mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-29 10:55:05 +00:00
Code Activity

allow trusted registries

Browse source
This commit is contained in:
Shuting Zhao 2019-10-10 10:29:10 -07:00
parent c6f814f260
commit 012360ae3a
5 changed files with 45 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
pkg/testrunner/testrunner_test.go
View file

@ -136,8 +136,8 @@ func Test_validate_volume_whitelist(t *testing.T) {
testScenario(t, "test/scenarios/test/scenario_validate_volume_whiltelist.yaml")
}
func Test_validate_whitelist_image_registries(t *testing.T) {
testScenario(t, "test/scenarios/test/scenario_validate_whitelist_image_registries.yaml")
func Test_validate_trusted_image_registries(t *testing.T) {
testScenario(t, "test/scenarios/test/scenario_validate_trusted_image_registries.yaml")
}
func Test_require_pod_requests_limits(t *testing.T) {

17
samples/best_practices/trusted_image_registries.yaml Normal file
View file

@ -0,0 +1,17 @@
apiVersion : kyverno.io/v1alpha1
kind: ClusterPolicy
metadata:
name: trusted-registries
spec:
rules:
- name: trusted-registries
match:
resources:
kinds:
- Pod
validate:
message: "Deny untrusted registries"
pattern:
spec:
containers:
- image: "k8s.gcr.io/* | gcr.io/*"

8
test/manifest/trusted_image_registries.yaml Normal file
View file

@ -0,0 +1,8 @@
apiVersion: v1
kind: Pod
metadata:
name: k8s-nginx
spec:
containers:
- name: k8s-nginx
image: k8s.gcr.io/nginx:1.7.9

18
test/scenarios/test/scenario_validate_trusted_image_registries.yaml Normal file
View file

@ -0,0 +1,18 @@
# file path relative to project root
input:
policy: samples/best_practices/trusted_image_registries.yaml
resource: test/manifest/trusted_image_registries.yaml
expected:
validation:
policyresponse:
policy: trusted-registries
resource:
kind: Pod
apiVersion: v1
namespace: ''
name: k8s-nginx
rules:
- name: trusted-registries
type: Validation
message: Validation rule 'trusted-registries' succesfully validated
success: true

18
test/scenarios/test/scenario_validate_whitelist_image_registries.yaml
View file

@ -1,18 +0,0 @@
# file path relative to project root
input:
policy: examples/best_practices/policy_validate_whitelist_image_registries.yaml
resource: examples/best_practices/resources/resource_validate_whitelist_image_registries.yaml
expected:
validation:
policyresponse:
policy: validate-image-registry
resource:
kind: Pod
apiVersion: v1
namespace: ''
name: nirmata-nginx
rules:
- name: validate-image-registry
type: Validation
message: Validation rule 'validate-image-registry' anyPattern[1] succesfully validated
success: true