add test pols

2026-05-19 16:37:43 +07:00
parent ffa61ab646
commit e995770695
4 changed files with 100 additions and 2 deletions
@@ -0,0 +1,26 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: require-labels-demo
+  annotations:
+    policies.kyverno.io/title: "DEMO: Требовать обязательные labels"
+    policies.kyverno.io/description: >-
+      Демонстрационная политика для урока 6.2.
+      Проверяет наличие labels 'app' и 'owner' у Pod.
+spec:
+  validationFailureAction: Audit
+  background: true
+  rules:
+  - name: check-required-labels
+    match:
+      any:
+      - resources:
+          kinds:
+          - Pod
+    validate:
+      message: "Pod must have labels 'app' and 'owner'."
+      pattern:
+        metadata:
+          labels:
+            app: "?*"
+            owner: "?*"
@@ -0,0 +1,30 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: require-resource-limits-demo
+  annotations:
+    policies.kyverno.io/title: "DEMO: Требовать resources.limits"
+    policies.kyverno.io/description: >-
+      Демонстрационная политика для урока 6.2.
+      Проверяет, что у всех контейнеров заданы CPU и memory limits.
+spec:
+  validationFailureAction: Audit
+  background: true
+  rules:
+  - name: check-container-limits
+    match:
+      any:
+      - resources:
+          kinds:
+          - Pod
+    validate:
+      foreach:
+      - list: "request.object.spec.containers"
+        message: >-
+          Container '{{ element.name }}' must have resources.limits.cpu
+          and resources.limits.memory defined.
+        pattern:
+          resources:
+            limits:
+              cpu: "?*"
+              memory: "?*"