Major Customer is using a "Policy" object to create Kubernetes objects in certain clusters. The customer is looking for a way to access the name of the namespace where the Kubernetes object is created in.
So for example if they set the "namespaceSelector" to include some namespaces. The customer would like to access the names of the included namespaces in the "lookup" query. See the example policy below.
Alternatively, this requests looks at a way (variables or similar) to refer to the currently defined namespace in a "Policy".
apiVersion: policy.open-cluster-management.io/v1
kind: Policy
...
spec:
policy-templates:
- objectDefinition:
...
spec:
namespaceSelector:
include:
- poi-accos-dev
- poi-ebilling-dev
object-templates:
- complianceType: musthave
objectDefinition:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-from-accos-ebilling-dev-projects
spec:
ingress:
- from:
- namespaceSelector:
matchLabels:
poi-network-access: '{{ (lookup "v1" "Namespace" "<NAMESPACE_NAME>" "<NAMESPACE_NAME>").metadata.labels.poi-network-access }}'
podSelector: {}
policyTypes:
- Ingress
- is duplicated by
-
ACM-2913 ACM "lookup" functionality for included or current namespace
-
- Closed
-
