Back to Policies

Require Tekton Bundle

PipelineRun and TaskRun resources must be executed from a bundle

View on GitHub

Policy Definition 

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: require-tekton-bundle
  annotations:
    policies.kyverno.io/title: Require Tekton Bundle
    policies.kyverno.io/category: Tekton
    policies.kyverno.io/severity: medium
    policies.kyverno.io/subject: TaskRun, PipelineRun
    kyverno.io/kyverno-version: 1.7.1
    policies.kyverno.io/minversion: 1.6.0
    kyverno.io/kubernetes-version: "1.23"
    policies.kyverno.io/description: PipelineRun and TaskRun resources must be executed from a bundle
spec:
  validationFailureAction: Audit
  background: true
  rules:
    - name: check-bundle-pipelinerun
      match:
        any:
          - resources:
              kinds:
                - PipelineRun
      validate:
        message: A bundle is required.
        pattern:
          spec:
            pipelineRef:
              bundle: "?*"
    - name: check-bundle-taskrun
      match:
        any:
          - resources:
              kinds:
                - TaskRun
      validate:
        message: A bundle is required.
        pattern:
          spec:
            taskRef:
              bundle: "?*"

Related Policies

ValidateMedium

Prevent Use of Default Project in CEL expressions

This policy prevents the use of the default project in an Application.

Application
ValidateMedium

Prevent Updates to Project in CEL expressions

This policy prevents updates to the project field after an Application is created.

Application
ValidateMedium

Ensure ApplicationSet Name Matches Project in CEL expressions

This policy ensures that the name of the ApplicationSet is the same value provided in the project.

ApplicationSet