Skip to content

Commit

Permalink
Merge 4707b3d into temp-cherry-pick-01e83e-release-1.13
Browse files Browse the repository at this point in the history
  • Loading branch information
gcp-cherry-pick-bot[bot] authored Sep 9, 2024
2 parents b1924f5 + 4707b3d commit 8e180d2
Show file tree
Hide file tree
Showing 14 changed files with 55 additions and 54 deletions.
7 changes: 3 additions & 4 deletions other-cel/prevent-cr8escape/.chainsaw-test/pods-good.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,11 @@ kind: Pod
metadata:
name: goodpod02
spec:
securityContext:
allowPrivilegeEscalation: false
containers:
- name: busybox
image: ghcr.io/kyverno/test-busybox:1.35
securityContext:
allowPrivilegeEscalation: false
---
apiVersion: v1
kind: Pod
Expand All @@ -31,5 +31,4 @@ metadata:
spec:
containers:
- name: busybox
image: ghcr.io/kyverno/test-busybox:1.35

image: ghcr.io/kyverno/test-busybox:1.35
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ spec:
ingressClassName: someingress
rules:
- host: endpoint01
https:
http:
paths:
- backend:
service:
Expand All @@ -33,7 +33,7 @@ spec:
ingressClassName: nginx-int
rules:
- host: endpoint01
https:
http:
paths:
- path: /testpath
pathType: Prefix
Expand All @@ -43,7 +43,7 @@ spec:
port:
number: 80
- host: endpoint02
https:
http:
paths:
- path: /testpath
pathType: Prefix
Expand All @@ -55,5 +55,4 @@ spec:
tls:
- hosts:
- endpoint01
- endpoint02

- endpoint02
12 changes: 6 additions & 6 deletions other-cel/require-ingress-https/.kyverno-test/resource.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ spec:
ingressClassName: nginx-int
rules:
- host: endpoint01
https:
http:
paths:
- path: /testpath
pathType: Prefix
Expand Down Expand Up @@ -64,7 +64,7 @@ spec:
ingressClassName: nginx-int
rules:
- host: endpoint01
https:
http:
paths:
- path: /testpath
pathType: Prefix
Expand Down Expand Up @@ -99,7 +99,7 @@ spec:
ingressClassName: nginx-int
rules:
- host: endpoint01
https:
http:
paths:
- path: /testpath
pathType: Prefix
Expand Down Expand Up @@ -130,7 +130,7 @@ spec:
ingressClassName: someingress
rules:
- host: endpoint01
https:
http:
paths:
- backend:
service:
Expand All @@ -154,7 +154,7 @@ spec:
ingressClassName: nginx-int
rules:
- host: endpoint01
https:
http:
paths:
- path: /testpath
pathType: Prefix
Expand All @@ -164,7 +164,7 @@ spec:
port:
number: 80
- host: endpoint02
https:
http:
paths:
- path: /testpath
pathType: Prefix
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ metadata:
spec:
rules:
- host: endpoint01
https:
http:
paths:
- backend:
service:
Expand All @@ -27,7 +27,7 @@ metadata:
spec:
rules:
- host: endpoint01
https:
http:
paths:
- path: /testpath
pathType: Prefix
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ metadata:
spec:
rules:
- host: endpoint01
https:
http:
paths:
- backend:
service:
Expand All @@ -28,7 +28,7 @@ metadata:
spec:
rules:
- host: endpoint01
https:
http:
paths:
- path: /testpath
pathType: Prefix
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ metadata:
spec:
rules:
- host: endpoint01
https:
http:
paths:
- backend:
service:
Expand All @@ -22,7 +22,7 @@ metadata:
spec:
rules:
- host: endpoint01
https:
http:
paths:
- path: /testpath
pathType: Prefix
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ metadata:
spec:
rules:
- host: "*.foo.bar"
https:
http:
paths:
- backend:
service:
Expand All @@ -22,7 +22,7 @@ metadata:
spec:
rules:
- host: foo-bar
https:
http:
paths:
- path: /testpath
pathType: Prefix
Expand All @@ -32,7 +32,7 @@ spec:
port:
number: 80
- host: "*.example.com"
https:
http:
paths:
- path: /testpath
pathType: Prefix
Expand All @@ -49,7 +49,7 @@ metadata:
spec:
rules:
- host: "*.bar"
https:
http:
paths:
- path: /testpath
pathType: Prefix
Expand All @@ -59,7 +59,7 @@ spec:
port:
number: 80
- host: foo-bar
https:
http:
paths:
- path: /testpath
pathType: Prefix
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ metadata:
spec:
rules:
- host: endpoint01
https:
http:
paths:
- backend:
service:
Expand All @@ -22,7 +22,7 @@ metadata:
spec:
rules:
- host: endpoint02
https:
http:
paths:
- path: /testpath
pathType: Prefix
Expand All @@ -32,7 +32,7 @@ spec:
port:
number: 80
- host: endpoint01
https:
http:
paths:
- path: /testpath
pathType: Prefix
Expand Down
21 changes: 11 additions & 10 deletions other-cel/restrict-node-affinity/.chainsaw-test/pod-good.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -14,14 +14,16 @@ metadata:
spec:
affinity:
podAffinity:
prefferedDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: bar
operator: In
values:
- bar
topologyKey: topology.kubernetes.io/zone
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: bar
operator: In
values:
- bar
topologyKey: topology.kubernetes.io/zone
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
Expand All @@ -35,5 +37,4 @@ spec:
topologyKey: topology.kubernetes.io/zone
containers:
- name: busybox
image: ghcr.io/kyverno/test-busybox:1.35

