Add Environment Variables from ConfigMap

Instead of defining a common set of environment variables multiple times either in manifests or separate policies, Pods can reference entire collections stored in a ConfigMap. This policy mutates all initContainers (if present) and containers in a Pod with environment variables defined in a ConfigMap named `nsenvvars` that must exist in the destination Namespace.

Policy Definition

/other/add_env_vars_from_cm/add-env-vars-from-cm.yaml

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: add-env-vars-from-cm
 5  annotations:
 6    policies.kyverno.io/title: Add Environment Variables from ConfigMap
 7    policies.kyverno.io/subject: Pod
 8    policies.kyverno.io/category: Other
 9    policies.kyverno.io/description: >-
10      Instead of defining a common set of environment variables multiple
11      times either in manifests or separate policies, Pods can reference
12      entire collections stored in a ConfigMap. This policy mutates all
13      initContainers (if present) and containers in a Pod with environment
14      variables defined in a ConfigMap named `nsenvvars` that must exist
15      in the destination Namespace.           
16spec:
17  rules:
18  - name: add-env-vars-from-cm
19    match:
20      resources:
21        kinds:
22        - Pod
23    mutate:
24      patchStrategicMerge:
25        spec:
26          initContainers:
27            - (name): "*"
28              envFrom:
29              - configMapRef:
30                  name: nsenvvars
31          containers:
32            - (name): "*"
33              envFrom:
34              - configMapRef:
35                  name: nsenvvars
36

Create policy issue