Help Center/
Ubiquitous Cloud Native Service/
User Guide/
Policy Center/
Policy Definition Library/
k8srequiredannotations
Updated on 2024-02-01 GMT+08:00
k8srequiredannotations
Basic Information
- Policy type: compliance
- Recommended level: L1
- Effective resource type: *
- Parameter
annotations: array of key-value pairs, key/allowedRegex key: a8r.io/owner # Matches email address or github user allowedRegex: ^([A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}|[a-z]{1,39})$
Function
The resource must contain the specified annotations, and the value must match the provided regular expression.
Policy Example
The following policy instance shows the resource types for which the policy definition takes effect. Parameters specifies the message and annotations constraints.
apiVersion: constraints.gatekeeper.sh/v1beta1
kind: K8sRequiredAnnotations
metadata:
name: all-must-have-certain-set-of-annotations
spec:
match:
kinds:
- apiGroups: [""]
kinds: ["Service"]
parameters:
message: "All services must have a `a8r.io/owner` and `a8r.io/runbook` annotations."
annotations:
- key: a8r.io/owner
# Matches email address or github user
allowedRegex: ^([A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}|[a-z]{1,39})$
- key: a8r.io/runbook
# Matches urls including or not http/https
allowedRegex: ^(http:\/\/www\.|https:\/\/www\.|http:\/\/|https:\/\/)?[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,5}(:[0-9]{1,5})?(\/.*)?$
Resource Definition That Complies with the Policy
The annotations in the example comply with the policy instance.
apiVersion: v1
kind: Service
metadata:
name: allowed-service
annotations:
a8r.io/owner: "dev-team-alfa@contoso.com"
a8r.io/runbook: "https://confluence.contoso.com/dev-team-alfa/runbooks"
spec:
ports:
- name: http
port: 80
targetPort: 8080
selector:
app: foo
Resource Definition That Does Not Comply with the Policy
In the example, no value is configured for annotations, which does not comply with the policy instance.
apiVersion: v1
kind: Service
metadata:
name: disallowed-service
spec:
ports:
- name: http
port: 80
targetPort: 8080
selector:
app: foo
Parent topic: Policy Definition Library
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot
