apiVersion: constraints.gatekeeper.sh/v1beta1 kind: K8sRequiredTolerationPod metadata: name: pod-toleration spec: match: kinds: - apiGroups: [""] kinds: ["Pod"] namespaces: - "tenants-x" parameters: ops: ["CREATE","UPDATE"] tolerations: - effect: NoSchedule key: tenant operator: Equal value: tenants-x errMsg: "INVALID_POD_TOLERATIONS"