Understanding custom rules

In addition to the tool's built-in rules, you can also write any tests that you wish and run them against your Kubernetes configurations to check for rule violations. The custom rule engine is based on JSON Schema, so it supports both YAML and JSON declarative syntax.

info

Note that using custom rules is possible only when in Policy as code mode.

customRules properties

identifier - a unique ID to associate with a policy
name [OPTIONAL] - a title that will be shown when a rule fails
defaultMessageOnFailure [OPTIONAL] - a message that is shown when the property policies.name[].rules.messageOnFailure is empty (unique to each identifier)
schema - a custom rule logic written in JSON Schema (as YAML)

Basic examples

Here are some examples of basic use-cases:

Ensure a specific key exists
Set a minimum value for key of a specific kind
Ensure value of a specific key is not one of predefined values

Here are three examples of custom rules to showcase how you can set it up:

Ensure correct environment labels are used
Prevent workload from using the (system) default namespaces
Ensure Deployment has replicas set between 2-10

tip

The provided examples are written in YAML schema, but custom rules can also be specified as JSON strings.

Helpful links

Getting started with JSON Schema
Online YAML Schema validator
Online JSON Schema validator

info

customRules properties​

Basic examples​

tip

Helpful links​

customRules properties

Basic examples

Helpful links