Creating a kyverno policy to invalidate bad practices and avoid misplaced structure elements #9670
Unanswered
RayenDen
asked this question in
Contributor Q&A
Replies: 1 comment
-
You may need to use something like kyverno-json because Kyverno is Kubernetes aware and embeds the schemas for the core resource types. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello,
I'm trying to write a kyverno policy to invalidate misplaced elements in the deployment's structure (strategy in .spec.template.spec and not .spec in a deployment, in my case) i know the k8s api does the validation but i need the policy for it to happen on the pipeline's level.
Here's the policy validate-deployment-strategy.yaml i wrote i tried it 2 ways:
1st version:
2nd version :
when testing the policy on a deployment :
the policy triggers when strategy is in .spec.template.spec or in it's write place .spec and I dont understand the issue (new to kyverno)
i tried it locally through the commands :
kubectl apply -f validate-deployment-strategy.yaml
kubectl apply -f deployment.yaml --validate=false
Beta Was this translation helpful? Give feedback.
All reactions