image: ghcr.io/kyverno/test-busybox:1.35
Original file line number Diff line number Diff line change
Expand Up @@ -52,5 +52,4 @@ spec:
containers:
- name: busybox
image: ghcr.io/kyverno/test-busybox:1.35
restartPolicy: OnFailure

restartPolicy: OnFailure
Original file line number Diff line number Diff line change
Expand Up @@ -17,14 +17,16 @@ spec:
spec:
affinity:
podAffinity:
prefferedDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: bar
operator: In
values:
- bar
topologyKey: topology.kubernetes.io/zone
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: bar
operator: In
values:
- bar
topologyKey: topology.kubernetes.io/zone
containers:
- name: busybox
image: ghcr.io/kyverno/test-busybox:1.35
Expand All @@ -42,5 +44,4 @@ spec:
containers:
- name: busybox
image: ghcr.io/kyverno/test-busybox:1.35
restartPolicy: OnFailure

restartPolicy: OnFailure
3 changes: 1 addition & 2 deletions other-cel/restrict-node-affinity/.kyverno-test/resource.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -88,5 +88,4 @@ spec:
cpu: "500m"
limits:
memory: "256Mi"
cpu: "500m"

cpu: "500m"
2 changes: 1 addition & 1 deletion tekton-cel/require-tekton-bundle/artifacthub-pkg.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,5 +19,5 @@ annotations:
kyverno/category: "Tekton in CEL"
kyverno/kubernetesVersion: "1.26-1.27"
kyverno/subject: "TaskRun, PipelineRun"
digest: d1031e87d2d3e9496022593cac502bd8382863247803e4bd06a1badbe782ae48
digest: 040ff6442dff95a14000ef7ac2a4f953659997d19654a8a959c0b59427ac4ee9
createdAt: "2024-05-24T04:26:34Z"
3 changes: 3 additions & 0 deletions tekton-cel/require-tekton-bundle/require-tekton-bundle.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,9 @@ spec:
- resources:
kinds:
- TaskRun
operations:
- CREATE
- UPDATE
validate:
cel:
expressions:
Expand Down

0 comments on commit 8e180d2

Please sign in to comment.