Skip to content

Commit

Permalink
Merge pull request #144 from viveksahu26/remove_duplicate_mutate_policy
Browse files Browse the repository at this point in the history
Remove duplicate mutate policy
  • Loading branch information
chipzoller authored Oct 6, 2021
2 parents a2a8fe0 + 70770a1 commit 7d77236
Show file tree
Hide file tree
Showing 24 changed files with 12 additions and 413 deletions.
27 changes: 0 additions & 27 deletions other/add-default-securitycontext.yaml

This file was deleted.

Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,8 @@ metadata:
A Pod securityContext entry defines fields such as the user and group which should be used to run the Pod.
Sometimes choosing default values for users rather than blocking is a better alternative to not impede
such Pod definitions. This policy will mutate a Pod to set `runAsUser`, `runAsGroup`, and `fsGroup` fields
within the Pod securityContext if they are not already set.
within the Pod securityContext if they are not already set.
spec:
background: false
rules:
- name: add-default-securitycontext
match:
Expand All @@ -26,4 +25,3 @@ spec:
+(runAsUser): 1000
+(runAsGroup): 3000
+(fsGroup): 2000

29 changes: 0 additions & 29 deletions other/add-imagepullsecrets.yaml

This file was deleted.

10 changes: 5 additions & 5 deletions other/add-imagepullsecrets/add-imagepullsecrets.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,14 +6,14 @@ metadata:
policies.kyverno.io/title: Add imagePullSecrets
policies.kyverno.io/category: Sample
policies.kyverno.io/subject: Pod
policies.kyverno.io/minversion: 1.4.3
policies.kyverno.io/description: >-
Images coming from certain registries require authentication in order to pull them,
and the kubelet uses this information in the form of an imagePullSecret to pull
and the kubelet uses this information in the form of an imagePullSecret to pull
those images on behalf of your Pod. This policy searches for images coming from a
registry called `corp.reg.com` and, if found, will mutate the Pod to add an
imagePullSecret called `my-secret`.
imagePullSecret called `my-secret`.
spec:
background: false
rules:
- name: add-imagepullsecret
match:
Expand All @@ -24,6 +24,6 @@ spec:
patchStrategicMerge:
spec:
containers:
- (image): "corp.reg.com/*"
- <(image): "corp.reg.com/*"
imagePullSecrets:
- name: my-secret
- name: my-secret
2 changes: 1 addition & 1 deletion other/add-imagepullsecrets/test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ results:
resource: myapp-pod-2
patchedResource: patchedResource2.yaml
kind: Pod
result: pass
result: skip
- policy: add-imagepullsecrets
rule: add-imagepullsecret
resource: myapp-pod-3
Expand Down
33 changes: 0 additions & 33 deletions other/add-pod-proxies.yaml

This file was deleted.

1 change: 0 additions & 1 deletion other/add-pod-proxies/add-pod-proxies.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@ metadata:
It will add the `env` array if not present. If any Pods have any of these
env vars, they will be overwritten with the value(s) in this policy.
spec:
background: false
rules:
- name: add-pod-proxies
match:
Expand Down
29 changes: 0 additions & 29 deletions other/add_labels.yaml

This file was deleted.

26 changes: 0 additions & 26 deletions other/add_ndots.yaml

This file was deleted.

1 change: 0 additions & 1 deletion other/add_ndots/add_ndots.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ metadata:
and needs to be set to a lower value than the default of 5 in some cases.
This policy mutates all Pods to add the ndots option with a value of 1.
spec:
background: false
rules:
- name: add-ndots
match:
Expand Down
26 changes: 0 additions & 26 deletions other/add_nodeSelector.yaml

This file was deleted.

1 change: 0 additions & 1 deletion other/add_nodeSelector/add_nodeSelector.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ metadata:
This can be useful when Pods have specific needs that only certain nodes in a cluster can provide.
This policy adds the nodeSelector field to a Pod spec and configures it with labels `foo` and `color`.
spec:
background: false
rules:
- name: add-nodeselector
match:
Expand Down
33 changes: 0 additions & 33 deletions other/add_volume_deployment.yaml

This file was deleted.

1 change: 0 additions & 1 deletion other/add_volume_deployment/add_volume_deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@ metadata:
Vault, adds a volume and volumeMount to a Deployment if there is an annotation called
"vault.k8s.corp.net/inject=enabled" present.
spec:
background: false
rules:
- name: add-volume
match:
Expand Down
28 changes: 0 additions & 28 deletions other/always-pull-images.yaml

This file was deleted.

1 change: 0 additions & 1 deletion other/always-pull-images/always-pull-images.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ metadata:
imagePullPolicy to Always. An alternative to the Kubernetes admission controller
AlwaysPullImages.
spec:
background: false
rules:
- name: always-pull-images
match:
Expand Down
44 changes: 0 additions & 44 deletions other/create_pod_antiaffinity.yaml

This file was deleted.

Loading

0 comments on commit 7d77236

Please sign in to comment.