mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-29 10:55:05 +00:00
Code Activity

clean up

Browse source
This commit is contained in:
shivkumar dudhani 2019-10-14 14:37:03 -07:00
parent 6ea58eb09b
commit a4a0a27472
11 changed files with 0 additions and 283 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
test/scenarios/other/scenario_mutate_pod_disable_automountingapicred.yaml
View file

@ -1,19 +0,0 @@
# file path relative to project root
input:
policy: test/scenarios/mutate/policy_mutate_pod_disable_automountingapicred.yaml
resource: test/scenarios/mutate/resource_mutate_pod_disable_automountingapicred.yaml
expected:
mutation:
patchedresource: test/output/output_mutate_pod_disable_automoutingapicred.yaml
policyresponse:
policy: mutate-pod-disable-automoutingapicred
resource:
kind: Pod
apiVersion: v1
namespace: ''
name: myapp-pod
rules:
- name: pod-disable-automoutingapicred
type: Mutation
message: "succesfully process overlay"
success: true

40
test/validate/check_cpu_memory.yaml
View file

@ -1,40 +0,0 @@
apiVersion : kyverno.io/v1alpha1
kind: ClusterPolicy
metadata:
name: check-cpu-memory
spec:
rules:
- name: check-defined
match:
resources:
kinds:
- Deployment
validate:
message: "Resource limits are required for CPU and memory"
pattern:
spec:
template:
spec:
containers:
- name: "?*"
resources:
limits:
memory: "?*"
cpu: "?*"
- name: check-cpu
match:
resources:
kinds:
- Deployment
validate:
message: "CPU request should be less than 4"
pattern:
spec:
template:
spec:
containers:
- name: "*"
resources:
requests:
cpu: "<4m"

19
test/validate/check_hostpath.yaml
View file

@ -1,19 +0,0 @@
apiVersion : kyverno.io/v1alpha1
kind: ClusterPolicy
metadata:
name: check-host-path
spec:
rules:
- name: check-host-path
match:
resources:
kinds:
- Pod
validate:
message: "Host path is not allowed"
pattern:
spec:
volumes:
- name: "*"
hostPath:
path: ""

22
test/validate/check_image_version.yaml
View file

@ -1,22 +0,0 @@
apiVersion : kyverno.io/v1alpha1
kind: ClusterPolicy
metadata:
name: image-pull-policy
spec:
rules:
- name: image-pull-policy
match:
resources:
kinds:
- Deployment
validate:
message: "Image tag ':latest' requires imagePullPolicy 'Always'"
pattern:
spec:
template:
spec:
containers:
# select images which end with :latest
- (image): "*latest"
# require that the imagePullPolicy is "Always"
imagePullPolicy: Always

26
test/validate/check_memory_requests_same_yaml.yaml
View file

@ -1,26 +0,0 @@
apiVersion : kyverno.io/v1alpha1
kind : ClusterPolicy
metadata :
name : validation-example2
spec :
rules:
- name: check-memory_requests_link_in_yaml
match:
resources:
# Kind specifies one or more resource types to match
kinds:
- Deployment
# Name is optional and can use wildcards
name: "*"
# Selector is optional
selector:
validate:
pattern:
spec:
containers:
- name: "*"
resources:
requests:
memory: "$(<=/spec/containers/0/resources/limits/memory)"
limits:
memory: "2048Mi"

26
test/validate/check_memory_requests_same_yaml_relative.yaml
View file

@ -1,26 +0,0 @@
apiVersion : kyverno.io/v1alpha1
kind : ClusterPolicy
metadata :
name : validation-example2
spec :
rules:
- name: check-memory_requests_link_in_yaml_relative
match:
resources:
# Kind specifies one or more resource types to match
kinds:
- Deployment
# Name is optional and can use wildcards
name: "*"
# Selector is optional
selector:
validate:
pattern:
spec:
containers:
- (name): "*"
resources:
requests:
memory: "$(<=./../../lim(its/mem)ory)"
lim(its:
mem)ory: "2048Mi"

16
test/validate/check_nodeport.yaml
View file

@ -1,16 +0,0 @@
apiVersion : kyverno.io/v1alpha1
kind: ClusterPolicy
metadata:
name: check-node-port
spec:
rules:
- name: check-node-port
match:
resources:
kinds:
- Service
validate:
message: "NodePort type is not allowed"
pattern:
spec:
type: "!NodePort"

21
test/validate/check_not_root.yaml
View file

@ -1,21 +0,0 @@
apiVersion : kyverno.io/v1alpha1
kind : ClusterPolicy
metadata :
name : check-non-root
spec :
rules:
- name: check-non-root
match:
resources:
kinds:
- Deployment
- StatefuleSet
- DaemonSet
validate:
message: "Root user is not allowed"
pattern:
spec:
template:
spec:
securityContext:
runAsNonRoot: true

36
test/validate/check_probe_exists.yaml
View file

@ -1,36 +0,0 @@
apiVersion : kyverno.io/v1alpha1
kind : ClusterPolicy
metadata :
name: check-probe-exists
spec:
rules:
- name: check-liveness-probe-exists
match:
resources:
kinds :
- StatefulSet
validate:
message: "a livenessProbe is required"
pattern:
spec:
template:
spec:
containers:
- name: "*"
livenessProbe:
periodSeconds: ">0"
- name: check-readiness-probe-exists
match:
resources:
kinds :
- StatefulSet
validate:
message: "a readinessProbe is required"
pattern:
spec:
template:
spec:
containers:
- name: "*"
readinessProbe:
periodSeconds: ">0"

36
test/validate/check_probe_intervals.yaml
View file

@ -1,36 +0,0 @@
apiVersion : kyverno.io/v1alpha1
kind : ClusterPolicy
metadata :
name: check-probe-intervals
spec:
rules:
- name: check-probe-intervals
match:
resources:
kinds :
- Deployment
validate:
message: "livenessProbe must be > 10s"
pattern:
spec:
template:
spec:
containers:
- name: "*"
livenessProbe:
periodSeconds: ">10"
- name: check-probe-intervals
match:
resources:
kinds :
- Deployment
validate:
message: "readinessProbe must be > 10s"
pattern:
spec:
template:
spec:
containers:
- name: "*"
readinessProbe:
periodSeconds: ">10"

22
test/validate/check_registries.yaml
View file

@ -1,22 +0,0 @@
apiVersion : kyverno.io/v1alpha1
kind: ClusterPolicy
metadata:
name: check-registries
spec:
rules:
- name: check-registries
match:
resources:
kinds:
- Deployment
- StatefulSet
validate:
message: "Registry is not allowed"
pattern:
spec:
template:
spec:
containers:
- name: "*"
# Check allowed registries
image: "*/nirmata/* | https://private.registry.io/*"