github.com/wmuizelaar/kpt@v0.0.0-20221018115725-bd564717b2ed/e2e/testdata/fn-render/structured-results-from-muiltiple-fns/resources.yaml

github.com/wmuizelaar/kpt@v0.0.0-20221018115725-bd564717b2ed/e2e/testdata/fn-render/structured-results-from-muiltiple-fns/resources.yaml (about)

     1  # Copyright 2021 Google LLC
     2  #
     3  # Licensed under the Apache License, Version 2.0 (the "License");
     4  # you may not use this file except in compliance with the License.
     5  # You may obtain a copy of the License at
     6  #
     7  #      http://www.apache.org/licenses/LICENSE-2.0
     8  #
     9  # Unless required by applicable law or agreed to in writing, software
    10  # distributed under the License is distributed on an "AS IS" BASIS,
    11  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  # See the License for the specific language governing permissions and
    13  # limitations under the License.
    14  apiVersion: apps/v1
    15  kind: Deployment
    16  metadata:
    17    name: nginx-deployment
    18  spec:
    19    replicas: invalid
    20  ---
    21  apiVersion: templates.gatekeeper.sh/v1beta1
    22  kind: ConstraintTemplate
    23  metadata:
    24    name: k8sconfigmapkeysrulesv1
    25  spec:
    26    crd:
    27      spec:
    28        names:
    29          kind: K8sConfigMapKeysRulesV1
    30          validation:
    31            openAPIV3Schema:
    32              properties:
    33                keys:
    34                  type: array
    35                  items:
    36                    type: string
    37    targets:
    38      - rego: |-
    39          package ban_keys
    40  
    41          violation[{"msg": sprintf("%v", [val])}] {
    42            keys = {key | input.review.object.data[key]}
    43            banned = {key | input.parameters.keys[_] = key}
    44            overlap = keys & banned
    45            count(overlap) > 0
    46            val := sprintf("The following banned keys are being used in the ConfigMap: %v", [overlap])
    47          }
    48        target: admission.k8s.gatekeeper.sh
    49  ---
    50  apiVersion: constraints.gatekeeper.sh/v1beta1
    51  kind: K8sConfigMapKeysRulesV1
    52  metadata:
    53    name: no-secrets-in-configmap
    54  spec:
    55    enforcementAction: warn # create warning instead of errors
    56    match:
    57      kinds:
    58        - apiGroups:
    59            - ''
    60          kinds:
    61            - ConfigMap
    62    parameters:
    63      keys:
    64        - private_key
    65  ---
    66  apiVersion: constraints.gatekeeper.sh/v1beta1
    67  kind: K8sConfigMapKeysRulesV1
    68  metadata:
    69    name: no-sensitive-data-in-configmap
    70  spec:
    71    enforcementAction: dryrun # create info instead of errors
    72    match:
    73      kinds:
    74        - apiGroups:
    75            - ''
    76          kinds:
    77            - ConfigMap
    78    parameters:
    79      keys:
    80        - less_sensitive_key
    81  ---
    82  apiVersion: v1
    83  kind: ConfigMap
    84  metadata:
    85    name: some-secret
    86    namespace: default
    87  data:
    88    less_sensitive_key: less sensitive data goes here
    89    private_key: sensitive data goes here