Kubernetes Version Check

It is often needed to make decisions for resources based upon the version of the Kubernetes API server in the cluster. This policy serves as an example for how to retrieve the minor version of the Kubernetes API server and subsequently use in a policy behavior. It will mutate a Secret upon its creation with a label called `apiminorversion` the value of which is the minor version of the API server.

Policy Definition

/other/kubernetes-version-check/kubernetes-version-check.yaml

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: kubernetes-version-check
 5  annotations:
 6    policies.kyverno.io/title: Kubernetes Version Check
 7    policies.kyverno.io/category: Other
 8    policies.kyverno.io/severity: medium
 9    policies.kyverno.io/subject: Secret
10    kyverno.io/kyverno-version: 1.8.0-rc2
11    policies.kyverno.io/minversion: 1.8.0
12    kyverno.io/kubernetes-version: "1.24"
13    policies.kyverno.io/description: >-
14      It is often needed to make decisions for resources based upon the version
15      of the Kubernetes API server in the cluster. This policy serves as an example
16      for how to retrieve the minor version of the Kubernetes API server and subsequently
17      use in a policy behavior. It will mutate a Secret upon its creation with a label
18      called `apiminorversion` the value of which is the minor version of the API server.
19spec:
20  rules:
21  - name: test-ver-ver
22    match:
23      any:
24      - resources:
25          kinds:
26          - Secret
27    preconditions:
28      all:
29      - key: "{{request.operation || 'BACKGROUND'}}"
30        operator: Equals
31        value: CREATE
32    context:
33    - name: minorversion
34      apiCall:
35        urlPath: /version
36        jmesPath: minor
37    mutate:
38      patchStrategicMerge:
39        metadata:
40          labels:
41            apiminorversion: "{{minorversion}}"

Create policy issue