StorageClasses allow description of custom "classes" of storage offered by the cluster, based on quality-of-service levels, backup policies, or custom policies determined by the cluster administrators. For shared StorageClasses in a multi-tenancy environment, a reclaimPolicy of `Delete` should be used to ensure a PersistentVolume cannot be reused across Namespaces. This policy requires StorageClasses set a reclaimPolicy of `Delete`.
apiVersion: kyverno.io/v1kind: ClusterPolicymetadata:name: restrict-storageclassannotations:policies.kyverno.io/title: Restrict StorageClass in CEL expressionspolicies.kyverno.io/category: Other, Multi-Tenancy in CELpolicies.kyverno.io/severity: mediumpolicies.kyverno.io/subject: StorageClasskyverno.io/kyverno-version: 1.11.0kyverno.io/kubernetes-version: 1.26-1.27policies.kyverno.io/description: StorageClasses allow description of custom "classes" of storage offered by the cluster, based on quality-of-service levels, backup policies, or custom policies determined by the cluster administrators. For shared StorageClasses in a multi-tenancy environment, a reclaimPolicy of `Delete` should be used to ensure a PersistentVolume cannot be reused across Namespaces. This policy requires StorageClasses set a reclaimPolicy of `Delete`.spec:validationFailureAction: Auditbackground: truerules:- name: storageclass-deletematch:any:- resources:kinds:- StorageClassoperations:- CREATE- UPDATEvalidate:cel:expressions:- expression: object.reclaimPolicy == 'Delete'message: StorageClass must define a reclaimPolicy of Delete.
This policy prevents the use of the default project in an Application.
This policy prevents the use of the default project in an Application.
This policy prevents updates to the project field after an Application is created.