All Policies

Require Linkerd Mesh Injection

Sidecar proxy injection in Linkerd may be handled at the Namespace level by setting the annotation `linkerd.io/inject` to `enabled`. This policy enforces that all Namespaces contain the annotation `linkerd.io/inject` set to `enabled`.

Policy Definition

/linkerd/require-linkerd-mesh-injection/require-linkerd-mesh-injection.yaml

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: require-linkerd-mesh-injection
 5  annotations:
 6    policies.kyverno.io/title: Require Linkerd Mesh Injection
 7    policies.kyverno.io/category: Linkerd
 8    policies.kyverno.io/severity: medium
 9    policies.kyverno.io/subject: Namespace, Annotation
10    policies.kyverno.io/description: >-
11      Sidecar proxy injection in Linkerd may be handled at the Namespace level by
12      setting the annotation `linkerd.io/inject` to `enabled`. This policy enforces that
13      all Namespaces contain the annotation `linkerd.io/inject` set to `enabled`.      
14spec:
15  validationFailureAction: audit
16  background: true
17  rules:
18  - name: require-mesh-annotation
19    match:
20      any:
21      - resources:
22          kinds:
23          - Namespace
24    validate:
25      message: "All Namespaces must set the annotation `linkerd.io/inject` to `enabled`."
26      pattern:
27        metadata:
28          annotations:
29            linkerd.io/inject: enabled
Create policy issue