init

2026-04-08 20:22:14 +07:00
commit 34fbdd1412
96 changed files with 5321 additions and 0 deletions
--- a/05-variables/03-templates/kyverno-policies/tests/kyverno-test.yaml
+++ b/05-variables/03-templates/kyverno-policies/tests/kyverno-test.yaml
@@ -0,0 +1,31 @@
+name: kyverno-policies-chart-tests
+policies:
+  - ../templates/require-resource-limits.yaml
+  - ../templates/disallow-privileged.yaml
+  - ../templates/require-labels.yaml
+resources:
+  - resources/pod-compliant.yaml
+  - resources/pod-no-limits.yaml
+  - resources/pod-privileged.yaml
+  - resources/deployment-no-labels.yaml
+results:
+  - policy: require-resource-limits
+    rule: check-container-limits
+    resource: pod-compliant
+    namespace: default
+    result: pass
+  - policy: require-resource-limits
+    rule: check-container-limits
+    resource: pod-no-limits
+    namespace: default
+    result: fail
+  - policy: disallow-privileged-containers
+    rule: privileged-containers
+    resource: pod-privileged
+    namespace: default
+    result: fail
+  - policy: require-standard-labels
+    rule: check-required-labels
+    resource: deployment-no-labels
+    namespace: default
+    result: fail
--- a/05-variables/03-templates/kyverno-policies/tests/resources/deployment-no-labels.yaml
+++ b/05-variables/03-templates/kyverno-policies/tests/resources/deployment-no-labels.yaml
@@ -0,0 +1,23 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: deployment-no-labels
+  namespace: default
+  # нет лейблов app, team, environment
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      run: app
+  template:
+    metadata:
+      labels:
+        run: app
+    spec:
+      containers:
+      - name: app
+        image: nginx:1.25.3
+        resources:
+          limits:
+            memory: "128Mi"
+            cpu: "100m"
--- a/05-variables/03-templates/kyverno-policies/tests/resources/pod-compliant.yaml
+++ b/05-variables/03-templates/kyverno-policies/tests/resources/pod-compliant.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: pod-compliant
+  namespace: default
+spec:
+  containers:
+  - name: app
+    image: nginx:1.25.3
+    resources:
+      requests:
+        memory: "64Mi"
+        cpu: "50m"
+      limits:
+        memory: "128Mi"
+        cpu: "100m"
--- a/05-variables/03-templates/kyverno-policies/tests/resources/pod-no-limits.yaml
+++ b/05-variables/03-templates/kyverno-policies/tests/resources/pod-no-limits.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: pod-no-limits
+  namespace: default
+spec:
+  containers:
+  - name: app
+    image: nginx:1.25.3
--- a/05-variables/03-templates/kyverno-policies/tests/resources/pod-privileged.yaml
+++ b/05-variables/03-templates/kyverno-policies/tests/resources/pod-privileged.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: pod-privileged
+  namespace: default
+spec:
+  containers:
+  - name: app
+    image: nginx:1.25.3
+    securityContext:
+      privileged: true
+    resources:
+      limits:
+        memory: "128Mi"
+        cpu: "100m"