Open in app

Sign in

Write

Sign in

OPA gatekeeper — Mutation CRDs assign default pod/deployment imagePullPolicy “IfNotPresent”

Jbn1233
Jan 28, 2023

--

apiVersion: mutations.gatekeeper.sh/v1
kind: Assign
metadata:
  name: deployment-imagepullpolicy
spec:
  applyTo:
  - groups: ["apps"]
    kinds: ["Deployment"]
    versions:
    - v1
  match:
    excludedNamespaces:
    - kube-system
  location: "spec.template.spec.containers[name: *].imagePullPolicy"
  parameters:
    assign:
      value: "IfNotPresent"
---
apiVersion: mutations.gatekeeper.sh/v1
kind: Assign
metadata:
  name: pod-imagepullpolicy
spec:
  applyTo:
  - groups: [""]
    kinds: ["Pod"]
    versions:
    - v1
  match:
    excludedNamespaces:
    - kube-system
  location: "spec.containers[name: *].imagePullPolicy"
  parameters:
    assign:
      value: "IfNotPresent"

demo:

refer: https://open-policy-agent.github.io/gatekeeper/website/docs/mutation/

Kubernetes

--

--

Jbn1233
Jbn1233

Written by Jbn1233

28 Followers
1 Following

Very short and simple notes for CKA/SRE and may not works on your environment | jbn1233@gmail.com | Bangkok, Thailand |

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams