41 lines
1.3 KiB
YAML
41 lines
1.3 KiB
YAML
apiVersion: kyverno.io/v1
|
|
kind: ClusterPolicy
|
|
metadata:
|
|
name: require-labels
|
|
annotations:
|
|
policies.kyverno.io/title: Require Labels
|
|
policies.kyverno.io/category: Best Practices
|
|
policies.kyverno.io/minversion: 1.6.0
|
|
policies.kyverno.io/severity: medium
|
|
policies.kyverno.io/subject: Pod, Label
|
|
policies.kyverno.io/description: Define and use labels that identify semantic attributes of your application or Deployment. A common set of labels allows tools to work collaboratively, describing objects in a common manner that all tools can understand. The recommended labels describe applications in a way that can be queried. This policy validates that the label `app.kubernetes.io/name` is specified with some value.
|
|
spec:
|
|
validationFailureAction: Enforce
|
|
background: true
|
|
rules:
|
|
- name: check-for-labels
|
|
skipBackgroundRequests: true
|
|
exclude:
|
|
any:
|
|
- resources:
|
|
namespaces:
|
|
- kube-system
|
|
- istio-system
|
|
- argocd
|
|
- cert-manager
|
|
- monitoring
|
|
- secrets
|
|
- kyverno
|
|
match:
|
|
any:
|
|
- resources:
|
|
kinds:
|
|
- Pod
|
|
validate:
|
|
message: The label `app.kubernetes.io/name` is required.
|
|
allowExistingViolations: true
|
|
pattern:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: "?*"
|