Last active
November 3, 2021 09:33
-
-
Save bastjan/ceea4d4974f76fbd9922952b2780f35a to your computer and use it in GitHub Desktop.
Merge two config maps using kyverno
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: merge-configmap | |
| labels: | |
| test: insert-merged | |
| --- | |
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: base | |
| namespace: merge-configmap | |
| data: | |
| host: example.com | |
| auth: blubber | |
| --- | |
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: overlay | |
| namespace: merge-configmap | |
| data: | |
| auth: test | |
| --- | |
| apiVersion: kyverno.io/v1 | |
| kind: ClusterPolicy | |
| metadata: | |
| name: merged | |
| spec: | |
| rules: | |
| - name: merged | |
| match: | |
| resources: | |
| kinds: | |
| - Namespace | |
| selector: | |
| matchLabels: | |
| test: insert-merged | |
| context: | |
| - name: base | |
| configMap: | |
| name: base | |
| namespace: merge-configmap | |
| - name: overlay | |
| configMap: | |
| name: overlay | |
| namespace: merge-configmap | |
| generate: | |
| synchronize: true | |
| kind: ConfigMap | |
| apiVersion: v1 | |
| name: merged | |
| # generate the resource in the new namespace | |
| namespace: "{{request.object.metadata.name}}" | |
| data: | |
| data: | |
| host: "{{overlay.data.host || base.data.host}}" | |
| auth: "{{overlay.data.auth || base.data.auth}}" | |
| # there seems to be a bug in kyverno without referencing the base variable | |
| # kyverno denies the rule with: context variable `base` is not used in the policy | |
| # kyverno v1.5.0 | |
| # https://github.com/kyverno/kyverno/blob/831a9826d17ed067d8bfd095b0ebea40e3aec109/pkg/policy/validate.go#L931 | |
| _base_host: "{{base.data.host}}" | |
| _base_auth: "{{base.data.auth}}" | |
| # # Merging objects panics | |
| # _using_merge: "{{base.data | merge(@,overlay.data)}}" | |
| # _using_merge_host: "{{base.data | merge(@,overlay.data).host}}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| data: | |
| _base_auth: blubber | |
| _base_host: example.com | |
| auth: test | |
| host: example.com | |
| kind: ConfigMap | |
| metadata: | |
| creationTimestamp: "2021-11-02T19:18:21Z" | |
| labels: | |
| app.kubernetes.io/managed-by: kyverno | |
| kyverno.io/generated-by-kind: Namespace | |
| kyverno.io/generated-by-name: merge-configmap | |
| kyverno.io/generated-by-namespace: "" | |
| policy.kyverno.io/gr-name: gr-tktc6 | |
| policy.kyverno.io/policy-name: merged | |
| policy.kyverno.io/synchronize: enable | |
| name: merged | |
| namespace: merge-configmap | |
| resourceVersion: "192648" | |
| uid: d225aa0b-0ab0-46f9-bb1c-61c9361a7a0a |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment