larkintuckerllc · September 14, 2025 20:19
diff --git a/nodepool-selector-clusterpolicy.yaml b/nodepool-selector-clusterpolicy.yaml
 apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: nodepool-selector
  annotations:
    pod-policies.kyverno.io/autogen-controllers: none
 spec:
  rules:
  - name: nodepool-selector
    match:
      any:
      - resources:
          annotations:
              example.com/nodepool: "*"
          kinds:
          - Pod
          namespaceSelector:
            matchLabels:
              example.com/match: "true"
    exclude:
        any:
        - resources:
            annotations:
              example.com/nodepool-selector: "true"
    mutate:
      patchStrategicMerge:
        metadata:
          annotations:
            +(example.com/nodepool-selector): "true"
        spec:
          tolerations:
          - key: example.com/nodepool
            operator: Equal
            value: '{{ request.object.metadata.annotations."example.com/nodepool" }}'
            effect: NoSchedule
	apiVersion: kyverno.io/v1
	kind: ClusterPolicy
	metadata:
	name: nodepool-selector
	annotations:
	pod-policies.kyverno.io/autogen-controllers: none
	spec:
	rules:
	- name: nodepool-selector
	match:
	any:
	- resources:
	annotations:
	example.com/nodepool: "*"
	kinds:
	- Pod
	namespaceSelector:
	matchLabels:
	example.com/match: "true"
	exclude:
	any:
	- resources:
	annotations:
	example.com/nodepool-selector: "true"
	mutate:
	patchStrategicMerge:
	metadata:
	annotations:
	+(example.com/nodepool-selector): "true"
	spec:
	tolerations:
	- key: example.com/nodepool
	operator: Equal
	value: '{{ request.object.metadata.annotations."example.com/nodepool" }}'
	effect: NoSchedule