当我使用命令:helm install kyverno-policies 时, 我收到此错误:错误:安装失败:解析错误(kyverno-policies-fix/templates/default/require-network-policy.yaml:39):函数“请求”未定义
而 require-network-policy.yaml 文件:
{{- $name := "require-network-policy" }}
{{ if not (and $name .Values.disableDefaultTemplates) }}
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: {{ $name }}
annotations:
policies.kyverno.io/title: Require NetworkPolicy
policies.kyverno.io/category: Sample
policies.kyverno.io/minversion: 1.6.0
kyverno.io/kyverno-version: 1.6.2
kyverno.io/kubernetes-version: "1.23"
policies.kyverno.io/subject: Deployment, NetworkPolicy
policies.kyverno.io/description: >-
NetworkPolicy is used to control Pod-to-Pod communication
and is a good practice to ensure only authorized Pods can send/receive
traffic. This policy checks incoming Deployments to ensure
they have a matching, preexisting NetworkPolicy.
spec:
validationFailureAction: {{ .Values.validationFailureAction }}
background: false
rules:
- name: require-network-policy
match:
any:
- resources:
kinds:
- Deployment
preconditions:
any:
- key: "{{request.operation || 'BACKGROUND'}}"
operator: Equals
value: CREATE
validate:
message: "Every Deployment requires a matching NetworkPolicy."
deny:
conditions:
any:
- key: "{{ request.operation == 'CREATE' && resources[kind=='NetworkPolicy'].length > 0 && resources[kind=='NetworkPolicy'].spec.podSelector.matchLabels == request.object.spec.template.metadata.labels }}"
operator: Equals
value: false
{{- end }}
chart.yaml 文件:
apiVersion: v2
name: kyverno-policies-fix
description: A Helm chart that provisions Kyverno including the custom rules to test
type: application
version: 0.1.3
appVersion: "0.1.4"
condition: kyverno.enabled
根据文档:https://kyverno.io/docs/writing-policies/variables/#variables-in-helm
你应该使用:{{
{{ request.userInfo.username }}
}}