Skip to main content

Understanding custom rules

In addition to the tool's built-in rules, you can also write any tests that you wish and run them against your Kubernetes configurations to check for rule violations. The custom rule engine is based on JSON Schema, so it supports both YAML and JSON declarative syntax.

info

Note that using custom rules is possible only when in Policy as code mode.

customRules properties

  • identifier - a unique ID to associate with a policy

  • name [OPTIONAL] - a title that will be shown when a rule fails

  • defaultMessageOnFailure [OPTIONAL] - a message that is shown when the property policies.name[].rules.messageOnFailure is empty (unique to each identifier)

  • schema - a custom rule logic written in JSON Schema (as YAML)


Basic examples

Here are some examples of basic use-cases:

  1. Ensure a specific key exists
  2. Set a minimum value for key of a specific kind
  3. Ensure value of a specific key is not one of predefined values

Here are three examples of custom rules to showcase how you can set it up:

  1. Ensure correct environment labels are used
  2. Prevent workload from using the (system) default namespaces
  3. Ensure Deployment has replicas set between 2-10

tip

The provided examples are written in YAML schema, but custom rules can also be specified as JSON strings.