All Policies
Add Image as Environment Variable
The Kubernetes downward API only has the ability to express so many options as environment variables. The image consumed in a Pod is commonly needed to make the application aware of some logic it must take. This policy takes the value of the `image` field and adds it as an environment variable to bare Pods and Deployments having no more than two containers. The `env` array must already exist for the policy to operate correctly. This policy may be easily extended to support other higher-level Pod controllers as well as more containers by following the established rules.
Policy Definition
/other/add-image-as-env-var/add-image-as-env-var.yaml
1apiVersion: kyverno.io/v1
2kind: ClusterPolicy
3metadata:
4 name: add-image-as-env-var
5 # env array needs to exist (least one env var is present)
6 annotations:
7 pod-policies.kyverno.io/autogen-controllers: None
8 policies.kyverno.io/title: Add Image as Environment Variable
9 policies.kyverno.io/category: Other
10 policies.kyverno.io/severity: medium
11 policies.kyverno.io/minversion: 1.6.0
12 kyverno.io/kyverno-version: 1.6.2
13 kyverno.io/kubernetes-version: "1.23"
14 policies.kyverno.io/subject: Pod
15 policies.kyverno.io/description: >-
16 The Kubernetes downward API only has the ability to express so many
17 options as environment variables. The image consumed in a Pod is commonly
18 needed to make the application aware of some logic it must take. This policy
19 takes the value of the `image` field and adds it as an environment variable
20 to bare Pods and Deployments having no more than two containers. The `env` array must already exist for the policy
21 to operate correctly. This policy may be easily extended to support other higher-level
22 Pod controllers as well as more containers by following the established rules.
23spec:
24 background: false
25 schemaValidation: false
26 rules:
27 # One Pod
28 - name: pod-containers-1-inject-image
29 match:
30 any:
31 - resources:
32 kinds:
33 - Pod
34 preconditions:
35 all:
36 - key: "{{request.object.spec.containers[] | length(@)}}"
37 operator: GreaterThanOrEquals
38 value: 1
39 mutate:
40 patchesJson6902: |-
41 - op: add
42 path: "/spec/containers/0/env/-"
43 value: {"name":"K8S_IMAGE","value":"{{request.object.spec.containers[0].image}}"}
44 # Two or more Pods
45 - name: pod-containers-2-inject-image
46 match:
47 any:
48 - resources:
49 kinds:
50 - Pod
51 preconditions:
52 all:
53 - key: "{{request.object.spec.containers[] | length(@)}}"
54 operator: GreaterThanOrEquals
55 value: 2
56 mutate:
57 patchesJson6902: |-
58 - op: add
59 path: "/spec/containers/1/env/-"
60 value: {"name":"K8S_IMAGE","value":"{{request.object.spec.containers[1].image}}"}
61 # Deployment with one Pod
62 - name: deploy-containers-1-inject-image
63 match:
64 any:
65 - resources:
66 kinds:
67 - Deployment
68 preconditions:
69 all:
70 - key: "{{request.object.spec.template.spec.containers[] | length(@)}}"
71 operator: GreaterThanOrEquals
72 value: 1
73 mutate:
74 patchesJson6902: |-
75 - op: add
76 path: "/spec/template/spec/containers/0/env/-"
77 value: {"name":"K8S_IMAGE","value":"{{request.object.spec.template.spec.containers[0].image}}"}
78 # Deployment with two or more Pods
79 - name: deploy-containers-2-inject-image
80 match:
81 any:
82 - resources:
83 kinds:
84 - Deployment
85 preconditions:
86 all:
87 - key: "{{request.object.spec.template.spec.containers[] | length(@)}}"
88 operator: GreaterThanOrEquals
89 value: 2
90 mutate:
91 patchesJson6902: |-
92 - op: add
93 path: "/spec/template/spec/containers/1/env/-"
94 value: {"name":"K8S_IMAGE","value":"{{request.object.spec.template.spec.containers[1].image}}"}