Inject Sidecar Container
Sample policy that injects a sidecar container into Pods that match an annotation.
Policy Definition
/other/inject_sidecar_deployment.yaml
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: inject-sidecar
annotations:
policies.kyverno.io/title: Inject Sidecar Container
policies.kyverno.io/category: Sample
policies.kyverno.io/description: >-
Sample policy that injects a sidecar container into Pods that match an annotation.
spec:
background: false
rules:
- name: inject-sidecar
match:
resources:
kinds:
- Deployment
mutate:
patchStrategicMerge:
spec:
template:
metadata:
annotations:
(vault.hashicorp.com/agent-inject): "true"
spec:
containers:
- name: vault-agent
image: vault:1.5.4
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /vault/secrets
name: vault-secret
initContainers:
- name: vault-agent-init
image: vault:1.5.4
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /vault/secrets
name: vault-secret
volumes:
- name: vault-secret
emptyDir:
medium: Memory
Last modified January 2, 2021: fix title & sort and regen policies (fa7e171)