All Policies
Label Existing Namespaces
Namespaces which preexist may need to be labeled after the fact and it is time consuming to identify which ones should be labeled and either doing so manually or with a scripted approach. This policy, which triggers on any AdmissionReview request to any Namespace, will result in applying the label `mykey=myvalue` to all existing Namespaces. If this policy is updated to change the desired label key or value, it will cause another mutation which updates all Namespaces.
Policy Definition
/other/label-existing-namespaces/label-existing-namespaces.yaml
1apiVersion: kyverno.io/v1
2kind: ClusterPolicy
3metadata:
4 name: label-existing-namespaces
5 annotations:
6 policies.kyverno.io/title: Label Existing Namespaces
7 policies.kyverno.io/category: Other
8 policies.kyverno.io/severity: medium
9 policies.kyverno.io/subject: Namespace
10 kyverno.io/kyverno-version: 1.7.0
11 policies.kyverno.io/minversion: 1.7.0
12 kyverno.io/kubernetes-version: "1.23"
13 policies.kyverno.io/description: >-
14 Namespaces which preexist may need to be labeled after the fact and it is
15 time consuming to identify which ones should be labeled and either doing so manually
16 or with a scripted approach. This policy, which triggers on any AdmissionReview request
17 to any Namespace, will result in applying the label `mykey=myvalue` to all existing
18 Namespaces. If this policy is updated to change the desired label key or value, it will
19 cause another mutation which updates all Namespaces.
20spec:
21 mutateExistingOnPolicyUpdate: true
22 rules:
23 - name: label-existing-namespaces
24 match:
25 any:
26 - resources:
27 kinds:
28 - Namespace
29 mutate:
30 targets:
31 - apiVersion: v1
32 kind: Namespace
33 patchStrategicMerge:
34 metadata:
35 labels:
36 mykey: myvalue