All Policies

Audit Event on Delete

Kubernetes Events are limited in that the circumstances under which they are created cannot be changed and with what they are associated is fixed. It may be advantageous in many cases to augment these out-of-the-box Events with custom Events which can be custom designed to your needs. This policy generates an Event when a Secret has been deleted. It lists the userInfo of the actor performing the deletion.

Policy Definition

/other/audit-event-on-delete/audit-event-on-delete.yaml

 1apiVersion: kyverno.io/v2beta1
 2kind: ClusterPolicy
 3metadata:
 4  name: audit-event-on-delete
 5  annotations:
 6    policies.kyverno.io/title: Audit Event on Delete
 7    policies.kyverno.io/category: Other
 8    kyverno.io/kyverno-version: 1.10.0
 9    policies.kyverno.io/minversion: 1.10.0
10    kyverno.io/kubernetes-version: "1.26"
11    policies.kyverno.io/subject: Secret
12    policies.kyverno.io/description: >-
13      Kubernetes Events are limited in that the circumstances under which they are created
14      cannot be changed and with what they are associated is fixed. It may be advantageous
15      in many cases to augment these out-of-the-box Events with custom Events which can be
16      custom designed to your needs. This policy generates an Event when a Secret has been
17      deleted. It lists the userInfo of the actor performing the deletion.
18spec:
19  background: false
20  rules:
21  - name: generate-event-on-delete
22    match:
23      any:
24      - resources:
25          kinds:
26          - Secret
27          operations:
28          - DELETE
29    generate:
30      apiVersion: v1
31      kind: Event
32      name: "delete.{{ random('[a-z0-9]{12}') }}"
33      namespace: "{{request.object.metadata.namespace}}"
34      synchronize: false
35      data:
36        firstTimestamp: "{{ time_now_utc() }}"
37        involvedObject:
38          apiVersion: v1
39          kind: Secret
40          name: "{{ request.name }}"
41          namespace: "{{ request.namespace }}"
42          uid: "{{request.oldObject.metadata.uid}}"
43        lastTimestamp: "{{ time_now_utc() }}"
44        message: The {{ request.name }} Secret was deleted by {{ request.userInfo | to_string(@) }}.
45        reason: Delete
46        source:
47          component: kyverno
48        type: Warning
Create policy issue