mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-09 09:26:54 +00:00
Code Activity
kyverno/test/cli/test-validating-admission-policy/with-namespaceObject-2/policy.yaml
Mariam Fahmy 2016f82600
chore: use v1 of VAPs in the tests (#11929) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2025-01-15 14:08:35 +00:00

31 lines
761 B
YAML
Raw Blame History

apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingAdmissionPolicy
metadata:
name: "check-deployment-namespace"
spec:
matchConstraints:
resourceRules:
- apiGroups:
- apps
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- deployments
validations:
- expression: "namespaceObject.metadata.name != 'default'"
message: "Using 'default' namespace is not allowed for pod controllers."
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingAdmissionPolicyBinding
metadata:
name: "check-deployment-namespace-binding"
spec:
policyName: "check-deployment-namespace"
validationActions: [Deny]
matchResources:
objectSelector:
matchLabels:
app: nginx
View git blame Copy permalink