[Bug] GeneratingPolicy issues with manually templating additional labels
Kyverno Version
1.15.0
Description
I wanted to add additional Labels to my GeneratingPolicy by just adding metadata.labels to my resource. When adding an object as dyn(object) I get the error labels needs to be type `string.
Setting metadata.labels: " foo" just results in the string being "lost" (overriden by Kyverno default - as expected). Same with other attempts of giving the object as a string \"foo\": \"bar\", etc.
The same expression works when putting it in spec.podSelector.
I reproduced the issue with one of the example policies on this playground.
This is the error you get when you compile the policy:
ServerError: failed to compile policy generate-network-policy (spec.variables[1].expression: Invalid value: "[\n {\n \"kind\": dyn(\"NetworkPolicy\"),\n \"apiVersion\": dyn(\"networking.k8s.io/v1\"),\n \"metadata\": dyn({\n \"name\": \"test-network-policy\",\n \"labels\": dyn({\"foo\": \"bar\"}),\n }),\n \"spec\": dyn({\n \"podSelector\": dyn({}),\n \"policyTypes\": dyn([\"Ingress\", \"Egress\"])\n })\n }\n]": ERROR:
:7:20: expected type 'string' but found 'dyn' | "labels": dyn({"foo": "bar"}), | ...................^)When you do the same in your GeneratingPolicy with your object as source for metadata it will work:
generate:
- expression: >
generator.Apply("kube-system", [
{
"apiVersion": object.apiVersion,
"kind": object.kind,
"metadata": object.metadata, #<----- this will just copy the labels and name from the source object
"data": object.data,
"type": object.type
}
])I would expect to be able to specify additional labels dynamically same as any other map in my resource and have these labels be merged to the Kyverno default labels.
Slack discussion
https://kubernetes.slack.com/archives/CLGR9BJU9/p1763050417482329
Troubleshooting
-
I have read and followed the documentation AND the troubleshooting guide. -
I have searched other issues in this repository and mine is not recorded.