All Policies

Add Tolerations

Pod tolerations are used to schedule on Nodes which have a matching taint. This policy adds the toleration `org.com/role=service:NoSchedule` if existing tolerations do not contain the key `org.com/role`.

Policy Definition

/other/add-tolerations/add-tolerations.yaml

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: add-tolerations
 5  annotations:
 6    policies.kyverno.io/title: Add Tolerations
 7    policies.kyverno.io/category: Other
 8    policies.kyverno.io/severity: medium
 9    policies.kyverno.io/subject: Pod
10    kyverno.io/kyverno-version: 1.7.1
11    policies.kyverno.io/minversion: 1.6.0
12    kyverno.io/kubernetes-version: "1.23"
13    policies.kyverno.io/description: >- 
14      Pod tolerations are used to schedule on Nodes which have
15      a matching taint. This policy adds the toleration `org.com/role=service:NoSchedule`
16      if existing tolerations do not contain the key `org.com/role`.
17spec:
18  rules:
19  - name: service-toleration
20    match:
21      any:
22      - resources:
23          kinds:
24          - Pod
25    preconditions:
26      any:
27      - key: "org.com/role"
28        operator: AnyNotIn
29        value: "{{ request.object.spec.tolerations[].key || `[]` }}"
30    mutate:
31      patchesJson6902: |-
32        - op: add
33          path: "/spec/tolerations/-"
34          value:
35            key: org.com/role
36            operator: Equal
37            value: service
38            effect: NoSchedule
Create policy issue