Add Volume

Sample policy to add a volume and volumeMount.

Policy Definition

/other/add_volume_deployment.yaml

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: add-volume
  annotations:
    policies.kyverno.io/category: Sample
    policies.kyverno.io/description: >-
      Sample policy to add a volume and volumeMount. 
spec:
  background: false
  rules:
  - name: add-volume
    match:
      resources:
        kinds:
        - Deployment
    preconditions:
    - key: "{{request.object.spec.template.metadata.annotations.\"vault.k8s.corp.net/inject\"}}"
      operator: Equals
      value: "enabled"
    mutate:
      patchesJson6902: |-
        - op: add
          path: /spec/template/spec/volumes
          value: [{"name": "vault-secret","emptyDir": {"medium": "Memory"}}]
        - op: add
          path: /spec/template/spec/containers/0/volumeMounts
          value: [{"mountPath": "/secret","name": "vault-secret"}]
Last modified January 2, 2021: fix titles (9a0d72f)