34 lines
936 B
YAML
34 lines
936 B
YAML
apiVersion: admissionregistration.k8s.io/v1alpha1
|
|
kind: MutatingAdmissionPolicy
|
|
metadata:
|
|
name: "sidecar-policy.example.com"
|
|
spec:
|
|
paramKind:
|
|
kind: Sidecar
|
|
apiVersion: mutations.example.com/v1
|
|
matchConstraints:
|
|
resourceRules:
|
|
- apiGroups: [""]
|
|
apiVersions: ["v1"]
|
|
operations: ["CREATE"]
|
|
resources: ["pods"]
|
|
matchConditions:
|
|
- name: does-not-already-have-sidecar
|
|
expression: "!object.spec.initContainers.exists(ic, ic.name == \"mesh-proxy\")"
|
|
failurePolicy: Fail
|
|
reinvocationPolicy: IfNeeded
|
|
mutations:
|
|
- patchType: "JSONPatch"
|
|
jsonPatch:
|
|
expression: >
|
|
[
|
|
JSONPatch{
|
|
op: "add", path: "/spec/initContainers/-",
|
|
value: Object.spec.initContainers{
|
|
name: "mesh-proxy",
|
|
image: "mesh-proxy/v1.0.0",
|
|
restartPolicy: "Always"
|
|
}
|
|
}
|
|
]
|