mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-09 09:26:54 +00:00
5a0ce6bb67
* chore: bump chainsaw Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more template use Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * v0.2.10 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * go mod Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
45 lines
1.3 KiB
YAML
Executable file
45 lines
1.3 KiB
YAML
Executable file
apiVersion: chainsaw.kyverno.io/v1alpha1
|
|
kind: Test
|
|
metadata:
|
|
name: restrict-image-registries
|
|
spec:
|
|
steps:
|
|
- name: create policy
|
|
use:
|
|
template: ../../_step-templates/create-policy.yaml
|
|
with:
|
|
bindings:
|
|
- name: file
|
|
value: policy.yaml
|
|
- name: wait policy ready
|
|
use:
|
|
template: ../../_step-templates/cluster-policy-ready.yaml
|
|
with:
|
|
bindings:
|
|
- name: name
|
|
value: restrict-image-registries
|
|
- name: check autogen
|
|
try:
|
|
- assert:
|
|
file: check-autogen.yaml
|
|
- name: step-02
|
|
try:
|
|
- script:
|
|
content: kubectl run nginx-1 --image nginx
|
|
check:
|
|
($error != null): true
|
|
(contains($stderr, 'rule validate-registries failed at path /spec/containers/0/image/')): true
|
|
- name: step-03
|
|
try:
|
|
- script:
|
|
content: kubectl create deployment testing --image=nginx --replicas=1
|
|
check:
|
|
($error != null): true
|
|
(contains($stderr, 'rule autogen-validate-registries failed at path /spec/template/spec/containers/0/image/')): true
|
|
- name: step-04
|
|
try:
|
|
- script:
|
|
content: kubectl create cronjob my-job --image=busybox --schedule="*/1 * * * *"
|
|
check:
|
|
($error != null): true
|
|
(contains($stderr, 'rule autogen-cronjob-validate-registries failed')): true
|