github.com/wmuizelaar/kpt@v0.0.0-20221018115725-bd564717b2ed/e2e/testdata/fn-render/structured-results-from-muiltiple-fns/resources.yaml (about) 1 # Copyright 2021 Google LLC 2 # 3 # Licensed under the Apache License, Version 2.0 (the "License"); 4 # you may not use this file except in compliance with the License. 5 # You may obtain a copy of the License at 6 # 7 # http://www.apache.org/licenses/LICENSE-2.0 8 # 9 # Unless required by applicable law or agreed to in writing, software 10 # distributed under the License is distributed on an "AS IS" BASIS, 11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 # See the License for the specific language governing permissions and 13 # limitations under the License. 14 apiVersion: apps/v1 15 kind: Deployment 16 metadata: 17 name: nginx-deployment 18 spec: 19 replicas: invalid 20 --- 21 apiVersion: templates.gatekeeper.sh/v1beta1 22 kind: ConstraintTemplate 23 metadata: 24 name: k8sconfigmapkeysrulesv1 25 spec: 26 crd: 27 spec: 28 names: 29 kind: K8sConfigMapKeysRulesV1 30 validation: 31 openAPIV3Schema: 32 properties: 33 keys: 34 type: array 35 items: 36 type: string 37 targets: 38 - rego: |- 39 package ban_keys 40 41 violation[{"msg": sprintf("%v", [val])}] { 42 keys = {key | input.review.object.data[key]} 43 banned = {key | input.parameters.keys[_] = key} 44 overlap = keys & banned 45 count(overlap) > 0 46 val := sprintf("The following banned keys are being used in the ConfigMap: %v", [overlap]) 47 } 48 target: admission.k8s.gatekeeper.sh 49 --- 50 apiVersion: constraints.gatekeeper.sh/v1beta1 51 kind: K8sConfigMapKeysRulesV1 52 metadata: 53 name: no-secrets-in-configmap 54 spec: 55 enforcementAction: warn # create warning instead of errors 56 match: 57 kinds: 58 - apiGroups: 59 - '' 60 kinds: 61 - ConfigMap 62 parameters: 63 keys: 64 - private_key 65 --- 66 apiVersion: constraints.gatekeeper.sh/v1beta1 67 kind: K8sConfigMapKeysRulesV1 68 metadata: 69 name: no-sensitive-data-in-configmap 70 spec: 71 enforcementAction: dryrun # create info instead of errors 72 match: 73 kinds: 74 - apiGroups: 75 - '' 76 kinds: 77 - ConfigMap 78 parameters: 79 keys: 80 - less_sensitive_key 81 --- 82 apiVersion: v1 83 kind: ConfigMap 84 metadata: 85 name: some-secret 86 namespace: default 87 data: 88 less_sensitive_key: less sensitive data goes here 89 private_key: sensitive data goes here