diff --git a/test/scenarios/other/scenario_mutate_pod_disable_automountingapicred.yaml b/test/scenarios/other/scenario_mutate_pod_disable_automountingapicred.yaml deleted file mode 100644 index e93baef249..0000000000 --- a/test/scenarios/other/scenario_mutate_pod_disable_automountingapicred.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# file path relative to project root -input: - policy: test/scenarios/mutate/policy_mutate_pod_disable_automountingapicred.yaml - resource: test/scenarios/mutate/resource_mutate_pod_disable_automountingapicred.yaml -expected: - mutation: - patchedresource: test/output/output_mutate_pod_disable_automoutingapicred.yaml - policyresponse: - policy: mutate-pod-disable-automoutingapicred - resource: - kind: Pod - apiVersion: v1 - namespace: '' - name: myapp-pod - rules: - - name: pod-disable-automoutingapicred - type: Mutation - message: "succesfully process overlay" - success: true \ No newline at end of file diff --git a/test/validate/check_cpu_memory.yaml b/test/validate/check_cpu_memory.yaml deleted file mode 100644 index 5b432e6bff..0000000000 --- a/test/validate/check_cpu_memory.yaml +++ /dev/null @@ -1,40 +0,0 @@ -apiVersion : kyverno.io/v1alpha1 -kind: ClusterPolicy -metadata: - name: check-cpu-memory -spec: - rules: - - name: check-defined - match: - resources: - kinds: - - Deployment - validate: - message: "Resource limits are required for CPU and memory" - pattern: - spec: - template: - spec: - containers: - - name: "?*" - resources: - limits: - memory: "?*" - cpu: "?*" - - - name: check-cpu - match: - resources: - kinds: - - Deployment - validate: - message: "CPU request should be less than 4" - pattern: - spec: - template: - spec: - containers: - - name: "*" - resources: - requests: - cpu: "<4m" diff --git a/test/validate/check_hostpath.yaml b/test/validate/check_hostpath.yaml deleted file mode 100644 index e95c9e2c9a..0000000000 --- a/test/validate/check_hostpath.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion : kyverno.io/v1alpha1 -kind: ClusterPolicy -metadata: - name: check-host-path -spec: - rules: - - name: check-host-path - match: - resources: - kinds: - - Pod - validate: - message: "Host path is not allowed" - pattern: - spec: - volumes: - - name: "*" - hostPath: - path: "" diff --git a/test/validate/check_image_version.yaml b/test/validate/check_image_version.yaml deleted file mode 100644 index d3530cde39..0000000000 --- a/test/validate/check_image_version.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion : kyverno.io/v1alpha1 -kind: ClusterPolicy -metadata: - name: image-pull-policy -spec: - rules: - - name: image-pull-policy - match: - resources: - kinds: - - Deployment - validate: - message: "Image tag ':latest' requires imagePullPolicy 'Always'" - pattern: - spec: - template: - spec: - containers: - # select images which end with :latest - - (image): "*latest" - # require that the imagePullPolicy is "Always" - imagePullPolicy: Always diff --git a/test/validate/check_memory_requests_same_yaml.yaml b/test/validate/check_memory_requests_same_yaml.yaml deleted file mode 100644 index 8d41242d20..0000000000 --- a/test/validate/check_memory_requests_same_yaml.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion : kyverno.io/v1alpha1 -kind : ClusterPolicy -metadata : - name : validation-example2 -spec : - rules: - - name: check-memory_requests_link_in_yaml - match: - resources: - # Kind specifies one or more resource types to match - kinds: - - Deployment - # Name is optional and can use wildcards - name: "*" - # Selector is optional - selector: - validate: - pattern: - spec: - containers: - - name: "*" - resources: - requests: - memory: "$(<=/spec/containers/0/resources/limits/memory)" - limits: - memory: "2048Mi" diff --git a/test/validate/check_memory_requests_same_yaml_relative.yaml b/test/validate/check_memory_requests_same_yaml_relative.yaml deleted file mode 100644 index f13458f858..0000000000 --- a/test/validate/check_memory_requests_same_yaml_relative.