Creating a policy
As an example, you create a simple validation policy that processes Pod creation requests.
The policy looks at the metadata.name
attribute of the Pod and rejects pods having an invalid name.
It's list of invalid names should be configurable by end users of the policy.
The policy settings look something like:
invalid_names:
- bad_name1
- bad_name2
The policy should accept the creation of a Pod like the following one:
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- name: nginx
image: nginx:latest
It should reject the creation of a Pod like:
apiVersion: v1
kind: Pod
metadata:
name: bad_name1
spec:
containers:
- name: nginx
image: nginx:latest
Scaffolding the new policy project​
You can create a new policy project by using cargo generate
with the
template project.
First, install cargo-generate
. This requires openssl-devel.
cargo install cargo-generate
Now scaffold the project as follows:
cargo generate --git https://github.com/kubewarden/rust-policy-template \
--branch main \
--name demo
The command produces output like: