Refresh Environment Variables in Pods #1125
-
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: refresh-env-var-in-pods
spec:
mutateExistingOnPolicyUpdate: false
rules:
- name: refresh-from-secret-env
match:
any:
- resources:
kinds:
- Secret
selector:
matchLabels:
kyverno.io/watch: "true"
preconditions:
all:
- key: "{{request.operation}}"
operator: Equals
value: UPDATE
mutate:
targets:
- apiVersion: apps/v1
kind: Deployment
namespace: "{{request.namespace}}"
patchStrategicMerge:
spec:
template:
metadata:
annotations:
corp.org/random: "{{ random('[0-9a-z]{8}') }}"
spec:
containers:
- env:
- valueFrom:
secretKeyRef:
<(name): "{{ request.object.metadata.name }}"
I am using api v1 i get this is there any alternate |
Beta Was this translation helpful? Give feedback.
Replies: 6 comments 2 replies
-
Please fix the formatting of your policy so we can read it. |
Beta Was this translation helpful? Give feedback.
-
My usecase is i want to restart my pod whenever a secret is updated. |
Beta Was this translation helpful? Give feedback.
-
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: refresh-env-var-in-pods
spec:
mutateExistingOnPolicyUpdate: false
rules:
- name: refresh-from-secret-env
match:
any:
- resources:
kinds:
- Secret
selector:
matchLabels:
kyverno.io/watch: "true"
preconditions:
all:
- key: "{{request.operation}}"
operator: Equals
value: UPDATE
mutate:
targets:
- apiVersion: apps/v1
kind: Deployment
namespace: "{{request.namespace}}"
patchStrategicMerge:
spec:
template:
metadata:
annotations:
corp.org/random: "{{ random('[0-9a-z]{8}') }}"
spec:
containers:
- env:
- valueFrom:
secretKeyRef:
<(name): "{{ request.object.metadata.name }}" When i use this i get the below error
|
Beta Was this translation helpful? Give feedback.
-
You're applying this policy it appears, which we know works. What version of Kyverno and how are you testing this? |
Beta Was this translation helpful? Give feedback.
-
Transferred to discussion. |
Beta Was this translation helpful? Give feedback.
-
:v1.7.5 this is my kyverno version |
Beta Was this translation helpful? Give feedback.
Minimum supported version of this policy is Kyverno 1.9.0.