Merge pull request #72 from portefaix/feat/cel-naming

[CEL] Policies naming
portefaix · Jul 2, 2024 · 7f69549 · 7f69549
2 parents 1e07426 + 3a03f47
commit 7f69549
Show file tree

Hide file tree

Showing 9 changed files with 24 additions and 24 deletions.
diff --git a/cel/C0001-container-image-tag/policy-C0001.yaml b/cel/C0001-container-image-tag/policy-C0001.yaml
@@ -17,7 +17,7 @@
 apiVersion: admissionregistration.k8s.io/v1alpha1
 kind: ValidatingAdmissionPolicy
 metadata:
-  name: portefaix-C0001
+  name: c0001.container.portefaix.xyz
 spec:
   matchConstraints:
     resourceRules:

diff --git a/cel/C0002-container-liveness-probe/policy-C0002.yaml b/cel/C0002-container-liveness-probe/policy-C0002.yaml
@@ -18,7 +18,7 @@
 apiVersion: admissionregistration.k8s.io/v1alpha1
 kind: ValidatingAdmissionPolicy
 metadata:
-  name: portefaix-C0002
+  name: c0002.container.portefaix.xyz
 spec:
   failurePolicy: Fail
   matchConstraints:

diff --git a/cel/C0003-container-readiness-probe/policy-C0003.yaml b/cel/C0003-container-readiness-probe/policy-C0003.yaml
@@ -18,7 +18,7 @@
 apiVersion: admissionregistration.k8s.io/v1alpha1
 kind: ValidatingAdmissionPolicy
 metadata:
-  name: portefaix-C0003
+  name: c0003.container.portefaix.xyz
 spec:
   failurePolicy: Fail
   matchConstraints:

diff --git a/cel/C0008-container-resources/policy-C0008.yaml b/cel/C0008-container-resources/policy-C0008.yaml
@@ -18,7 +18,7 @@
 apiVersion: admissionregistration.k8s.io/v1alpha1
 kind: ValidatingAdmissionPolicy
 metadata:
-  name: portefaix-C0008
+  name: c0008.container.portefaix.xyz
 spec:
   failurePolicy: Fail
   matchConstraints:

diff --git a/cel/M0001-metadata-labels/policy-M0001.yaml b/cel/M0001-metadata-labels/policy-M0001.yaml
@@ -18,15 +18,15 @@
 apiVersion: admissionregistration.k8s.io/v1alpha1
 kind: ValidatingAdmissionPolicy
 metadata:
-  name: portefaix-M0001
+  name: m0001.metadata.portefaix.xyz
 spec:
   failurePolicy: Fail
   matchConstraints:
     resourceRules:
-    - apiGroups:   [""]
-      apiVersions: ["v1"]
-      operations:  ["CREATE", "UPDATE"]
-      resources:   ["namespaces"]
+    # - apiGroups:   [""]
+    #   apiVersions: ["v1"]
+    #   operations:  ["CREATE", "UPDATE"]
+    #   resources:   ["namespaces"]
     - apiGroups:   [""]
       apiVersions: ["v1"]
       operations:  ["CREATE", "UPDATE"]

diff --git a/cel/M0002-metadata-annotations/policy-M0002.yaml b/cel/M0002-metadata-annotations/policy-M0002.yaml
@@ -18,7 +18,7 @@
 apiVersion: admissionregistration.k8s.io/v1alpha1
 kind: ValidatingAdmissionPolicy
 metadata:
-  name: portefaix-M0002
+  name: m0002.metadata.portefaix.xyz
 spec:
   failurePolicy: Fail
   matchConstraints:

diff --git a/cel/M0003-metadata-portefaix-labels/policy-M0003.yaml b/cel/M0003-metadata-portefaix-labels/policy-M0003.yaml
@@ -18,15 +18,15 @@
 apiVersion: admissionregistration.k8s.io/v1alpha1
 kind: ValidatingAdmissionPolicy
 metadata:
-  name: portefaix-M0001
+  name: m0003.metadata.portefaix.xyz
 spec:
   failurePolicy: Fail
   matchConstraints:
     resourceRules:
-    - apiGroups:   [""]
-      apiVersions: ["v1"]
-      operations:  ["CREATE", "UPDATE"]
-      resources:   ["namespaces"]
+    # - apiGroups:   [""]
+    #   apiVersions: ["v1"]
+    #   operations:  ["CREATE", "UPDATE"]
+    #   resources:   ["namespaces"]
     - apiGroups:   [""]
       apiVersions: ["v1"]
       operations:  ["CREATE", "UPDATE"]

diff --git a/...N0001-namespace-default/policy-M0001.yaml → ...N0001-namespace-default/policy-N0001.yaml b/...N0001-namespace-default/policy-M0001.yaml → ...N0001-namespace-default/policy-N0001.yaml
@@ -18,7 +18,7 @@
 apiVersion: admissionregistration.k8s.io/v1alpha1
 kind: ValidatingAdmissionPolicy
 metadata:
-  name: portefaix-N0001
+  name: n0001.namespace.portefaix.xyz
 spec:
   failurePolicy: Fail
   matchConstraints:

diff --git a/cel/README.md b/cel/README.md
@@ -4,13 +4,13 @@
 
 | Policy                                                                                              |
 | --------------------------------------------------------------------------------------------------- |
-| [portefaix-C0001 - Container must not use latest image tag](cel/C0001-container-image-tag)          |
-| [portefaix-C0002 - Container must set liveness probe](cel/C0003-container-liveness-probe)           |
-| [portefaix-C0003 - Container must set readiness probe](cel/C0002-container-readiness-probe)         |
-| [portefaix-C0008 - Container resource constraints must be specified](cel/C0008-container-resources) |
-| [portefaix-M0001 - Metadata must set recommanded Kubernetes labels](cel/M0001-metadata-labels)      |
-| [portefaix-M0002 - Metadata should have a8r.io annotations](cel/M0002-metadata-annotations)         |
-| [portefaix-M0003 - Metadata should have portefaix.xyz labels](cel/M0003-metadata-portefaix-labels)  |
-| [portefaix-N0001 - Disallow Default Namespace](cel/N0001-namespace-default)                         |
+| [m0001.metadata.portefaix.xyz - Metadata must set recommanded Kubernetes labels](M0001-metadata-labels)      |
+| [m0002.metadata.portefaix.xyz - Metadata should have a8r.io annotations](M0002-metadata-annotations)         |
+| [m0003.metadata.portefaix.xyz - Metadata should have portefaix.xyz labels](M0003-metadata-portefaix-labels)  |
+| [n0001.namespace.portefaix.xyz - Disallow Default Namespace](N0001-namespace-default)                         |
+| [c0001.container.portefaix.xyz - Container must not use latest image tag](C0001-container-image-tag)          |
+| [c0002.container.portefaix.xyz - Container must set liveness probe](C0003-container-liveness-probe)           |
+| [c0003.container.portefaix.xyz - Container must set readiness probe](C0002-container-readiness-probe)         |
+| [c0008.container.portefaix.xyz - Container resource constraints must be specified](C0008-container-resources) |
 
 <!-- END_POLICIES_DOC -->