All Policies
Add Image as Environment Variable
The Kubernetes downward API only has the ability to express so many options as environment variables. The image consumed in a Pod is commonly needed to make the application aware of some logic it must take. This policy takes the value of the `image` field and adds it as an environment variable to bare Pods and Deployments having no more than two containers. The `env` array must already exist for the policy to operate correctly. This policy may be easily extended to support other higher-level Pod controllers as well as more containers by following the established rules.
Policy Definition
/other/add-image-as-env-var/add-image-as-env-var.yaml
1apiVersion: kyverno.io/v1
2kind: ClusterPolicy
3metadata:
4 name: add-image-as-env-var
5 # env array needs to exist (least one env var is present)
6 annotations:
7 pod-policies.kyverno.io/autogen-controllers: None
8 policies.kyverno.io/title: Add Image as Environment Variable
9 policies.kyverno.io/category: Other
10 policies.kyverno.io/severity: medium
11 policies.kyverno.io/minversion: 1.4.3
12 kyverno.io/kyverno-version: 1.6.2
13 kyverno.io/kubernetes-version: "1.23"
14 policies.kyverno.io/subject: Pod
15 policies.kyverno.io/description: >-
16 The Kubernetes downward API only has the ability to express so many
17 options as environment variables. The image consumed in a Pod is commonly
18 needed to make the application aware of some logic it must take. This policy
19 takes the value of the `image` field and adds it as an environment variable
20 to bare Pods and Deployments having no more than two containers. The `env` array must already exist for the policy
21 to operate correctly. This policy may be easily extended to support other higher-level
22 Pod controllers as well as more containers by following the established rules.
23spec:
24 background: false
25 schemaValidation: false
26 rules:
27 # One Pod
28 - name: pod-containers-1-inject-image
29 match:
30 resources:
31 kinds:
32 - Pod
33 preconditions:
34 all:
35 - key: "{{request.object.spec.containers[] | length(@)}}"
36 operator: GreaterThanOrEquals
37 value: 1
38 mutate:
39 patchesJson6902: |-
40 - op: add
41 path: "/spec/containers/0/env/-"
42 value: {"name":"K8S_IMAGE","value":"{{request.object.spec.containers[0].image}}"}
43 # Two or more Pods
44 - name: pod-containers-2-inject-image
45 match:
46 resources:
47 kinds:
48 - Pod
49 preconditions:
50 all:
51 - key: "{{request.object.spec.containers[] | length(@)}}"
52 operator: GreaterThanOrEquals
53 value: 2
54 mutate:
55 patchesJson6902: |-
56 - op: add
57 path: "/spec/containers/1/env/-"
58 value: {"name":"K8S_IMAGE","value":"{{request.object.spec.containers[1].image}}"}
59 # Deployment with one Pod
60 - name: deploy-containers-1-inject-image
61 match:
62 resources:
63 kinds:
64 - Deployment
65 preconditions:
66 all:
67 - key: "{{request.object.spec.template.spec.containers[] | length(@)}}"
68 operator: GreaterThanOrEquals
69 value: 1
70 mutate:
71 patchesJson6902: |-
72 - op: add
73 path: "/spec/template/spec/containers/0/env/-"
74 value: {"name":"K8S_IMAGE","value":"{{request.object.spec.template.spec.containers[0].image}}"}
75 # Deployment with two or more Pods
76 - name: deploy-containers-2-inject-image
77 match:
78 resources:
79 kinds:
80 - Deployment
81 preconditions:
82 all:
83 - key: "{{request.object.spec.template.spec.containers[] | length(@)}}"
84 operator: GreaterThanOrEquals
85 value: 2
86 mutate:
87 patchesJson6902: |-
88 - op: add
89 path: "/spec/template/spec/containers/1/env/-"
90 value: {"name":"K8S_IMAGE","value":"{{request.object.spec.template.spec.containers[1].image}}"}