Understanding custom rules

In addition to the tool's built-in rules, you can also write any tests that you wish and run them against your Kubernetes configurations to check for rule violations. The custom rule engine is based on JSON Schema, so it supports both YAML and JSON declarative syntax.

customRules properties

  • identifier - a unique ID to associate with a policy
  • name [OPTIONAL] - a title that will be shown when a rule fails
  • defaultMessageOnFailure [OPTIONAL] - a message that is shown when the property policies.name[].rules.messageOnFailure is empty (unique to each identifier)
  • schema - a custom rule logic written in JSON Schema (as YAML)

Basic examples

Here are three examples of custom rules to showcase how yo can set it up:

JSON vs. YAML

Schema logic can also be specified as JSON strings instead of YAML, for easier copy/pasting. This is an example of the same rule logic in both JSON string (jsonSchema) and YAML string (schema):

JSON string (jsonSchema)
YAML string (schema)