From 3a639fd6fd75f8c476ae49f1361916324cfbb455 Mon Sep 17 00:00:00 2001 From: Shuting Zhao Date: Mon, 29 Jul 2019 19:01:17 -0700 Subject: [PATCH] cleanup example folder --- examples/mutate/overlay/nginx.yaml | 25 ------------------- .../overlay/policy_imagePullPolicy.yaml | 20 --------------- ...aml => policy_generate_networkPolicy.yaml} | 15 +++++------ ...oints.yaml => policy_mutate_endpoint.yaml} | 10 ++------ ...aml => policy_mutate_imagePullPolicy.yaml} | 10 +++----- ...s.yaml => policy_mutate_validate_qos.yaml} | 6 +++++ ...cy_validate_containerSecurityContext.yaml} | 2 +- ...yaml => policy_validate_healthChecks.yaml} | 0 ...l => policy_validate_imageRegistries.yaml} | 4 ++- ....yaml => policy_validate_nonRootUser.yaml} | 2 +- ...l => resource_generate_networkPolicy.yaml} | 0 ...nts.yaml => resource_mutate_endpoint.yaml} | 0 ...l => resource_mutate_imagePullPolicy.yaml} | 7 +++--- ...yaml => resource_mutate_validate_qos.yaml} | 2 ++ ...ce_validate_containerSecurityContext.yaml} | 4 +-- ...ml => resource_validate_healthChecks.yaml} | 0 ...=> resource_validate_imageRegistries.yaml} | 6 ++--- ...aml => resource_validate_nonRootUser.yaml} | 6 ++--- {examples => test}/generate/configMap.yaml | 0 .../generate/configMap_default.yaml | 0 {examples => test}/generate/namespace.yaml | 0 {examples => test}/generate/policy_basic.yaml | 0 .../generate/policy_generate.yaml | 0 .../generate/policy_networkPolicy.yaml | 0 24 files changed, 37 insertions(+), 82 deletions(-) delete mode 100644 examples/mutate/overlay/nginx.yaml delete mode 100644 examples/mutate/overlay/policy_imagePullPolicy.yaml rename examples/{demo/3_network_policy/policy.yaml => policy_generate_networkPolicy.yaml} (63%) rename examples/{mutate/patches/policy_endpoints.yaml => policy_mutate_endpoint.yaml} (63%) rename examples/{demo/1_image_pull_policy/policy.yaml => policy_mutate_imagePullPolicy.yaml} (76%) rename examples/{demo/6_qos/policy_qos.yaml => policy_mutate_validate_qos.yaml} (89%) rename examples/{demo/7_container_security_context/policy.yaml => policy_validate_containerSecurityContext.yaml} (92%) mode change 100755 => 100644 rename examples/{demo/5_health_check/policy.yaml => policy_validate_healthChecks.yaml} (100%) rename examples/{demo/2_allowed_registry/policy.yaml => policy_validate_imageRegistries.yaml} (87%) rename examples/{demo/4_non_root/policy.yaml => policy_validate_nonRootUser.yaml} (94%) rename examples/{demo/3_network_policy/namespace.yaml => resource_generate_networkPolicy.yaml} (100%) rename examples/{mutate/patches/endpoints.yaml => resource_mutate_endpoint.yaml} (100%) rename examples/{demo/1_image_pull_policy/nginx.yaml => resource_mutate_imagePullPolicy.yaml} (80%) rename examples/{demo/6_qos/qos.yaml => resource_mutate_validate_qos.yaml} (93%) rename examples/{demo/7_container_security_context/nginx.yaml => resource_validate_containerSecurityContext.yaml} (83%) mode change 100755 => 100644 rename examples/{demo/5_health_check/pod.yaml => resource_validate_healthChecks.yaml} (100%) rename examples/{demo/2_allowed_registry/nginx.yaml => resource_validate_imageRegistries.yaml} (79%) rename examples/{demo/4_non_root/nginx.yaml => resource_validate_nonRootUser.yaml} (86%) rename {examples => test}/generate/configMap.yaml (100%) rename {examples => test}/generate/configMap_default.yaml (100%) rename {examples => test}/generate/namespace.yaml (100%) rename {examples => test}/generate/policy_basic.yaml (100%) rename {examples => test}/generate/policy_generate.yaml (100%) rename {examples => test}/generate/policy_networkPolicy.yaml (100%) diff --git a/examples/mutate/overlay/nginx.yaml b/examples/mutate/overlay/nginx.yaml deleted file mode 100644 index 107f97e446..0000000000 --- a/examples/mutate/overlay/nginx.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: nginx-deployment - creationTimestamp: - labels: - app: nginx -spec: - replicas: 1 - selector: - matchLabels: - app: nginx - template: - metadata: - creationTimestamp: - labels: - app: nginx - spec: - containers: - - name: nginx - image: nginx:latest - ports: - - containerPort: 80 - - name: ghost - image: ghost:latest \ No newline at end of file diff --git a/examples/mutate/overlay/policy_imagePullPolicy.yaml b/examples/mutate/overlay/policy_imagePullPolicy.yaml deleted file mode 100644 index 0040e5c390..0000000000 --- a/examples/mutate/overlay/policy_imagePullPolicy.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: kyverno.io/v1alpha1 -kind: Policy -metadata: - name: set-image-pull-policy -spec: - rules: - - name: set-image-pull-policy - match: - resources: - kinds: - - Deployment - mutate: - overlay: - spec: - template: - spec: - containers: - # if the image tag is latest, set the imagePullPolicy to Always - - (image): "*:latest" - imagePullPolicy: "IfNotPresent" \ No newline at end of file diff --git a/examples/demo/3_network_policy/policy.yaml b/examples/policy_generate_networkPolicy.yaml similarity index 63% rename from examples/demo/3_network_policy/policy.yaml rename to examples/policy_generate_networkPolicy.yaml index 374e3a71ad..9cabe9ab43 100644 --- a/examples/demo/3_network_policy/policy.yaml +++ b/examples/policy_generate_networkPolicy.yaml @@ -1,7 +1,7 @@ apiVersion: kyverno.io/v1alpha1 kind: Policy metadata: - name: "default" + name: "deny-ingress-traffic" spec: rules: - name: "deny-ingress-traffic" @@ -15,13 +15,14 @@ spec: name: deny-ingress-traffic data: spec: + podSelector: {} policyTypes: - Ingress + ingress: + - from: + - podSelector: + matchLabels: + role: frontend metadata: labels: - policyname: "default" - # kind: ConfigMap - # name: default-config - # clone: - # namespace: default - # name: config-template \ No newline at end of file + policyname: "default" \ No newline at end of file diff --git a/examples/mutate/patches/policy_endpoints.yaml b/examples/policy_mutate_endpoint.yaml similarity index 63% rename from examples/mutate/patches/policy_endpoints.yaml rename to examples/policy_mutate_endpoint.yaml index 0ddfa6bb06..1541dbb743 100644 --- a/examples/mutate/patches/policy_endpoints.yaml +++ b/examples/policy_mutate_endpoint.yaml @@ -17,12 +17,6 @@ spec : - path : "/subsets/0/ports/0/port" op : replace value: 9663 - - path : "/subsets/0" + - path : "/metadata/labels/isMutated" op: add - value: - addresses: - - ip: "192.168.10.172" - ports: - - name: load-balancer-connection - port: 80 - protocol: UDP \ No newline at end of file + value: "true" \ No newline at end of file diff --git a/examples/demo/1_image_pull_policy/policy.yaml b/examples/policy_mutate_imagePullPolicy.yaml similarity index 76% rename from examples/demo/1_image_pull_policy/policy.yaml rename to examples/policy_mutate_imagePullPolicy.yaml index 617ff192dd..64fb71a910 100644 --- a/examples/demo/1_image_pull_policy/policy.yaml +++ b/examples/policy_mutate_imagePullPolicy.yaml @@ -9,13 +9,9 @@ spec: resources: kinds: - Deployment - exclude: - resources: - name: nginx-deployment1 - selector : - matchLabels: - app: nginx1 - namespace: "default" + selector: + matchLabels: + app : nginxlatest mutate: overlay: spec: diff --git a/examples/demo/6_qos/policy_qos.yaml b/examples/policy_mutate_validate_qos.yaml similarity index 89% rename from examples/demo/6_qos/policy_qos.yaml rename to examples/policy_mutate_validate_qos.yaml index 352772a8ea..96a55583e8 100644 --- a/examples/demo/6_qos/policy_qos.yaml +++ b/examples/policy_mutate_validate_qos.yaml @@ -10,6 +10,9 @@ spec: resources: kinds: - Deployment + selector : + matchLabels: + test: qos mutate: overlay: spec: @@ -28,6 +31,9 @@ spec: resources: kinds: - Deployment + selector : + matchLabels: + test: qos validate: message: "Resource limits are required for CPU and memory" pattern: diff --git a/examples/demo/7_container_security_context/policy.yaml b/examples/policy_validate_containerSecurityContext.yaml old mode 100755 new mode 100644 similarity index 92% rename from examples/demo/7_container_security_context/policy.yaml rename to examples/policy_validate_containerSecurityContext.yaml index df56be4d2d..4883c274f5 --- a/examples/demo/7_container_security_context/policy.yaml +++ b/examples/policy_validate_containerSecurityContext.yaml @@ -24,4 +24,4 @@ spec: allowPrivilegeEscalation: false # fields can be customized # privileged: false - # readOnlyRootFilesystem: true \ No newline at end of file + # readOnlyRootFilesystem: true diff --git a/examples/demo/5_health_check/policy.yaml b/examples/policy_validate_healthChecks.yaml similarity index 100% rename from examples/demo/5_health_check/policy.yaml rename to examples/policy_validate_healthChecks.yaml diff --git a/examples/demo/2_allowed_registry/policy.yaml b/examples/policy_validate_imageRegistries.yaml similarity index 87% rename from examples/demo/2_allowed_registry/policy.yaml rename to examples/policy_validate_imageRegistries.yaml index 6992edbb58..a0bd345ead 100644 --- a/examples/demo/2_allowed_registry/policy.yaml +++ b/examples/policy_validate_imageRegistries.yaml @@ -10,7 +10,9 @@ spec: kinds: - Deployment - StatefulSet - namespace: default + selector: + matchLabels: + app: nirmata-nginx validate: message: "Registry is not allowed" pattern: diff --git a/examples/demo/4_non_root/policy.yaml b/examples/policy_validate_nonRootUser.yaml similarity index 94% rename from examples/demo/4_non_root/policy.yaml rename to examples/policy_validate_nonRootUser.yaml index 904c1fecd3..16bc4505ce 100644 --- a/examples/demo/4_non_root/policy.yaml +++ b/examples/policy_validate_nonRootUser.yaml @@ -11,7 +11,7 @@ spec: - Deployment selector : matchLabels: - app.type: prod + test: psp validate: message: "security context 'runAsNonRoot' shoud be set to true" pattern: diff --git a/examples/demo/3_network_policy/namespace.yaml b/examples/resource_generate_networkPolicy.yaml similarity index 100% rename from examples/demo/3_network_policy/namespace.yaml rename to examples/resource_generate_networkPolicy.yaml diff --git a/examples/mutate/patches/endpoints.yaml b/examples/resource_mutate_endpoint.yaml similarity index 100% rename from examples/mutate/patches/endpoints.yaml rename to examples/resource_mutate_endpoint.yaml diff --git a/examples/demo/1_image_pull_policy/nginx.yaml b/examples/resource_mutate_imagePullPolicy.yaml similarity index 80% rename from examples/demo/1_image_pull_policy/nginx.yaml rename to examples/resource_mutate_imagePullPolicy.yaml index c3bdbed5d6..37ba98737c 100644 --- a/examples/demo/1_image_pull_policy/nginx.yaml +++ b/examples/resource_mutate_imagePullPolicy.yaml @@ -3,17 +3,16 @@ kind: Deployment metadata: name: nginx-deployment labels: - app: nginx - cli: test + app: nginxlatest spec: replicas: 1 selector: matchLabels: - app: nginx + app: nginxlatest template: metadata: labels: - app: nginx + app: nginxlatest spec: containers: - name: nginx diff --git a/examples/demo/6_qos/qos.yaml b/examples/resource_mutate_validate_qos.yaml similarity index 93% rename from examples/demo/6_qos/qos.yaml rename to examples/resource_mutate_validate_qos.yaml index d998bdfbc3..43abddf1e6 100644 --- a/examples/demo/6_qos/qos.yaml +++ b/examples/resource_mutate_validate_qos.yaml @@ -2,6 +2,8 @@ apiVersion: apps/v1 kind: Deployment metadata: name: qos-demo + labels: + test: qos spec: replicas: 1 selector: diff --git a/examples/demo/7_container_security_context/nginx.yaml b/examples/resource_validate_containerSecurityContext.yaml old mode 100755 new mode 100644 similarity index 83% rename from examples/demo/7_container_security_context/nginx.yaml rename to examples/resource_validate_containerSecurityContext.yaml index 811f167bac..4cfa6f96d1 --- a/examples/demo/7_container_security_context/nginx.yaml +++ b/examples/resource_validate_containerSecurityContext.yaml @@ -1,7 +1,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: psp-demo-unprivileged + name: csc-demo-unprivileged labels: app.type: prod spec: @@ -19,4 +19,4 @@ spec: image: nginxinc/nginx-unprivileged securityContext: runAsNonRoot: true - allowPrivilegeEscalation: true + allowPrivilegeEscalation: false diff --git a/examples/demo/5_health_check/pod.yaml b/examples/resource_validate_healthChecks.yaml similarity index 100% rename from examples/demo/5_health_check/pod.yaml rename to examples/resource_validate_healthChecks.yaml diff --git a/examples/demo/2_allowed_registry/nginx.yaml b/examples/resource_validate_imageRegistries.yaml similarity index 79% rename from examples/demo/2_allowed_registry/nginx.yaml rename to examples/resource_validate_imageRegistries.yaml index a0329d80f4..131f6457a4 100644 --- a/examples/demo/2_allowed_registry/nginx.yaml +++ b/examples/resource_validate_imageRegistries.yaml @@ -1,9 +1,9 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: nginx-deployment + name: nirmata-nginx labels: - app: nginx + app: nirmata-nginx cli: test spec: replicas: 1 @@ -16,6 +16,6 @@ spec: app: nginx spec: containers: - - name: nginx + - name: nirmata-nginx # image: nginx image: nirmata/nginx diff --git a/examples/demo/4_non_root/nginx.yaml b/examples/resource_validate_nonRootUser.yaml similarity index 86% rename from examples/demo/4_non_root/nginx.yaml rename to examples/resource_validate_nonRootUser.yaml index 41c00d3066..7e6370ccd8 100644 --- a/examples/demo/4_non_root/nginx.yaml +++ b/examples/resource_validate_nonRootUser.yaml @@ -3,16 +3,16 @@ kind: Deployment metadata: name: psp-demo-unprivileged labels: - app.type: prod + test: psp spec: replicas: 1 selector: matchLabels: - app: psp + test: psp template: metadata: labels: - app: psp + test: psp spec: securityContext: runAsNonRoot: true diff --git a/examples/generate/configMap.yaml b/test/generate/configMap.yaml similarity index 100% rename from examples/generate/configMap.yaml rename to test/generate/configMap.yaml diff --git a/examples/generate/configMap_default.yaml b/test/generate/configMap_default.yaml similarity index 100% rename from examples/generate/configMap_default.yaml rename to test/generate/configMap_default.yaml diff --git a/examples/generate/namespace.yaml b/test/generate/namespace.yaml similarity index 100% rename from examples/generate/namespace.yaml rename to test/generate/namespace.yaml diff --git a/examples/generate/policy_basic.yaml b/test/generate/policy_basic.yaml similarity index 100% rename from examples/generate/policy_basic.yaml rename to test/generate/policy_basic.yaml diff --git a/examples/generate/policy_generate.yaml b/test/generate/policy_generate.yaml similarity index 100% rename from examples/generate/policy_generate.yaml rename to test/generate/policy_generate.yaml diff --git a/examples/generate/policy_networkPolicy.yaml b/test/generate/policy_networkPolicy.yaml similarity index 100% rename from examples/generate/policy_networkPolicy.yaml rename to test/generate/policy_networkPolicy.yaml