kyverno apply

Applies policies on resources.

Synopsis

Applies policies on resources.

For more information visit here

kyverno apply [flags]

Examples

  # Apply on a resource
  kyverno apply /path/to/policy.yaml /path/to/folderOfPolicies --resource=/path/to/resource1 --resource=/path/to/resource2

  # Apply on a folder of resources
  kyverno apply /path/to/policy.yaml /path/to/folderOfPolicies --resource=/path/to/resources/

  # Apply on a cluster
  kyverno apply /path/to/policy.yaml /path/to/folderOfPolicies --cluster

  # Apply policies from a gitSourceURL on a cluster
  kyverno apply https://github.com/kyverno/policies/openshift/ --git-branch main --cluster

  # Apply single policy with variable on single resource
  kyverno apply /path/to/policy.yaml --resource /path/to/resource.yaml --set <variable1>=<value1>,<variable2>=<value2>

  # Apply multiple policy with variable on multiple resource
  kyverno apply /path/to/policy1.yaml /path/to/policy2.yaml --resource /path/to/resource1.yaml --resource /path/to/resource2.yaml -f /path/to/value.yaml

Options

      --audit-warn           If set to true, will flag audit policies as warnings instead of failures
  -c, --cluster              Checks if policies should be applied to cluster in the current context
      --context string       The name of the kubeconfig context to use
      --detailed-results     If set to true, display detailed results
  -e, --exception strings    Policy exception to be considered when evaluating policies against resources
      --exceptions strings   Policy exception to be considered when evaluating policies against resources
  -b, --git-branch string    test git repository branch
  -h, --help                 help for apply
      --kubeconfig string    path to kubeconfig file with authorization and master location information
  -n, --namespace string     Optional Policy parameter passed with cluster flag
  -o, --output string        Prints the mutated resources in provided file/directory
  -p, --policy-report        Generates policy report when passed (default policyviolation)
      --registry             If set to true, access the image registry using local docker credentials to populate external data
      --remove-color         Remove any color from output
  -r, --resource strings     Path to resource files
      --resources strings    Path to resource files
  -s, --set strings          Variables that are required
  -i, --stdin                Optional mutate policy parameter to pipe directly through to kubectl
  -t, --table                Show results in table format
  -u, --userinfo string      Admission Info including Roles, Cluster Roles and Subjects
  -f, --values-file string   File containing values for policy variables
      --warn-exit-code int   Set the exit code for warnings; if failures or errors are found, will exit 1
      --warn-no-pass         Specify if warning exit code should be raised if no objects satisfied a policy; can be used together with --warn-exit-code flag

Options inherited from parent commands

      --add_dir_header                   If true, adds the file directory to the header of the log messages
      --alsologtostderr                  log to standard error as well as files (no effect when -logtostderr=true)
      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
      --log_dir string                   If non-empty, write log files in this directory (no effect when -logtostderr=true)
      --log_file string                  If non-empty, use this log file (no effect when -logtostderr=true)
      --log_file_max_size uint           Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
      --logtostderr                      log to standard error instead of files (default true)
      --one_output                       If true, only write logs to their native severity level (vs also writing to each lower severity level; no effect when -logtostderr=true)
      --skip_headers                     If true, avoid header prefixes in the log messages
      --skip_log_headers                 If true, avoid headers when opening log files (no effect when -logtostderr=true)
      --stderrthreshold severity         logs at or above this threshold go to stderr when writing to files and stderr (no effect when -logtostderr=true or -alsologtostderr=true) (default 2)
  -v, --v Level                          number for the log level verbosity
      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.

Last modified April 08, 2024 at 8:29 AM PST: Refactor links (#1205) (5060f3d)

kyverno apply

kyverno apply

Synopsis

Examples

Options

Options inherited from parent commands

SEE ALSO

Feedback