kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix incorrect ValidationAdmissionPolicyBindings

This commit is contained in:
Sam Stoelinga 2022-12-15 10:00:55 -08:00
parent d9ca0d9dce
commit 088649ec4f
1 changed files with 19 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
content/en/docs/reference/access-authn-authz/validating-admission-policy.md
View File

@ -76,12 +76,11 @@ kind: ValidatingAdmissionPolicyBinding
metadata: metadata:
name: "demo-binding-test.example.com" name: "demo-binding-test.example.com"
spec: spec:
policy: "replicalimit-policy.example.com" policyName: "demo-policy.example.com"
matchResources: matchResources:
namespaceSelectors: namespaceSelector:
- key: environment, matchLabels:
operator: In, environment: test
values: ["test"]
``` ```
When trying to create a deployment with replicas set not satisfying the validation expression, an error will return containing message: When trying to create a deployment with replicas set not satisfying the validation expression, an error will return containing message:
@ -134,14 +133,13 @@ kind: ValidatingAdmissionPolicyBinding
metadata: metadata:
name: "replicalimit-binding-test.example.com" name: "replicalimit-binding-test.example.com"
spec: spec:
policy: "replicalimit-policy.example.com" policyName: "replicalimit-policy.example.com"
paramsRef: paramsRef:
name: "replica-limit-test.example.com" name: "replica-limit-test.example.com"
matchResources: matchResources:
namespaceSelectors: namespaceSelector:
- key: environment, matchLabels:
operator: In, environment: test
values: ["test"]
``` ```
The parameter resource could be as following: The parameter resource could be as following:
```yaml ```yaml
@ -159,11 +157,12 @@ kind: ValidatingAdmissionPolicyBinding
metadata: metadata:
name: "replicalimit-binding-nontest" name: "replicalimit-binding-nontest"
spec: spec:
policy: "replicalimit-policy.example.com" policyName: "replicalimit-policy.example.com"
paramsRef: paramsRef:
name: "replica-limit-clusterwide.example.com" name: "replica-limit-clusterwide.example.com"
matchResources: matchResources:
namespaceSelectors: namespaceSelector:
matchExpressions:
- key: environment, - key: environment,
operator: NotIn, operator: NotIn,
values: ["test"] values: ["test"]
@ -183,10 +182,11 @@ kind: ValidatingAdmissionPolicyBinding
metadata: metadata:
name: "replicalimit-binding-global" name: "replicalimit-binding-global"
spec: spec:
policy: "replicalimit-policy.example.com" policyName: "replicalimit-policy.example.com"
params: "replica-limit-clusterwide.example.com" params: "replica-limit-clusterwide.example.com"
matchResources: matchResources:
namespaceSelectors: namespaceSelector:
matchExpressions:
- key: environment, - key: environment,
operator: Exists operator: Exists
``` ```