Add Pod Proxies

In restricted environments, Pods may not be allowed to egress directly to all destinations and some overrides to specific addresses may need to go through a corporate proxy. This policy adds proxy information to Pods in the form of environment variables. It will add the `env` array if not present. If any Pods have any of these env vars, they will be overwritten with the value(s) in this policy.

Policy Definition

/other/add-pod-proxies/add-pod-proxies.yaml

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: add-pod-proxies
 5  annotations:
 6    policies.kyverno.io/title: Add Pod Proxies
 7    policies.kyverno.io/subject: Pod
 8    policies.kyverno.io/category: Sample
 9    policies.kyverno.io/minversion: 1.6.0
10    policies.kyverno.io/description: >-
11      In restricted environments, Pods may not be allowed to egress directly to all destinations
12      and some overrides to specific addresses may need to go through a corporate proxy.
13      This policy adds proxy information to Pods in the form of environment variables.
14      It will add the `env` array if not present. If any Pods have any of these
15      env vars, they will be overwritten with the value(s) in this policy.
16spec:
17  rules:
18  - name: add-pod-proxies
19    match:
20      any:
21      - resources:
22          kinds:
23          - Pod
24    mutate:
25      patchStrategicMerge:
26        spec:
27          containers:
28            - (name): "*"
29              env:
30              - name: HTTP_PROXY
31                value: http://proxy.corp.domain:8080
32              - name: HTTPS_PROXY
33                value: https://secureproxy.corp.domain:8080
34              - name: NO_PROXY
35                value: localhost,*.example.com

Create policy issue