when i use command : helm install kyverno-policies ,Error: INSTALLATION FAILED: parse error at (kyverno-policies-fix/templates/default/require-network-policy.yaml:38): function "request" not defined
while the require-network-policy.yaml file :
{{- $name := "require-network-policy" }}
{{ if not (has $name .Values.disableDefaultTemplates) }}
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: {{ $name }}
annotations:
policies.kyverno.io/title: Require NetworkPolicy
policies.kyverno.io/category: Sample
policies.kyverno.io/minversion: 1.6.0
kyverno.io/kyverno-version: 1.6.2
kyverno.io/kubernetes-version: "1.23"
policies.kyverno.io/subject: Deployment, NetworkPolicy
policies.kyverno.io/description: >-
NetworkPolicy is used to control Pod-to-Pod communication
and is a good practice to ensure only authorized Pods can send/receive
traffic. This policy checks incoming Deployments to ensure
they have a matching, preexisting NetworkPolicy.
spec:
validationFailureAction: {{ .Values.validationFailureAction }}
background: false
rules:
- name: require-network-policy
match:
any:
- resources:
kinds:
- Deployment
preconditions:
any:
- key: - key: {{`{{request.operation || 'BACKGROUND'}}`}}
operator: Equals
value: CREATE
context:
- name: policies_count
apiCall:
urlPath: "/apis/networking.k8s.io/v1/namespaces/{{`{{request.namespace}}`}}/networkpolicies"
jmesPath: "items[?label_match(spec.podSelector.matchLabels, {{`{{request.object.spec.template.metadata.labels}}`}})] | length(@)"
validate:
message: "Every Deployment requires a matching NetworkPolicy."
deny:
conditions:
any:
- key: "{{policies_count}}"
operator: LessThan
value: 1
{{- end }}
chart.yaml file :
apiVersion: v2
name: fix-kyverno-policies
description: A Helm chart that provisions Kyverno including the custom rules to test
type: application
version: 0.1.3
appVersion: "0.1.4"
condition: kyverno.enabled