Create Constraints
This section describes how to create a constraint.
Prerequisites
You should join a cluster and have the cluster-admin permission within the cluster. For more information, refer to "Cluster Members" and "Cluster Roles".
Gatekeeper should have been installed and enabled.
A constraint template has been created.
Steps
Log in to the KubeSphere web console with a user who has the cluster-admin permission, and access your cluster.
Click Gatekeeper > Constraints in the left navigation pane.
Click Create on the page.
In the Create Constraint dialog, set the following parameters, then click OK.
Parameter Description Constraint Name
The name of the constraint.
Constraint Kind
The constraint template used by the constraint.
Enforcement Action
The
enforcementAction
field defines the action for handling Constraint violations. The default setting isdeny
, which means that by default, any admission request that violates the constraint will be denied. For more information, see Handling Constraint Violations.Match Kinds
The
match
field defines the resources to which the constraint applies. For more information, see match.kinds
accepts a list of objects withapiGroups
andkinds
fields that list the groups/kinds of objects to which the constraint will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope.Namespace Selector
It is a label selector against an object’s containing namespace or the object itself, if the object is a namespace.
Parameters
It describes the intent of a constraint. For more information, see parameters.
You will view the created constraint on the Constraints page.
Feedback
Was this page Helpful?
Receive the latest news, articles and updates from KubeSphere
Thanks for the feedback. If you have a specific question about how to use KubeSphere, ask it on Slack. Open an issue in the GitHub repo if you want to report a problem or suggest an improvement.