TechQA.

installing kyverno policies on kubernetes cluster using helm charts

176 views Asked by At

when i use command : helm install kyverno-policies , i got this error : Error: INSTALLATION FAILED: parse error at (kyverno-policies-fix/templates/default/require-network-policy.yaml:39): function "request" not defined

while the require-network-policy.yaml file :

{{- $name := "require-network-policy" }}
{{ if not (and $name .Values.disableDefaultTemplates) }}
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
 name: {{ $name }}
 annotations:
    policies.kyverno.io/title: Require NetworkPolicy
    policies.kyverno.io/category: Sample
    policies.kyverno.io/minversion: 1.6.0
    kyverno.io/kyverno-version: 1.6.2
    kyverno.io/kubernetes-version: "1.23"
    policies.kyverno.io/subject: Deployment, NetworkPolicy
    policies.kyverno.io/description: >-
      NetworkPolicy is used to control Pod-to-Pod communication
      and is a good practice to ensure only authorized Pods can send/receive
      traffic. This policy checks incoming Deployments to ensure
      they have a matching, preexisting NetworkPolicy.      
spec:
  validationFailureAction: {{ .Values.validationFailureAction }}
  background: false
  rules:
  - name: require-network-policy
      match:
        any:
        - resources:
            kinds:
            - Deployment
      preconditions:
        any:
        - key: "{{request.operation || 'BACKGROUND'}}"
          operator: Equals
          value: CREATE
      validate:
        message: "Every Deployment requires a matching NetworkPolicy."
        deny:
          conditions:
            any:
            - key: "{{ request.operation == 'CREATE' && resources[kind=='NetworkPolicy'].length > 0 && resources[kind=='NetworkPolicy'].spec.podSelector.matchLabels == request.object.spec.template.metadata.labels }}"
              operator: Equals
              value: false
{{- end }}

chart.yaml file :

apiVersion: v2
name: kyverno-policies-fix
description: A Helm chart that provisions Kyverno including the custom rules to test
type: application
version: 0.1.3
appVersion: "0.1.4"
condition: kyverno.enabled
kubernetes kubernetes-helm argocd policies
Original Q&A
0

There are 0 answers

Related Questions in KUBERNETES

Related Questions in KUBERNETES-HELM

Related Questions in ARGOCD

Related Questions in POLICIES

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions