update api in samples/

2024-12-14 11:57:48 +00:00 · 2019-11-13 13:56:20 -08:00 · 2019-11-13 13:56:20 -08:00 · 051eba058f
commit 051eba058f
parent eab9609c6a
65 changed files with 65 additions and 65 deletions
--- a/samples/AddDefaultNetworkPolicy.md
+++ b/samples/AddDefaultNetworkPolicy.md
@ -9,7 +9,7 @@ A default `NetworkPolicy` should be configured for each namespace to default den
 [add_network_policy.yaml](best_practices/add_network_policy.yaml)
 ````yaml
-apiVersion: kyverno.io/v1alpha1
+apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: add-networkpolicy
--- a/samples/AddNamespaceResourceQuota.md
+++ b/samples/AddNamespaceResourceQuota.md
@ -11,7 +11,7 @@ To limit the number of resources like CPU and memory, as well as objects that ma
 [add_ns_quota.yaml](best_practices/add_ns_quota.yaml) 
 ````yaml
-apiVersion: kyverno.io/v1alpha1
+apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: add-ns-quota
--- a/samples/AddSafeToEvict.md
+++ b/samples/AddSafeToEvict.md
@ -13,7 +13,7 @@ This policy matches and mutates pods with `emptyDir` and `hostPath` volumes, to
 [add_safe_to_evict_annotation.yaml](best_practices/add_safe_to_evict.yaml)
 ````yaml
-apiVersion: "kyverno.io/v1alpha1"
+apiVersion: "kyverno.io/v1"
 kind: "ClusterPolicy"
 metadata: 
  name: "add-safe-to-evict"
--- a/samples/CheckUserGroup.md
+++ b/samples/CheckUserGroup.md
@ -7,7 +7,7 @@ All processes inside the pod can be made to run with specific user and groupID b
 [policy_validate_user_group_fsgroup_id.yaml](more/policy_validate_user_group_fsgroup_id.yaml)
 ````yaml
-apiVersion: kyverno.io/v1alpha1
+apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: validate-userid-groupid-fsgroup
--- a/samples/DisallowBindMounts.md
+++ b/samples/DisallowBindMounts.md
@ -7,7 +7,7 @@ The volume of type `hostPath` allows pods to use host bind mounts (i.e. director
 [disallow_bind_mounts.yaml](best_practices/disallow_bind_mounts.yaml) 
 ````yaml
-apiVersion: "kyverno.io/v1alpha1"
+apiVersion: "kyverno.io/v1"
 kind: "ClusterPolicy"
 metadata: 
  name: "disallow-bind-mounts"
--- a/samples/DisallowDefaultNamespace.md
+++ b/samples/DisallowDefaultNamespace.md
@ -7,7 +7,7 @@ Kubernetes namespaces are an optional feature that provide a way to segment and
 [disallow_default_namespace.yaml](best_practices/disallow_default_namespace.yaml) 
 ````yaml
-apiVersion: kyverno.io/v1alpha1
+apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: disallow-default-namespace
--- a/samples/DisallowDockerSockMount.md
+++ b/samples/DisallowDockerSockMount.md
@ -9,7 +9,7 @@ to manage containers outside of Kubernetes, and hence should not be allowed.
