Define and use labels that identify semantic attributes of your application or Deployment. A common set of labels allows tools to work collaboratively, describing objects in a common manner that all tools can understand. The recommended labels describe applications in a way that can be queried. This policy validates that the label `app.kubernetes.io/name` is specified with some value.
apiVersion: kyverno.io/v1kind: ClusterPolicymetadata:name: require-labelsannotations:policies.kyverno.io/title: Require Labels in CEL expressionspolicies.kyverno.io/category: Best Practices in CELpolicies.kyverno.io/minversion: 1.11.0kyverno.io/kubernetes-version: 1.26-1.27policies.kyverno.io/severity: mediumpolicies.kyverno.io/subject: Pod, Labelpolicies.kyverno.io/description: Define and use labels that identify semantic attributes of your application or Deployment. A common set of labels allows tools to work collaboratively, describing objects in a common manner that all tools can understand. The recommended labels describe applications in a way that can be queried. This policy validates that the label `app.kubernetes.io/name` is specified with some value.spec:validationFailureAction: Auditbackground: truerules:- name: check-for-labelsmatch:any:- resources:kinds:- Podoperations:- CREATE- UPDATEvalidate:cel:expressions:- expression: object.metadata.?labels[?'app.kubernetes.io/name'].orValue('') != ""message: The label `app.kubernetes.io/name` is required.
This policy performs some best practices validation on Application fields. Path or chart must be specified but never both. And destination.name or destination.server must be specified but never both.
This policy prevents the use of the default project in an Application.
This policy prevents updates to the project field after an Application is created.