1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: resource-creation-updating-denied
 5  annotations:
 6    policies.kyverno.io/title: Deny Creation and Updating of Resources
 7    policies.kyverno.io/category: Other
 8    policies.kyverno.io/severity: medium
 9    kyverno.io/kyverno-version: 1.11.1
10    policies.kyverno.io/minversion: 1.9.0
11    kyverno.io/kubernetes-version: "1.27"
12    policies.kyverno.io/subject: Pod
13    policies.kyverno.io/description: >-
14      This policy denies the creation and updating of resources specifically for Deployment 
15      and Pod kinds during a specified time window. The policy is designed to enhance control 
16      over resource modifications during critical periods, ensuring stability and consistency 
17      within the Kubernetes environment.      
18spec:
19  validationFailureAction: Audit
20  background: false
21  rules:
22  - name: deny-creation-updating-of-resources
23    match:
24      any:
25      - resources:
26          kinds:
27            - Deployment
28    preconditions:
29      all:
30      - key: '{{ time_now_utc().time_to_cron(@).split(@,'' '') | [1].to_number(@)  }}'
31        operator: AnyIn
32        value: 8-10
33    validate:
34      message: Creating and updating resources is not allowed at this time.
35      deny:
36        conditions:
37          all:
38          - key: '{{request.operation}}'
39            operator: AnyIn
40            value:
41            - CREATE
42            - UPDATE