[Bug] [CLI] --set flag values ignored, policy skipped with "required variables are not provided"
Kyverno CLI Version
1.11.0
Description
When using the --set flag with kyverno apply to pass variables to policies containing variable references, the values are ignored and the policy is skipped with the error "required variables are not provided by the user".
The policy uses a variable reference {{ service }} which should be populated by --set service=foo, but the CLI doesn't recognize the provided value.
Steps to reproduce
- Create a policy that uses a variable in a mutation:
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: inject-label
spec:
background: false
rules:
- name: inject-label
match:
any:
- resources:
kinds:
- Deployment
mutate:
patchStrategicMerge:
metadata:
labels:
+(service): "{{ service }}"- Create a test Deployment resource:
apiVersion: apps/v1
kind: Deployment
metadata:
name: test
spec:
selector:
matchLabels:
app: test
template:
metadata:
labels:
app: test
spec:
containers:
- name: test
image: alpine- Run the CLI with the
--setflag:
kyverno apply policy.yaml -r resource.yaml --set service=fooExpected behavior
The policy should apply successfully, injecting the label service: foo to the Deployment metadata.
Screenshots
Kyverno logs
Applying 1 policy rule(s) to 1 resource(s)...
----------------------------------------------------------------------
Policies Skipped (as required variables are not provided by the user):
1. inject-label
----------------------------------------------------------------------
pass: 0, fail: 0, warn: 0, error: 1, skip: 0The policy is skipped as if no variables were provided.
Slack discussion
No response
Troubleshooting
-
I have read and followed the troubleshooting guide. -
I have searched other issues in this repository and mine is not recorded.