apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: cost-center-label
  annotations:
    pod-policies.kyverno.io/autogen-controllers: none
    policies.kyverno.io/title: Cost Center Label
    policies.kyverno.io/minversion: 1.6.0
    policies.kyverno.io/category: Compliance
    policies.kyverno.io/severity: medium
    policies.kyverno.io/subject: Pod
    policies.kyverno.io/description: >-
      Labels are key/value pairs that are attached to objects, such as pods.
      Labels are intended to be used to specify identifying attributes of objects
      that are meaningful and relevant to users, but do not directly imply semantics
      to the core system. Labels can be used to organize and to select subsets of objects.
      This policy validates that Pods should specify a label `cost-center-label`.
spec:
  validationFailureAction: Enforce
  background: true
  rules:
  - name: validate-cost-center-label
    match:
      any:
      - resources:
          kinds:
          - Pod
    validate:
      message: "using 'cost-center-label' is must."
      pattern:
        metadata:
          labels:
            cost-center-label: "xyz"
  - name: validate-podcontroller-namespace
    match:
      any:
      - resources:
          kinds:
          - DaemonSet
          - Deployment
          - Job
          - StatefulSet
    validate:
      message: "using 'cost-center-label' is must."
      pattern:
        metadata:
          labels:
            cost-center-label: "xyz"