All Policies

Add nodeSelector

The nodeSelector field uses labels to select the node on which a Pod can be scheduled. This can be useful when Pods have specific needs that only certain nodes in a cluster can provide. This policy adds the nodeSelector field to a Pod spec and configures it with labels `foo` and `color`.

Policy Definition

/other-mpol/add-nodeSelector/add-nodeSelector.yaml

  1apiVersion: policies.kyverno.io/v1alpha1
  2kind: MutatingPolicy
  3metadata:
  4  name: add-nodeselector
  5  annotations:
  6    policies.kyverno.io/title: Add nodeSelector
  7    policies.kyverno.io/category: Sample
  8    policies.kyverno.io/subject: Pod
  9    policies.kyverno.io/minversion: 1.15.0
 10    policies.kyverno.io/description: >-
 11      The nodeSelector field uses labels to select the node on which a Pod can be scheduled.
 12      This can be useful when Pods have specific needs that only certain nodes in a cluster can provide.
 13      This policy adds the nodeSelector field to a Pod spec and configures it with labels `foo` and `color`.
 14spec:
 15  matchConstraints:
 16    resourceRules:
 17    - apiGroups: [""]
 18      apiVersions: ["v1"]
 19      operations: ["CREATE", "UPDATE"]
 20      resources: ["pods"]
 21    - apiGroups: ["apps"]
 22      apiVersions: ["v1"]
 23      operations: ["CREATE", "UPDATE"]
 24      resources: ["deployments", "daemonsets", "statefulsets"]
 25    - apiGroups: ["batch"]
 26      apiVersions: ["v1"]
 27      operations: ["CREATE", "UPDATE"]
 28      resources: ["jobs", "cronjobs"]
 29
 30  mutations:
 31  # ===== PODS =====
 32  - patchType: JSONPatch
 33    jsonPatch:
 34      expression: |
 35        !has(object.spec.nodeSelector) ?
 36        [
 37          JSONPatch{
 38            op: "add",
 39            path: "/spec/nodeSelector",
 40            value: dyn({"foo": "bar", "color": "orange"})
 41          }
 42        ] : 
 43        [
 44          JSONPatch{
 45            op: "add",
 46            path: "/spec/nodeSelector/foo",
 47            value: "bar"
 48          },
 49          JSONPatch{
 50            op: "add",
 51            path: "/spec/nodeSelector/color",
 52            value: "orange"
 53          }
 54        ]
 55
 56  # ===== DEPLOYMENTS, DAEMONSETS, STATEFULSETS =====
 57  - patchType: JSONPatch
 58    jsonPatch:
 59      expression: |
 60        has(object.spec.template) ?
 61        (!has(object.spec.template.spec.nodeSelector) ?
 62          [
 63            JSONPatch{
 64              op: "add",
 65              path: "/spec/template/spec/nodeSelector",
 66              value: dyn({"foo": "bar", "color": "orange"})
 67            }
 68          ] : 
 69          [
 70            JSONPatch{
 71              op: "add",
 72              path: "/spec/template/spec/nodeSelector/foo",
 73              value: "bar"
 74            },
 75            JSONPatch{
 76              op: "add",
 77              path: "/spec/template/spec/nodeSelector/color",
 78              value: "orange"
 79            }
 80          ]
 81        ) : []
 82
 83  # ===== CRONJOBS =====
 84  - patchType: JSONPatch
 85    jsonPatch:
 86      expression: |
 87        has(object.spec.jobTemplate) ?
 88        (!has(object.spec.jobTemplate.spec.template.spec.nodeSelector) ?
 89          [
 90            JSONPatch{
 91              op: "add",
 92              path: "/spec/jobTemplate/spec/template/spec/nodeSelector",
 93              value: dyn({"foo": "bar", "color": "orange"})
 94            }
 95          ] : 
 96          [
 97            JSONPatch{
 98              op: "add",
 99              path: "/spec/jobTemplate/spec/template/spec/nodeSelector/foo",
100              value: "bar"
101            },
102            JSONPatch{
103              op: "add",
104              path: "/spec/jobTemplate/spec/template/spec/nodeSelector/color",
105              value: "orange"
106            }
107          ]
108        ) : []