32 lines
2.0 KiB
YAML
32 lines
2.0 KiB
YAML
apiVersion: admissionregistration.k8s.io/v1
|
|
kind: ValidatingAdmissionPolicy
|
|
metadata:
|
|
annotations:
|
|
app.kubernetes.io/managed-by: Helm
|
|
gateway.networking.k8s.io/bundle-version: v1.5.0-dev
|
|
gateway.networking.k8s.io/channel: standard
|
|
helm.sh/resource-policy: keep
|
|
labels:
|
|
app.kubernetes.io/managed-by: Helm
|
|
name: safe-upgrades.gateway.networking.k8s.io
|
|
spec:
|
|
failurePolicy: Fail
|
|
matchConstraints:
|
|
resourceRules:
|
|
- apiGroups:
|
|
- apiextensions.k8s.io
|
|
apiVersions:
|
|
- v1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
resources:
|
|
- '*'
|
|
validations:
|
|
- expression: object.spec.group != 'gateway.networking.k8s.io' || oldObject == null || ( has(object.metadata.annotations) && object.metadata.annotations.exists(k, k == 'gateway.networking.k8s.io/channel') && object.metadata.annotations['gateway.networking.k8s.io/channel'] == 'standard' ) || ( oldObject != null && has(oldObject.metadata.annotations) && oldObject.metadata.annotations.exists(k, k == 'gateway.networking.k8s.io/channel') && oldObject.metadata.annotations['gateway.networking.k8s.io/channel'] == 'experimental' )
|
|
message: Installing experimental CRDs on top of standard channel CRDs is prohibited by default. Uninstall ValidatingAdmissionPolicy safe-upgrades.gateway.networking.k8s.io to install experimental CRDs on top of standard channel CRDs.
|
|
reason: Invalid
|
|
- expression: object.spec.group != 'gateway.networking.k8s.io' || (has(object.metadata.annotations) && object.metadata.annotations.exists(k, k == 'gateway.networking.k8s.io/bundle-version') && !matches(object.metadata.annotations['gateway.networking.k8s.io/bundle-version'], 'v1.[0-4].\\d+') && !matches(object.metadata.annotations['gateway.networking.k8s.io/bundle-version'], 'v0'))
|
|
message: Installing CRDs with version before v1.5.0 is prohibited by default. Uninstall ValidatingAdmissionPolicy safe-upgrades.gateway.networking.k8s.io to install older versions.
|
|
reason: Invalid
|