Browse Source

only warn for some policies

pull/185/head
Tobias Brunner 12 months ago
parent
commit
6820c0ae9e
  1. 1
      .drone.yml
  2. 4
      _test/policies/deployment.rego

1
.drone.yml

@ -4,7 +4,6 @@ name: conftest
steps:
- name: policies
image: instrumenta/conftest:latest
failure: ignore
commands:
- conftest test -p ./_test/policies ./
- name: deprek8

4
_test/policies/deployment.rego

@ -1,12 +1,12 @@
package main
deny[msg] {
warn[msg] {
input.kind = "Deployment"
not input.spec.template.spec.securityContext.runAsNonRoot = true
msg = "Containers must not run as root"
}
deny[msg] {
warn[msg] {
input.kind = "Deployment"
not input.spec.selector.matchLabels.app
msg = "Containers must provide app label for pod selectors"

Loading…
Cancel
Save