2024-10-11 05:51:48 -05:00
|
|
|
---
|
|
|
|
|
# yaml-language-server: $schema=https://ks.hsn.dev/kyverno.io/clusterpolicy_v1.json
|
2024-10-11 06:46:10 -05:00
|
|
|
apiVersion: kyverno.io/v1
|
2024-10-11 05:51:48 -05:00
|
|
|
kind: ClusterPolicy
|
|
|
|
|
metadata:
|
2024-10-29 10:33:33 -05:00
|
|
|
name: add-talos-factory-schematic-to-node
|
2024-10-11 05:51:48 -05:00
|
|
|
annotations:
|
|
|
|
|
pod-policies.kyverno.io/autogen-controllers: none
|
2024-10-29 10:33:33 -05:00
|
|
|
policies.kyverno.io/title: Adds talos factory schematic to node
|
2024-10-11 05:51:48 -05:00
|
|
|
policies.kyverno.io/category: Other
|
|
|
|
|
policies.kyverno.io/subject: Pod
|
|
|
|
|
kyverno.io/kyverno-version: 1.10.0
|
|
|
|
|
policies.kyverno.io/minversion: 1.10.0
|
|
|
|
|
kyverno.io/kubernetes-version: "1.30"
|
|
|
|
|
spec:
|
|
|
|
|
background: false
|
|
|
|
|
rules:
|
|
|
|
|
- name: project-foo
|
|
|
|
|
match:
|
|
|
|
|
any:
|
|
|
|
|
- resources:
|
|
|
|
|
kinds:
|
|
|
|
|
- Pod/binding
|
|
|
|
|
names:
|
|
|
|
|
- apply-talos*
|
|
|
|
|
context:
|
|
|
|
|
- name: node
|
|
|
|
|
variable:
|
|
|
|
|
jmesPath: request.object.target.name
|
|
|
|
|
default: ""
|
|
|
|
|
- name: schematic
|
|
|
|
|
apiCall:
|
|
|
|
|
urlPath: "/api/v1/nodes/{{node}}"
|
|
|
|
|
jmesPath: 'metadata.annotations."extensions.talos.dev/schematic" || ''empty'''
|
|
|
|
|
mutate:
|
|
|
|
|
patchStrategicMerge:
|
|
|
|
|
metadata:
|
|
|
|
|
annotations:
|
|
|
|
|
extensions.talos.dev/schematic: "{{ schematic }}"
|