 [disallow_docker_sock_mount.yaml](best_practices/disallow_docker_sock_mount.yaml) 
 ````yaml
-apiVersion: kyverno.io/v1alpha1
+apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: disallow-docker-sock-mount
--- a/samples/DisallowHelmTiller.md
+++ b/samples/DisallowHelmTiller.md
@ -7,7 +7,7 @@ Tiller has known security challenges. It requires adminstrative privileges and a
 [disallow_helm_tiller.yaml](best_practices/disallow_helm_tiller.yaml) 
 ````yaml
-apiVersion : kyverno.io/v1alpha1
+apiVersion : kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: disallow-helm-tiller
--- a/samples/DisallowHostNetworkPort.md
+++ b/samples/DisallowHostNetworkPort.md
@ -9,7 +9,7 @@ Using `hostPort` and `hostNetwork` allows pods to share the host networking stac
 ````yaml
-apiVersion: kyverno.io/v1alpha1
+apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: disallow-host-network-port
--- a/samples/DisallowHostPIDIPC.md
+++ b/samples/DisallowHostPIDIPC.md
@ -9,7 +9,7 @@ To avoid pod container from having visibility to host process space, validate th
 [disallow_host_pid_ipc.yaml](best_practices/disallow_host_pid_ipc.yaml)
 ````yaml
-apiVersion: kyverno.io/v1alpha1
+apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: disallow-host-pid-ipc
--- a/samples/DisallowLatestTag.md
+++ b/samples/DisallowLatestTag.md
@ -8,7 +8,7 @@ The `:latest` tag is mutable and can lead to unexpected errors if the upstream i
 ````yaml
-apiVersion : kyverno.io/v1alpha1
+apiVersion : kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: disallow-latest-tag
--- a/samples/DisallowNewCapabilities.md
+++ b/samples/DisallowNewCapabilities.md
@ -11,7 +11,7 @@ default capabilities.
 [disallow_new_capabilities.yaml](best_practices/disallow_new_capabilities.yaml)
 ````yaml
-apiVersion: kyverno.io/v1alpha1
+apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: disallow-new-capabilities
--- a/samples/DisallowPrivilegedContainers.md
+++ b/samples/DisallowPrivilegedContainers.md
@ -9,7 +9,7 @@ To disallow privileged containers and privilege escalation, run pod containers w
 [disallow_privileged.yaml](best_practices/disallow_privileged.yaml)
 ````yaml
-apiVersion: kyverno.io/v1alpha1
+apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: disallow-privileged
--- a/samples/DisallowRootUser.md
+++ b/samples/DisallowRootUser.md
@ -11,7 +11,7 @@ By default, all processes in a container run as the root user (uid 0). To preven
 [disallow_root_user.yaml](best_practices/disallow_root_user.yaml) 
 ````yaml
-apiVersion: kyverno.io/v1alpha1
+apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: disallow-root-user
--- a/samples/DisallowSysctls.md
+++ b/samples/DisallowSysctls.md
@ -12,7 +12,7 @@ The Sysctl interface allows modifications to kernel parameters at runtime. In a
 [disallow_sysctls.yaml](best_practices/disallow_sysctls.yaml)
 ````yaml
-apiVersion: kyverno.io/v1alpha1
+apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: disallow-sysctls
--- a/samples/RequirePodProbes.md
+++ b/samples/RequirePodProbes.md
@ -9,7 +9,7 @@ For each pod, a periodic `livenessProbe` is performed by the kubelet to determin
 [require_probes.yaml](best_practices/require_probes.yaml)
 ````yaml
-apiVersion: kyverno.io/v1alpha1
+apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: require-pod-probes
--- a/samples/RequirePodRequestsLimits.md
+++ b/samples/RequirePodRequestsLimits.md
@ -9,7 +9,7 @@ If a namespace level request or limit is specified, defaults will automatically
 [require_pod_requests_limits.yaml](best_practices/require_pod_requests_limits.yaml)
 ````yaml
-apiVersion: kyverno.io/v1alpha1
+apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: require-pod-requests-limits
--- a/samples/RequireReadOnlyRootFS.md
+++ b/samples/RequireReadOnlyRootFS.md
@ -8,7 +8,7 @@ A read-only root file system helps to enforce an immutable infrastructure strate
 ````yaml
-apiVersion: kyverno.io/v1alpha1
+apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: require-ro-rootfs
--- a/samples/RestrictAutomountSAToken.md
+++ b/samples/RestrictAutomountSAToken.md
@ -7,7 +7,7 @@ Kubernetes automatically mounts service account credentials in each pod. The ser
 [restrict_automount_sa_token.yaml](more/restrict_automount_sa_token.yaml) 
 ````yaml
-apiVersion : kyverno.io/v1alpha1
+apiVersion : kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: restrict-automount-sa-token
--- a/samples/RestrictImageRegistries.md
+++ b/samples/RestrictImageRegistries.md
@ -9,7 +9,7 @@ You can customize this policy to allow image registries that you trust.
