mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-10 18:06:55 +00:00
Code Activity
kyverno/test/conformance/chainsaw/policy-validation/cluster-policy/success/policy-1.yaml
Mariam Fahmy c796bb765c
fix: return policies with either audit or enforce rules from the cache (#10667) 
* fix: return policies with either audit or enforce rules from the cache

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* feat: introduce validationFailureAction under verifyImage rules

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* feat: add chainsaw tests

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* fix

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

---------

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-08-06 18:24:28 +00:00

61 lines
1.8 KiB
YAML
Raw Blame History

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: vault-init-injector
annotations:
policies.kyverno.io/title: Inject vault init Container
spec:
background: false
rules:
- name: inject-vault-sidecar
match:
any:
- resources:
kinds:
- Deployment
preconditions:
all:
- key: "{{ request.object.spec.template.metadata.annotations.\"vault.k8s.corp.com/inject\" || ''}}"
operator: Equals
value: "true"
- key: vault-init
operator: AnyNotIn
value: "{{ request.object.spec.template.spec.initContainers[].name || ['']}}"
mutate:
patchesJson6902: |-
- op: add
path: /spec/template/spec/initContainers
value:
- name: vault-init
image: registry.corp.com/infrastructure/vault-init:dev-53
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 100m
memory: 64M
limits:
cpu: 500m
memory: 128M
volumeMounts:
- mountPath: "/secret"
name: vault-secret
env:
- name: VAULT_ENTRY
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.annotations["vault.k8s.corp.com/role"]
- op: add
path: /spec/template/spec/volumes/-1
value:
name: vault-secret
emptyDir:
medium: Memory
- op: add
path: /spec/template/spec/containers/0/volumeMounts/-1
value:
mountPath: "/secret"
name: vault-secret
- op: add
path: /spec/template/metadata/annotations/config.linkerd.io~1skip-outbound-ports
value: "8200"
View git blame Copy permalink