![[The AI Show Episode 145]: OpenAI Releases o3 and o4-mini, AI Is Causing “Quiet Layoffs,” Executive Order on Youth AI Education & GPT-4o’s Controversial Update](https://www.marketingaiinstitute.com/hubfs/ep%20145%20cover.png)
![Ditching a Microsoft Job to Enter Startup Purgatory with Lonewolf Engineer Sam Crombie [Podcast #171]](https://cdn.hashnode.com/res/hashnode/image/upload/v1746753508177/0cd57f66-fdb0-4972-b285-1443a7db39fc.png?#)
.jpg?#)
_designer491_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![Apple Releases watchOS 11.5 for Apple Watch [Download]](https://www.iclarified.com/images/news/97304/97304/97304-640.jpg)
![Apple Releases tvOS 18.5 for Apple TV [Download]](https://www.iclarified.com/images/news/97307/97307/97307-640.jpg)
Kyverno - Namespace restriction policy
Following are the helm commands to install kyverno using helm: helm repo add kyverno https://kyverno.github.io/kyverno helm repo update helm install kyverno kyverno/kyverno -n kyverno --create-namespace Chart version: 3.4.1 Kyverno version: v1.14.1 The following components will get installed in the cluster: CRDs Admission controller Reports controller Cleanup controller Background controller kyverno.yaml: apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: namespace-restriction spec: rules: - name: require namespace standard names match: any: - resources: kinds: - Namespace validate: failureAction: Enforce message: "You must have the proper naming standard for namespace creation" pattern: metadata: name: dev Adding multiple values with "or" condition for the namespace names: apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: namespace-restriction spec: rules: - name: require namespace standard names match: any: - resources: kinds: - Namespace validate: failureAction: Enforce message: "You must have the proper naming standard for namespace creation" pattern: metadata: name: app-poc-* | app-prod-* | app-test* kubectl get ClusterPolicy NAME ADMISSION BACKGROUND READY AGE MESSAGE namespace-restriction true true True 2m49s Ready The namespace yaml is now created with a different namespace name: namespace.yaml: apiVersion: v1 kind: Namespace metadata: name: development labels: name: development Following is the error thrown: Error from server: error when creating "namespace.yaml": admission webhook "validate.kyverno.svc-fail" denied the request: resource Namespace//development was blocked due to the following policies namespace-restriction: require namespace standard names: 'validation error: You must have the proper naming standard for namespace creation. rule require namespace standard names failed at path /metadata/name/' By applying the policy, the existing pods and namespace will not get disturbed. The cluster policy is for the entire cluster.
Following are the helm commands to install kyverno using helm:
helm repo add kyverno https://kyverno.github.io/kyverno
helm repo update
helm install kyverno kyverno/kyverno -n kyverno --create-namespace
Chart version: 3.4.1
Kyverno version: v1.14.1
The following components will get installed in the cluster:
- CRDs
- Admission controller
- Reports controller
- Cleanup controller
- Background controller
kyverno.yaml:
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: namespace-restriction
spec:
rules:
- name: require namespace standard names
match:
any:
- resources:
kinds:
- Namespace
validate:
failureAction: Enforce
message: "You must have the proper naming standard for namespace creation"
pattern:
metadata:
name: dev
Adding multiple values with "or" condition for the namespace names:
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: namespace-restriction
spec:
rules:
- name: require namespace standard names
match:
any:
- resources:
kinds:
- Namespace
validate:
failureAction: Enforce
message: "You must have the proper naming standard for namespace creation"
pattern:
metadata:
name: app-poc-* | app-prod-* | app-test*
kubectl get ClusterPolicy
NAME ADMISSION BACKGROUND READY AGE MESSAGE
namespace-restriction true true True 2m49s Ready
The namespace yaml is now created with a different namespace name:
namespace.yaml:
apiVersion: v1
kind: Namespace
metadata:
name: development
labels:
name: development
Following is the error thrown:
Error from server: error when creating "namespace.yaml": admission webhook "validate.kyverno.svc-fail" denied the request:
resource Namespace//development was blocked due to the following policies
namespace-restriction:
require namespace standard names: 'validation error: You must have the proper naming
standard for namespace creation. rule require namespace standard names failed
at path /metadata/name/'
By applying the policy, the existing pods and namespace will not get disturbed. The cluster policy is for the entire cluster.