 [restrict_image_registries.yaml](more/restrict_image_registries.yaml) 
 ````yaml
-apiVersion : kyverno.io/v1alpha1
+apiVersion : kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: restrict-image-registries
--- a/samples/RestrictIngressClasses.md
+++ b/samples/RestrictIngressClasses.md
@ -7,7 +7,7 @@ It can be useful to restrict Ingress resources to a set of known ingress classes
 [restrict_ingress_classes.yaml](more/restrict_ingress_classes.yaml) 
 ````yaml
-apiVersion : kyverno.io/v1alpha1
+apiVersion : kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: restrict-ingress-classes
--- a/samples/RestrictNodePort.md
+++ b/samples/RestrictNodePort.md
@ -12,7 +12,7 @@ Although NodePort services can be useful, their use should be limited to service
 ````yaml
-apiVersion: kyverno.io/v1alpha1
+apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: restrict-node-port
--- a/samples/best_practices/add_network_policy.yaml
+++ b/samples/best_practices/add_network_policy.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v1alpha1
+apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: add-networkpolicy
--- a/samples/best_practices/add_ns_quota.yaml
+++ b/samples/best_practices/add_ns_quota.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v1alpha1
+apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: add-ns-quota
--- a/samples/best_practices/add_safe_to_evict.yaml
+++ b/samples/best_practices/add_safe_to_evict.yaml
@ -1,4 +1,4 @@
-apiVersion: "kyverno.io/v1alpha1"
+apiVersion: "kyverno.io/v1"
 kind: "ClusterPolicy"
 metadata: 
  name: "add-safe-to-evict"
--- a/samples/best_practices/disallow_bind_mounts.yaml
+++ b/samples/best_practices/disallow_bind_mounts.yaml
@ -1,4 +1,4 @@
-apiVersion: "kyverno.io/v1alpha1"
+apiVersion: "kyverno.io/v1"
 kind: "ClusterPolicy"
 metadata: 
  name: "disallow-bind-mounts"
--- a/samples/best_practices/disallow_default_namespace.yaml
+++ b/samples/best_practices/disallow_default_namespace.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v1alpha1
+apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: disallow-default-namespace
--- a/samples/best_practices/disallow_docker_sock_mount.yaml
+++ b/samples/best_practices/disallow_docker_sock_mount.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v1alpha1
+apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: disallow-docker-sock-mount
--- a/samples/best_practices/disallow_helm_tiller.yaml
+++ b/samples/best_practices/disallow_helm_tiller.yaml
@ -1,4 +1,4 @@
-apiVersion : kyverno.io/v1alpha1
+apiVersion : kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: disallow-helm-tiller
--- a/samples/best_practices/disallow_host_network_port.yaml
+++ b/samples/best_practices/disallow_host_network_port.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v1alpha1
+apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: host-network-port
--- a/samples/best_practices/disallow_host_pid_ipc.yaml
+++ b/samples/best_practices/disallow_host_pid_ipc.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v1alpha1
+apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: disallow-host-pid-ipc
--- a/samples/best_practices/disallow_latest_tag.yaml
+++ b/samples/best_practices/disallow_latest_tag.yaml
@ -1,4 +1,4 @@
-apiVersion : kyverno.io/v1alpha1
+apiVersion : kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: disallow-latest-tag
--- a/samples/best_practices/disallow_new_capabilities.yaml
+++ b/samples/best_practices/disallow_new_capabilities.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v1alpha1
+apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: disallow-new-capabilities
--- a/samples/best_practices/disallow_privileged.yaml
+++ b/samples/best_practices/disallow_privileged.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v1alpha1
+apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: disallow-privileged
