }}"
environment: "{{ request.object.metadata.labels.environment || 'unknown' }}"
team: "{{ request.object.metadata.labels.team || 'unknown' }}"
created-at: "{{ time_now_utc() }}"
documentation: "https://wiki.company.com/kubernetes/namespaces"
Reference in New Issue View Git Blame Copy Permalink