Comments (5)
Sample policy:
apiVersion : kyverno.io/v1
kind: ClusterPolicy
metadata:
name: limits
spec:
validationFailureAction: enforce
rules:
- name: limit-lb-svc
match:
resources:
kinds:
- Service
context:
- name: serviceCount
apiCall:
urlPath: "/api/v1/namespaces/{{ request.object.metadata.namespace }}/services"
jmesPath: "items[?spec.type == 'LoadBalancer'] | length(@)"
preconditions:
- key: "{{ request.operation }}"
operator: Equals
value: "CREATE"
validate:
message: "Only one LoadBalancer service is allowed per namespace"
deny:
conditions:
- key: "{{ serviceCount }}"
operator: Equals
value: 1
from website.
λ kubectl explain policy.spec.rules.context.apiCall
KIND: Policy
VERSION: kyverno.io/v1
RESOURCE: apiCall <Object>
DESCRIPTION:
APICall is an API server request to retrieve data
FIELDS:
jmesPath <string>
JMESPath is an optional JSON Match Expression that can be used to transform
the JSON response from the API server.
urlPath <string> -required-
URLPath is the URL path to be used in the HTTP GET request
from website.
@JimBugwadia, can you possibly provide some "starter" docs (in this issue is fine; I can pick up the torch) that describes the functions supported in JMESPath, the operators, and if things like wildcards are supported in that and urlPath along with a couple more examples?
from website.
Thanks, Chip! Working on it and will get a PR this weekend. I am thinking of splitting the "Variables" and "External Data Lookups" sections into separate chapters with more details on how variables are processed.
from website.
Yeah, I think those definitely should be separate pages. I'm hoping to work on the new features in docs this weekend. Also thinking more about how we can version the docs, the pain in doing so, and what value that provides...
from website.
Related Issues (20)
- [Enhancement] Add docs related to match conditions
- [Enhancement] Add docs for VerifyImage TTL cache HOT 2
- [Enhancement] Add docs for validating admission policies HOT 1
- [Bug] Kyverno is not list on the EKS ISV add-on HOT 1
- [Bug] ca certificate issue HOT 1
- [Enhancement] Add Policy Annotations description to documentation HOT 5
- [Enhancement] Add a word about the impossibility to mutate certain fields HOT 1
- [Enhancement] Add match for whole API group
- [Bug] Drop NET_RAW capability instead of CAP_NET_RAW HOT 2
- [Bug] incorrect documentation for add and replace operations of RFC 6902 JSONPatch
- [Bug] Typo on JMESPath page (missing 'it') HOT 2
- [Enhancement] PolicyException moves to beta HOT 1
- [Enhancement] Add docs for CRDs subchart HOT 1
- [Enhancement] Add new CLI commands documentation HOT 2
- [Enhancement] Add documentation for enabling flexible registry credential configurations
- [Enhancement] Add docs for wildcard support in subjects statements
- [Enhancement] add doc for allow overriding ca and tls secret names
- [Enhancement] update doc for policy report aggregation HOT 1
- [Enhancement] Add IsExternalURL doc HOT 1
- [Enhancement] Add docs for conditions support in `PolicyException` HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from website.