Prevent Use of Default Project

This policy prevents the use of the default project in an Application.

Policy Definition

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: application-prevent-default-project
  annotations:
    policies.kyverno.io/title: Prevent Use of Default Project
    policies.kyverno.io/category: Argo
    policies.kyverno.io/severity: medium
    kyverno.io/kyverno-version: 1.6.2
    policies.kyverno.io/minversion: 1.6.0
    kyverno.io/kubernetes-version: "1.23"
    policies.kyverno.io/subject: Application
    policies.kyverno.io/description: This policy prevents the use of the default project in an Application.
spec:
  validationFailureAction: Audit
  background: true
  rules:
    - name: default-project
      match:
        any:
          - resources:
              kinds:
                - Application
      preconditions:
        all:
          - key: "{{ request.operation || 'BACKGROUND' }}"
            operator: NotEquals
            value: DELETE
      validate:
        message: The default project may not be used in an Application.
        pattern:
          spec:
            project: "!default"

Related Policies

ValidateMedium

Application Field Validation in CEL expressions

This policy performs some best practices validation on Application fields. Path or chart must be specified but never both. And destination.name or destination.server must be specified but never both.

Application

ValidateMedium

Prevent Use of Default Project in CEL expressions

This policy prevents the use of the default project in an Application.

Application

ValidateMedium

Prevent Updates to Project in CEL expressions

This policy prevents updates to the project field after an Application is created.

Application