--- a/samples/best_practices/disallow_root_user.yaml
+++ b/samples/best_practices/disallow_root_user.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v1alpha1
+apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: disallow-root-user
--- a/samples/best_practices/disallow_sysctls.yaml
+++ b/samples/best_practices/disallow_sysctls.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v1alpha1
+apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: disallow-sysctls
--- a/samples/best_practices/require_pod_requests_limits.yaml
+++ b/samples/best_practices/require_pod_requests_limits.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v1alpha1
+apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: require-pod-requests-limits
--- a/samples/best_practices/require_probes.yaml
+++ b/samples/best_practices/require_probes.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v1alpha1
+apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: require-pod-probes
--- a/samples/best_practices/require_ro_rootfs.yaml
+++ b/samples/best_practices/require_ro_rootfs.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v1alpha1
+apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: require-ro-rootfs
--- a/samples/more/restrict_automount_sa_token.yaml
+++ b/samples/more/restrict_automount_sa_token.yaml
@ -1,4 +1,4 @@
-apiVersion : kyverno.io/v1alpha1
+apiVersion : kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: restrict-automount-sa-token
--- a/samples/more/restrict_image_registries.yaml
+++ b/samples/more/restrict_image_registries.yaml
@ -1,4 +1,4 @@
-apiVersion : kyverno.io/v1alpha1
+apiVersion : kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: restrict-image-registries
--- a/samples/more/restrict_ingress_classes.yaml
+++ b/samples/more/restrict_ingress_classes.yaml
@ -1,4 +1,4 @@
-apiVersion : kyverno.io/v1alpha1
+apiVersion : kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: restrict-ingress-classes
--- a/samples/more/restrict_node_port.yaml
+++ b/samples/more/restrict_node_port.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v1alpha1
+apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: restrict-nodeport
--- a/test/policy/cli/policy_deployment.yaml
+++ b/test/policy/cli/policy_deployment.yaml
@ -1,4 +1,4 @@
-apiVersion : kyverno.io/v1alpha1
+apiVersion : kyverno.io/v1
 kind : ClusterPolicy
 metadata :
  name : policy-deployment
--- a/test/policy/mutate/policy_mutate_endpoint.yaml
+++ b/test/policy/mutate/policy_mutate_endpoint.yaml
@ -1,4 +1,4 @@
-apiVersion : kyverno.io/v1alpha1
+apiVersion : kyverno.io/v1
 kind : ClusterPolicy
 metadata :
  name : policy-endpoints
--- a/test/policy/mutate/policy_mutate_pod_disable_automountingapicred.yaml
+++ b/test/policy/mutate/policy_mutate_pod_disable_automountingapicred.yaml
@ -1,4 +1,4 @@
-apiVersion : kyverno.io/v1alpha1
+apiVersion : kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: mutate-pod-disable-automoutingapicred
--- a/test/policy/mutate/policy_mutate_validate_qos.yaml
+++ b/test/policy/mutate/policy_mutate_validate_qos.yaml
@ -1,4 +1,4 @@
-apiVersion : kyverno.io/v1alpha1
+apiVersion : kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: policy-qos
--- a/test/policy/policy-CM.yaml
+++ b/test/policy/policy-CM.yaml
@ -1,4 +1,4 @@
-apiVersion : kyverno.io/v1alpha1
+apiVersion : kyverno.io/v1
 kind : ClusterPolicy
 metadata :
  name : policy-cm
--- a/test/policy/query/policy_validate_loadblancer.yaml
+++ b/test/policy/query/policy_validate_loadblancer.yaml
@ -1,4 +1,4 @@
-apiVersion : kyverno.io/v1alpha1
+apiVersion : kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: query1
--- a/test/policy/query/policy_validate_no_loadblancer.yaml
+++ b/test/policy/query/policy_validate_no_loadblancer.yaml
@ -1,4 +1,4 @@
-apiVersion : kyverno.io/v1alpha1
+apiVersion : kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: query1
