All Policies

Kubernetes Version Check

It is often needed to make decisions for resources based upon the version of the Kubernetes API server in the cluster. This policy serves as an example for how to retrieve the minor version of the Kubernetes API server and subsequently use in a policy behavior. It will mutate a Secret upon its creation with a label called `apiminorversion` the value of which is the minor version of the API server.

Policy Definition

/other/kubernetes-version-check/kubernetes-version-check.yaml

1apiVersion: kyverno.io/v1 2kind: ClusterPolicy 3metadata: 4 name: kubernetes-version-check 5 annotations: 6 policies.kyverno.io/title: Kubernetes Version Check 7 policies.kyverno.io/category: Other 8 policies.kyverno.io/severity: medium 9 policies.kyverno.io/subject: Secret 10 kyverno.io/kyverno-version: 1.8.0-rc2 11 policies.kyverno.io/minversion: 1.8.0 12 kyverno.io/kubernetes-version: "1.24" 13 policies.kyverno.io/description: >- 14 It is often needed to make decisions for resources based upon the version 15 of the Kubernetes API server in the cluster. This policy serves as an example 16 for how to retrieve the minor version of the Kubernetes API server and subsequently 17 use in a policy behavior. It will mutate a Secret upon its creation with a label 18 called `apiminorversion` the value of which is the minor version of the API server. 19spec: 20 rules: 21 - name: test-ver-ver 22 match: 23 any: 24 - resources: 25 kinds: 26 - Secret 27 preconditions: 28 all: 29 - key: "{{request.operation || 'BACKGROUND'}}" 30 operator: Equals 31 value: CREATE 32 context: 33 - name: minorversion 34 apiCall: 35 urlPath: /version 36 jmesPath: minor 37 mutate: 38 patchStrategicMerge: 39 metadata: 40 labels: 41 apiminorversion: "{{minorversion}}"
yaml