Mastodawn

Today's lesson: Using #kyverno you can configure cluster policies to replicate secrets from a reference namespace to any set of arbitrary destination namespaces.

However, one needs to ensure that the proper events are used to trigger the policy - we don't just want to copy secrets on namespace creation, but also when namespaces are updated, and for any eligible namespace at the time the policy was created. We also want to ensure that destinations secrets are updated when the source secret changes.

Kyverno makes this simple with a few features:

* The `synchronize: true` parameter for its cluster policy will create secrets for new eligible namespaces, and update secrets when the source secret changes.
* With `generateExisting: true`, a background job is created when the policy is instantiated to retroactively make it apply to existing namespaces.

Finally, with the recently released Kyverno version 1.15, new CEL-based policy types are available that are even more flexible and powerful.

https://kyverno.io/docs/policy-types/cluster-policy/generate/#clone-examples

https://kyverno.io/docs/policy-types/cluster-policy/generate/#generate-for-existing-resources

https://kyverno.io/docs/policy-types/generating-policy/

#k8s #kubernetes #AdmissionControl

Generate Rules

Create new Kubernetes resources based on a policy and optionally keep them in sync.

Kyverno

Show thread

Arena Cops 🇺🇦✌Apr 28, 2023

@CarlG314 @GottaLaff It's the job of real Federal Election Commissions to tell organizations, that refuse to comply with the rules of parliamentary democracy:

"No, your anti-democratic nature disqualifies you from running for any public office in this country!"

Why? Because Al Qaeda wouldn't be granted a permission to run for House & Senate seats, either.

#DefendDemocracy #DefensiveDemocracy #Democracy #AdmissionControl #ElectionCommission #SaveLives #YourVoiceMatters #YouMatter #RaiseYourVoice