All Policies

Concatenate ConfigMaps

In some cases, an update to an existing resource should have downstream effects on a different resource in another Namespace. Rather than overwriting the target, the current state of the source can be concatenated to the target. This policy, triggered by an update to a source ConfigMap, concatenates that value of a target ConfigMap in a different Namespace.

Policy Definition

/other/concatenate-configmaps/concatenate-configmaps.yaml

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: concatenate-configmaps
 5  annotations:
 6    policies.kyverno.io/title: Concatenate ConfigMaps
 7    policies.kyverno.io/category: Other
 8    policies.kyverno.io/severity: medium
 9    policies.kyverno.io/subject: ConfigMap
10    kyverno.io/kyverno-version: 1.7.0
11    policies.kyverno.io/minversion: 1.7.0
12    kyverno.io/kubernetes-version: "1.23"
13    policies.kyverno.io/description: >-
14      In some cases, an update to an existing resource should have downstream effects
15      on a different resource in another Namespace. Rather than overwriting the target,
16      the current state of the source can be concatenated to the target.
17      This policy, triggered by an update to a source ConfigMap, concatenates
18      that value of a target ConfigMap in a different Namespace.
19spec:
20  mutateExistingOnPolicyUpdate: false
21  rules:
22  - name: concat-cm
23    match:
24      any:
25      - resources:
26          kinds:
27          - ConfigMap
28          names:
29          - cmone
30          namespaces:
31          - foo
32    mutate:
33      targets:
34        - apiVersion: v1
35          kind: ConfigMap
36          name: cmtwo
37          namespace: bar
38      patchStrategicMerge:
39        data:
40          keytwo: "{{ @ }} plus {{request.object.data.keyone}}"
Create policy issue