All Policies
Kubernetes Version Check
It is often needed to make decisions for resources based upon the version of the Kubernetes API server in the cluster. This policy serves as an example for how to retrieve the minor version of the Kubernetes API server and subsequently use in a policy behavior. It will mutate a Secret upon its creation with a label called `apiminorversion` the value of which is the minor version of the API server.
Policy Definition
/other/kubernetes-version-check/kubernetes-version-check.yaml
1apiVersion: kyverno.io/v1
2kind: ClusterPolicy
3metadata:
4 name: kubernetes-version-check
5 annotations:
6 policies.kyverno.io/title: Kubernetes Version Check
7 policies.kyverno.io/category: Other
8 policies.kyverno.io/severity: medium
9 policies.kyverno.io/subject: Secret
10 kyverno.io/kyverno-version: 1.8.0-rc2
11 policies.kyverno.io/minversion: 1.8.0
12 kyverno.io/kubernetes-version: "1.24"
13 policies.kyverno.io/description: >-
14 It is often needed to make decisions for resources based upon the version
15 of the Kubernetes API server in the cluster. This policy serves as an example
16 for how to retrieve the minor version of the Kubernetes API server and subsequently
17 use in a policy behavior. It will mutate a Secret upon its creation with a label
18 called `apiminorversion` the value of which is the minor version of the API server.
19spec:
20 rules:
21 - name: test-ver-ver
22 match:
23 any:
24 - resources:
25 kinds:
26 - Secret
27 preconditions:
28 all:
29 - key: "{{request.operation || 'BACKGROUND'}}"
30 operator: Equals
31 value: CREATE
32 context:
33 - name: minorversion
34 apiCall:
35 urlPath: /version
36 jmesPath: minor
37 mutate:
38 patchStrategicMerge:
39 metadata:
40 labels:
41 apiminorversion: "{{minorversion}}"
yaml