K
Q

How to mandate all pods in namespace to be marked with label key=value upon creation

12/5/2019

Would it be possible to mandate developers (by creating policies on in some other way) to mark all of their pods/resources with pre-defined label , e.g. environment=dev or department=dev ?

It can be in the form of enforcement ( e.g. if pod is created without propel label - deny the creation request) or just silently apply necessary label and re-write the existing one if needed.

-- Andy
kubernetes
policies

Similar Questions

“kube-ingress-aws-controller” with “skipper” ingress deployed on a Kops cluster not routing properly
What command does kubernetes run to launch a container?
kubernetes load single image into cluster
Get environment variable from kubernetes pod?
Unauthorized error when joining existing cluster using kubeadm join command
How to wait X second to finish rolling update in k8s?

2 Answers

12/5/2019

I gave this answer to a similar question regarding "...policy check before container execution".

In essence, Open Policy Agent - a Cloud Native Computing Foundation (incubating) project - supports custom policy enforcement for Kubernetes. Check out this example regarding enforcing labels to be present.

-- apisim
Source: StackOverflow
12/5/2019

It seems that Admission controller is the only way to accomplish it - https://kubernetes.io/blog/2019/03/21/a-guide-to-kubernetes-admission-controllers/

-- Andy
Source: StackOverflow