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion : kyverno.io/v1alpha1 -kind : ClusterPolicy -metadata : - name : validation-example2 -spec : - rules: - - name: check-memory_requests_link_in_yaml_relative - match: - resources: - # Kind specifies one or more resource types to match - kinds: - - Deployment - # Name is optional and can use wildcards - name: "*" - # Selector is optional - selector: - validate: - pattern: - spec: - containers: - - (name): "*" - resources: - requests: - memory: "$(<=./../../lim(its/mem)ory)" - lim(its: - mem)ory: "2048Mi" diff --git a/test/validate/check_nodeport.yaml b/test/validate/check_nodeport.yaml deleted file mode 100644 index 17d4c84cb0..0000000000 --- a/test/validate/check_nodeport.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion : kyverno.io/v1alpha1 -kind: ClusterPolicy -metadata: - name: check-node-port -spec: - rules: - - name: check-node-port - match: - resources: - kinds: - - Service - validate: - message: "NodePort type is not allowed" - pattern: - spec: - type: "!NodePort" diff --git a/test/validate/check_not_root.yaml b/test/validate/check_not_root.yaml deleted file mode 100644 index 535d525351..0000000000 --- a/test/validate/check_not_root.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion : kyverno.io/v1alpha1 -kind : ClusterPolicy -metadata : - name : check-non-root -spec : - rules: - - name: check-non-root - match: - resources: - kinds: - - Deployment - - StatefuleSet - - DaemonSet - validate: - message: "Root user is not allowed" - pattern: - spec: - template: - spec: - securityContext: - runAsNonRoot: true diff --git a/test/validate/check_probe_exists.yaml b/test/validate/check_probe_exists.yaml deleted file mode 100644 index a2826044b2..0000000000 --- a/test/validate/check_probe_exists.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion : kyverno.io/v1alpha1 -kind : ClusterPolicy -metadata : - name: check-probe-exists -spec: - rules: - - name: check-liveness-probe-exists - match: - resources: - kinds : - - StatefulSet - validate: - message: "a livenessProbe is required" - pattern: - spec: - template: - spec: - containers: - - name: "*" - livenessProbe: - periodSeconds: ">0" - - name: check-readiness-probe-exists - match: - resources: - kinds : - - StatefulSet - validate: - message: "a readinessProbe is required" - pattern: - spec: - template: - spec: - containers: - - name: "*" - readinessProbe: - periodSeconds: ">0" diff --git a/test/validate/check_probe_intervals.yaml b/test/validate/check_probe_intervals.yaml deleted file mode 100644 index a3402bd9b3..0000000000 --- a/test/validate/check_probe_intervals.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion : kyverno.io/v1alpha1 -kind : ClusterPolicy -metadata : - name: check-probe-intervals -spec: - rules: - - name: check-probe-intervals - match: - resources: - kinds : - - Deployment - validate: - message: "livenessProbe must be > 10s" - pattern: - spec: - template: - spec: - containers: - - name: "*" - livenessProbe: - periodSeconds: ">10" - - name: check-probe-intervals - match: - resources: - kinds : - - Deployment - validate: - message: "readinessProbe must be > 10s" - pattern: - spec: - template: - spec: - containers: - - name: "*" - readinessProbe: - periodSeconds: ">10" diff --git a/test/validate/check_registries.yaml b/test/validate/check_registries.yaml deleted file mode 100644 index 52b188ef17..0000000000 --- a/test/validate/check_registries.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion : kyverno.io/v1alpha1 -kind: ClusterPolicy -metadata: - name: check-registries -spec: - rules: - - name: check-registries - match: - resources: - kinds: - - Deployment - - StatefulSet - validate: - message: "Registry is not allowed" - pattern: - spec: - template: - spec: - containers: - - name: "*" - # Check allowed registries - image: "*/nirmata/* | https://private.registry.io/*"