Create complex-template.yaml

gatekeeper-policies/templates/complex-template.yaml

@@ -0,0 +1,31 @@
+apiVersion: templates.gatekeeper.sh/v1beta1
+kind: ConstraintTemplate
+metadata:
+  name: k8sprohibitedlabels
+spec:
+  crd:
+    spec:
+      names:
+        kind: K8sProhibitedLabels
+      validation:
+        openAPIV3Schema:
+          properties:
+            labelCategory:
+              type: array
+              items: string
+            labelCountry:
+              type: array
+              items: string
+  targets:
+    - target: admission.k8s.gatekeeper.sh
+      rego: |
+        package k8sprohibitedlabels
+      
+        violation[{"msg": msg, "details": {"prohibited_labelCategory": prohibitedCategory, "prohibited_labelCountry": prohibitedCountry}}] {
+          provided := {label | input.review.object.metadata.labels[label]}
+          prohibitedCategory := {label | label = input.parameters.labelCategory[_]; provided[label]}
+          prohibitedCountry := {label | label = input.parameters.labelCountry[_]; provided[label]}
+          count(prohibitedCategory) > 0
+          count(prohibitedCountry) > 0
+          msg := sprintf("The following labels from category: %v and country: %v are prohibited", [prohibitedCategory, prohibitedCountry])
+        }