From 571d6cb1a6de005ca7724c99d6660c4bcf121c2e Mon Sep 17 00:00:00 2001 From: nataliagranato Date: Fri, 16 Feb 2024 13:40:19 -0300 Subject: [PATCH] fix: kyverno test workload --- .gitignore | 1 + resources/add-label-namespace.yml | 6 ++++++ resources/disallow-root-user.yml | 14 ++++++++++++++ resources/generate-configmap-for-namespace.yml | 0 resources/registry-allowed.yaml | 12 ++++++++++++ resources/require-resources-limits-exclude.yml | 12 ++++++++++++ resources/require-resources-limits.yml | 15 +++++++++++++++ 7 files changed, 60 insertions(+) create mode 100644 .gitignore create mode 100644 resources/add-label-namespace.yml create mode 100644 resources/disallow-root-user.yml create mode 100644 resources/generate-configmap-for-namespace.yml create mode 100644 resources/registry-allowed.yaml create mode 100644 resources/require-resources-limits-exclude.yml create mode 100644 resources/require-resources-limits.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..600d2d3 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.vscode \ No newline at end of file diff --git a/resources/add-label-namespace.yml b/resources/add-label-namespace.yml new file mode 100644 index 0000000..9837ad5 --- /dev/null +++ b/resources/add-label-namespace.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: meu-namespace + labels: + ns: "granato" diff --git a/resources/disallow-root-user.yml b/resources/disallow-root-user.yml new file mode 100644 index 0000000..e3eadc9 --- /dev/null +++ b/resources/disallow-root-user.yml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Pod +metadata: + name: non-root-pod +spec: + containers: + - name: non-root-container + image: nginx + securityContext: + runAsNonRoot: true + resources: + limits: + cpu: "1" + memory: "512Mi" diff --git a/resources/generate-configmap-for-namespace.yml b/resources/generate-configmap-for-namespace.yml new file mode 100644 index 0000000..e69de29 diff --git a/resources/registry-allowed.yaml b/resources/registry-allowed.yaml new file mode 100644 index 0000000..645c1d9 --- /dev/null +++ b/resources/registry-allowed.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Pod +metadata: + name: trusted-pod +spec: + containers: + - name: trusted-container + image: trustedrepo.com/my-image + resources: + limits: + cpu: "1" + memory: "1Gi" diff --git a/resources/require-resources-limits-exclude.yml b/resources/require-resources-limits-exclude.yml new file mode 100644 index 0000000..0772abb --- /dev/null +++ b/resources/require-resources-limits-exclude.yml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Pod +metadata: + name: limited-resources-pod +spec: + containers: + - name: limited-resources-container + image: nginx + resources: + limits: + cpu: "1" + memory: "500Mi" diff --git a/resources/require-resources-limits.yml b/resources/require-resources-limits.yml new file mode 100644 index 0000000..170deef --- /dev/null +++ b/resources/require-resources-limits.yml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: requests-limits-pod +spec: + containers: + - name: requests-limits-container + image: nginx + resources: + requests: + cpu: "500m" + memory: "256Mi" + limits: + cpu: "500m" + memory: "1Gi"