mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-09 17:37:12 +00:00
Code Activity
kyverno/test/cli/test-mutate/foreach/policies.yaml
Mariam Fahmy c796bb765c
fix: return policies with either audit or enforce rules from the cache (#10667) 
* fix: return policies with either audit or enforce rules from the cache

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* feat: introduce validationFailureAction under verifyImage rules

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* feat: add chainsaw tests

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* fix

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

---------

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-08-06 18:24:28 +00:00

54 lines
1.3 KiB
YAML
Raw Blame History

---
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
annotations:
pod-policies.kyverno.io/autogen-controllers: none
name: foreach-json-patch
spec:
admission: true
background: true
rules:
- match:
any:
- resources:
kinds:
- Pod
mutate:
foreach:
- list: request.object.spec.containers
patchesJson6902: |-
- path: /spec/containers/{{elementIndex}}/securityContext
op: add
value: {"runAsNonRoot" : true}
name: add-security-context
preconditions:
all:
- key: '{{ request.operation }}'
operator: Equals
value: CREATE
---
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
annotations:
pod-policies.kyverno.io/autogen-controllers: none
name: mutate-images
spec:
admission: true
background: false
rules:
- match:
any:
- resources:
kinds:
- Pod
mutate:
foreach:
- list: request.object.spec.containers
patchStrategicMerge:
spec:
containers:
- image: registry.digitalocean.com/runlevl4/{{ images.containers."{{element.name}}".name}}:{{images.containers."{{element.name}}".tag}}
name: '{{ element.name }}'
name: test
View git blame Copy permalink