mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-15 17:51:20 +00:00
Code Activity

changed examples for next release

Browse source
This commit is contained in:
Jim Bugwadia 2019-05-23 20:42:34 -07:00
parent ab44bfb9b3
commit 8d6ecca9bd
9 changed files with 20 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
examples/mutate/overlay/set_imagePullPolicy_nginx.yaml → examples/mutate/overlay/nginx.yaml
View file

4
examples/mutate/overlay/policy_set_imagePullPolicy.yaml → examples/mutate/overlay/set_image_pull_policy.yaml
View file

@ -14,6 +14,6 @@ spec:
template:
spec:
containers:
# set the imagePullPolicy to "Always"
- (imagePullPolicy): "IfNotPresent"
# if the image tag is latest, set the imagePullPolicy to Always
- (image): "*:latest"
imagePullPolicy: "Always"

10
examples/validate/check_cpu_memory.yaml
View file

@ -15,18 +15,18 @@ spec:
template:
spec:
containers:
- name: "*"
- name: "?*"
resources:
limits:
memory: "*"
cpu: "*"
memory: "?*"
cpu: "?*"
- name: check-cpu
resource:
kinds:
- Deployment
validate:
message: "CPU request should be 4"
message: "CPU request should be less than 4"
pattern:
spec:
template:
@ -35,4 +35,4 @@ spec:
- name: "*"
resources:
requests:
cpu: "4"
cpu: "<4"

6
examples/validate/check_hostpath.yaml
View file

@ -9,10 +9,10 @@ spec:
kinds:
- Pod
validate:
message: "Host path should be /var/log"
message: "Host path is not allowed"
pattern:
spec:
volumes:
- (name): log
- name: "*"
hostPath:
path: /var/log
path: ""

6
examples/validate/check_image_version.yaml
View file

@ -15,5 +15,7 @@ spec:
template:
spec:
containers:
- (image): "*latest" # select images which end with :latest
imagePullPolicy: Always # ensure that the imagePullPolicy is "Always"
# select images which end with :latest
- (image): "*latest"
# require that the imagePullPolicy is "Always"
imagePullPolicy: Always

8
examples/validate/check_nodeport.yaml
View file

@ -1,15 +1,15 @@
apiVersion : kyverno.io/v1alpha1
kind: Policy
metadata:
name: check-host-path
name: check-node-port
spec:
rules:
- name: check-host-path
- name: check-node-port
resource:
kinds:
- Service
validate:
message: "Only NodePort type is allowed"
message: "NodePort type is not allowed"
pattern:
spec:
type: "NodePort"
type: "!NodePort"

2
examples/validate/check_probe_exists.yaml
View file

@ -15,7 +15,6 @@ spec:
template:
spec:
containers:
# In this case every object in containers list will be checked for pattern
- name: "*"
livenessProbe:
periodSeconds: ">0"
@ -30,7 +29,6 @@ spec:
template:
spec:
containers:
# In this case every object in containers list will be checked for pattern
- name: "*"
readinessProbe:
periodSeconds: ">0"

2
examples/validate/check_probe_intervals.yaml
View file

@ -15,7 +15,6 @@ spec:
template:
spec:
containers:
# In this case every object in containers list will be checked for pattern
- name: "*"
livenessProbe:
periodSeconds: ">10"
@ -30,7 +29,6 @@ spec:
template:
spec:
containers:
# In this case every object in containers list will be checked for pattern
- name: "*"
readinessProbe:
periodSeconds: ">10"

4
examples/validate/check_whitelist_registries.yaml
View file

@ -17,5 +17,5 @@ spec:
spec:
containers:
- name: "*"
# Checks if the image path starts with "https://hub.docker.io/nirmata/*"
image: https://hub.docker.io/nirmata/*
# Check allowed registries
image: "*/nirmata/* | https://private.registry.io/*"