Restrict Node Affinity

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: restrict-node-affinity
 5  annotations:
 6    policies.kyverno.io/title: Restrict Node Affinity
 7    policies.kyverno.io/category: Other
 8    policies.kyverno.io/severity: medium
 9    policies.kyverno.io/subject: Pod
10    kyverno.io/kyverno-version: 1.8.4
11    kyverno.io/kubernetes-version: "1.24"
12    policies.kyverno.io/description: >-
13      Pods may use several mechanisms to prefer scheduling on a set of nodes,
14      and nodeAffinity is one of them. nodeAffinity uses expressions to select
15      eligible nodes for scheduling decisions and may override intended placement
16      options by cluster administrators. This policy ensures that nodeAffinity
17      is not used in a Pod spec.
18spec:
19  background: true
20  validationFailureAction: Audit
21  rules:
22  - name: check-nodeaffinity
23    match:
24      any:
25      - resources:
26          kinds:
27          - Pod
28    validate:
29      message: "Node affinity cannot be used."
30      pattern:
31        spec:
32          =(affinity):
33            X(nodeAffinity): "null"