only warn for some policies
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/push Build is passing
Details
This commit is contained in:
parent
d14fbc6e17
commit
6820c0ae9e
|
@ -4,7 +4,6 @@ name: conftest
|
|||
steps:
|
||||
- name: policies
|
||||
image: instrumenta/conftest:latest
|
||||
failure: ignore
|
||||
commands:
|
||||
- conftest test -p ./_test/policies ./
|
||||
- name: deprek8
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
package main
|
||||
|
||||
deny[msg] {
|
||||
warn[msg] {
|
||||
input.kind = "Deployment"
|
||||
not input.spec.template.spec.securityContext.runAsNonRoot = true
|
||||
msg = "Containers must not run as root"
|
||||
}
|
||||
|
||||
deny[msg] {
|
||||
warn[msg] {
|
||||
input.kind = "Deployment"
|
||||
not input.spec.selector.matchLabels.app
|
||||
msg = "Containers must provide app label for pod selectors"
|
||||
|
|
Reference in New Issue