How can I ensure that the deployment "foo" does not have the annotation "bar"?
I want to define this in a manifest so that Flux enforces my desired state.
Is that possible with the current Kubernetes Resource Model?
Asked
Active
Viewed 40 times
1 Answers
3
For that sort of restriction you could write a validating webhook that would reject deployments that have the "bar" annotation.
Instead of rolling your own solution, you could adopt a policy engine like Kyverno, Gatekeeper, etc, that let you define policy rules for resources in your Kubernetes environment.
The Kyverno documentation has a sample policy showing how to prohibit specific annotations.
larsks
- 47,453