Last active
November 2, 2022 16:22
-
-
Save rjferguson21/5b0f74db3706693085042d5bdcd3dc03 to your computer and use it in GitHub Desktop.
kyverno pattern vs anyPattern
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: policy-test | |
| policies: | |
| - policy.yaml | |
| resources: | |
| - resource.yaml | |
| results: | |
| - policy: policy-test | |
| rule: policy-test | |
| resource: mypod | |
| kind: Pod | |
| result: skip | |
| - policy: policy-test | |
| rule: policy-test-any | |
| resource: mypod | |
| kind: Pod | |
| result: skip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Executing policy-test... | |
| applying 1 policy to 1 resource... | |
| Note : The resource field is being deprecated in 1.8.0 release. Please provide the resources under the resources parameter as an array in the results field | |
| │───│─────────────│─────────────────│────────────│────────│ | |
| │ # │ POLICY │ RULE │ RESOURCE │ RESULT │ | |
| │───│─────────────│─────────────────│────────────│────────│ | |
| │ 1 │ policy-test │ policy-test │ /Pod/mypod │ Pass │ | |
| │ 2 │ policy-test │ policy-test-any │ /Pod/mypod │ Fail │ | |
| │───│─────────────│─────────────────│────────────│────────│ | |
| Test Summary: 1 tests passed and 1 tests failed | |
| Aggregated Failed Test Cases : | |
| │───│─────────────│─────────────────│────────────│────────│ | |
| │ # │ POLICY │ RULE │ RESOURCE │ RESULT │ | |
| │───│─────────────│─────────────────│────────────│────────│ | |
| │ 2 │ policy-test │ policy-test-any │ /Pod/mypod │ Fail │ | |
| │───│─────────────│─────────────────│────────────│────────│ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: kyverno.io/v1 | |
| kind: ClusterPolicy | |
| metadata: | |
| name: policy-test | |
| spec: | |
| rules: | |
| - name: policy-test | |
| match: | |
| any: | |
| - resources: | |
| kinds: | |
| - Pod | |
| validate: | |
| message: >- | |
| runAsGroup test | |
| pattern: | |
| spec: | |
| =(initContainers): | |
| - (name): "!istio-init" | |
| securityContext: | |
| runAsGroup: ">0" | |
| - name: policy-test-any | |
| match: | |
| any: | |
| - resources: | |
| kinds: | |
| - Pod | |
| validate: | |
| message: >- | |
| runAsGroup test | |
| anyPattern: | |
| - spec: | |
| =(initContainers): | |
| - (name): "!istio-init" | |
| securityContext: | |
| runAsGroup: ">0" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| labels: | |
| app: busybox | |
| name: mypod | |
| spec: | |
| initContainers: | |
| - name: istio-init | |
| image: tempimagename | |
| securityContext: | |
| runAsGroup: 0 | |
| containers: | |
| - name: busybox | |
| image: someothernonexistentimage | |
| securityContext: | |
| runAsGroup: 1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment