As an example, you create a simple validation policy that processes Pod creation requests.
The policy looks at the
metadata.name attribute of the Pod and rejects pods having an invalid name.
It's list of invalid names should be configurable by end users of the policy.
The policy settings look something like:
The policy should accept the creation of a Pod like the following one:
- name: nginx
It should reject the creation of a Pod like:
- name: nginx
Scaffolding the new policy project
You can create a new policy project by using
cargo generate with the
cargo-generate. This requires openssl-devel.
cargo install cargo-generate
Now scaffold the project as follows:
cargo generate --git https://github.com/kubewarden/rust-policy-template \
--branch main \
The command produces output like:
🔧 Creating project called `demo`...
✨ Done! New project created /<some-path-name>/demo
This creates the new policy project in the
If you plan to make use of the GitHub container registry functionality in the demo, you need to enable improved container support.
You can try:
This tests the generated scaffolding. If everything is correctly in place you'll see a series of compilation messages ending with output like:
running 4 tests
test settings::tests::validate_settings ... ok
test tests::accept_request_with_non_pod_resource ... ok
test tests::accept_pod_with_valid_name ... ok
test tests::reject_pod_with_invalid_name ... ok
test result: ok. 4 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s