-
Notifications
You must be signed in to change notification settings - Fork 247
Kyverno annotations
Chip Zoller edited this page Dec 29, 2021
·
6 revisions
This page is a list of annotations reserved for Kyverno system use.
These annotations are used to classify sample policies primarily for use by the Kyverno website and, more specifically, the filtering logic on the policies page.
-
policies.kyverno.io/title
- (Optional) The title of the policy for documentation page rendering. It's a good idea to include this and not rely on the rendering ability.
-
policies.kyverno.io/category
- Category the policy fits in. Unless the policy applies to a community or "external" Kubernetes project, use
other
.
- Category the policy fits in. Unless the policy applies to a community or "external" Kubernetes project, use
-
policies.kyverno.io/scored
- Controls whether violations of rules in the policy are scored as either
error
(default behavior) orwarn
(if set to"false"
).
- Controls whether violations of rules in the policy are scored as either
-
policies.kyverno.io/subject
- The focus of the policy. For example,
Pod
orIngress
or a CustomResource likeClusterIssuer
. The subject is the "thing" on which the policy operates. For multiple, use a comma-separated string likePod, Deployment
.
- The focus of the policy. For example,
-
policies.kyverno.io/minversion
- Minimum version of Kyverno where this policy works. Note that this isn't the version of Kyverno where it was developed or tested but the minimum version of Kyverno where it's supported. If unknown, omit.
-
policies.kyverno.io/description
- Description of the policy. Should state two things: 1) Why such a policy is valuable and 2) what this specific policy does.
-
kyverno.io/kyverno-version
- Version(s) of Kyverno against which the policy should work.
-
kyverno.io/kubernetes-version
- Version(s) of Kubernetes against which the policy should work. Value should ideally be a range of versions no more than two prior (ex., 1.19-1.21) and must be enclosed in quotes.
- policies.kyverno.io/severity
- Sets the severity in a policy report.
These annotations Kyverno uses internally for some logic.
- pod-policies.kyverno.io/autogen-controllers
- Sets the Kubernetes controllers which should be applied to the rule. See the documentation for details.