Add Kyverno policy to require instance label on Pods

sajal-n · web-flow · commit 9237e7e02047 · 2025-12-03T23:49:41.000-05:00
diff --git a/kyverno-sample.yaml b/kyverno-sample.yaml
@@ -0,0 +1,22 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: require-instance-label
+spec:
+  # Block the resource creation if the policy is violated
+  validationFailureAction: Enforce 
+  rules:
+    - name: check-for-instance-label
+      match:
+        # Match any request to create or update a Pod
+        any:
+        - resources:
+            kinds:
+            - Pod
+      validate:
+        message: "All Pods must have the label 'app.kubernetes.io/instance'."
+        # The pattern ensures the label exists and has any non-empty value
+        pattern:
+          metadata:
+            labels:
+              app.kubernetes.io/instance: "?*"