--- a/test/policy/validate/check_cpu_memory.yaml
+++ b/test/policy/validate/check_cpu_memory.yaml
@ -1,4 +1,4 @@
-apiVersion : kyverno.io/v1alpha1
+apiVersion : kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: check-cpu-memory
--- a/test/policy/validate/check_hostpath.yaml
+++ b/test/policy/validate/check_hostpath.yaml
@ -1,4 +1,4 @@
-apiVersion : kyverno.io/v1alpha1
+apiVersion : kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: check-host-path
--- a/test/policy/validate/check_image_version.yaml
+++ b/test/policy/validate/check_image_version.yaml
@ -1,4 +1,4 @@
-apiVersion : kyverno.io/v1alpha1
+apiVersion : kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: image-pull-policy
--- a/test/policy/validate/check_memory_requests_same_yaml.yaml
+++ b/test/policy/validate/check_memory_requests_same_yaml.yaml
@ -1,4 +1,4 @@
-apiVersion : kyverno.io/v1alpha1
+apiVersion : kyverno.io/v1
 kind : ClusterPolicy
 metadata :
  name : validation-example2
--- a/test/policy/validate/check_memory_requests_same_yaml_relative.yaml
+++ b/test/policy/validate/check_memory_requests_same_yaml_relative.yaml
@ -1,4 +1,4 @@
-apiVersion : kyverno.io/v1alpha1
+apiVersion : kyverno.io/v1
 kind : ClusterPolicy
 metadata :
  name : validation-example2
--- a/test/policy/validate/check_nodeport.yaml
+++ b/test/policy/validate/check_nodeport.yaml
@ -1,4 +1,4 @@
-apiVersion : kyverno.io/v1alpha1
+apiVersion : kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: check-node-port
--- a/test/policy/validate/check_not_root.yaml
+++ b/test/policy/validate/check_not_root.yaml
@ -1,4 +1,4 @@
-apiVersion : kyverno.io/v1alpha1
+apiVersion : kyverno.io/v1
 kind : ClusterPolicy
 metadata :
  name : check-non-root
--- a/test/policy/validate/check_probe_exists.yaml
+++ b/test/policy/validate/check_probe_exists.yaml
@ -1,4 +1,4 @@
-apiVersion : kyverno.io/v1alpha1
+apiVersion : kyverno.io/v1
 kind : ClusterPolicy
 metadata :
  name: check-probe-exists
--- a/test/policy/validate/check_probe_intervals.yaml
+++ b/test/policy/validate/check_probe_intervals.yaml
@ -1,4 +1,4 @@
-apiVersion : kyverno.io/v1alpha1
+apiVersion : kyverno.io/v1
 kind : ClusterPolicy
 metadata :
  name: check-probe-intervals
--- a/test/policy/validate/check_registries.yaml
+++ b/test/policy/validate/check_registries.yaml
@ -1,4 +1,4 @@
-apiVersion : kyverno.io/v1alpha1
+apiVersion : kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: check-registries
--- a/test/policy/validate/policy_validate_default_proc_mount.yaml
+++ b/test/policy/validate/policy_validate_default_proc_mount.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v1alpha1
+apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: validate-default-proc-mount
--- a/test/policy/validate/policy_validate_disallow_default_serviceaccount.yaml
+++ b/test/policy/validate/policy_validate_disallow_default_serviceaccount.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v1alpha1
+apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: validate-disallow-default-serviceaccount
--- a/test/policy/validate/policy_validate_healthChecks.yaml
+++ b/test/policy/validate/policy_validate_healthChecks.yaml
@ -1,4 +1,4 @@
-apiVersion : kyverno.io/v1alpha1
+apiVersion : kyverno.io/v1
 kind : ClusterPolicy
 metadata :
  name: check-probe-exists
--- a/test/policy/validate/policy_validate_selinux_context.yaml
+++ b/test/policy/validate/policy_validate_selinux_context.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v1alpha1
+apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: validate-selinux-options
--- a/test/policy/validate/policy_validate_volume_whitelist.yaml
+++ b/test/policy/validate/policy_validate_volume_whitelist.yaml
@ -1,4 +1,4 @@
-apiVersion : kyverno.io/v1alpha1
+apiVersion : kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: validate-volumes-whitelist