All Policies

Add Linkerd Mesh Injection

Sidecar proxy injection in Linkerd may be handled at the Namespace level by setting the annotation `linkerd.io/inject` to `enabled`. In addition, a second annotation may be applied which controls the Pod startup behavior. This policy sets the annotations, if not present, `linkerd.io/inject` and `config.linkerd.io/proxy-await` to `enabled` on all new Namespaces.

Policy Definition

/linkerd/add-linkerd-mesh-injection/add-linkerd-mesh-injection.yaml

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: add-linkerd-mesh-injection
 5  annotations:
 6    policies.kyverno.io/title: Add Linkerd Mesh Injection
 7    policies.kyverno.io/category: Linkerd
 8    policies.kyverno.io/severity: medium
 9    policies.kyverno.io/subject: Namespace, Annotation
10    policies.kyverno.io/description: >-
11      Sidecar proxy injection in Linkerd may be handled at the Namespace level by
12      setting the annotation `linkerd.io/inject` to `enabled`. In addition, a second
13      annotation may be applied which controls the Pod startup behavior. This policy
14      sets the annotations, if not present, `linkerd.io/inject` and `config.linkerd.io/proxy-await`
15      to `enabled` on all new Namespaces.
16spec:
17  rules:
18  - name: add-mesh-annotations
19    match:
20      any:
21      - resources:
22          kinds:
23          - Namespace
24    mutate:
25      patchStrategicMerge:
26        metadata:
27          annotations:
28            +(linkerd.io/inject): enabled
29            +(config.linkerd.io/proxy-await): enabled
Create policy issue