tobru/gitops-tbrnt
Archived
1
0
Fork 0
Code Issues Pull requests Releases Activity
This repository has been archived on 2023-04-02. You can view files and clone it, but cannot push or open issues or pull requests.
gitops-tbrnt/_test/deprek8/1.16-deprek8ion.rego
Tobias Brunner cd264d9046
Some checks failed
continuous-integration/drone/push Build is failing
Details
enhance conftest - mirror rego
2020-05-04 21:03:53 +02:00

53 lines
2 KiB
Rego
Raw Permalink Blame History

package main
deny[msg] {
input.apiVersion == "v1"
input.kind == "List"
obj := input.items[_]
msg := _deny with input as obj
}
deny[msg] {
input.apiVersion != "v1"
input.kind != "List"
msg := _deny
}
# Based on https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.16.md
# All resources under apps/v1beta1 and apps/v1beta2 - use apps/v1 instead
_deny = msg {
apis := ["apps/v1beta1", "apps/v1beta2"]
input.apiVersion == apis[_]
msg := sprintf("%s/%s: API %s has been deprecated, use apps/v1 instead.", [input.kind, input.metadata.name, input.apiVersion])
}
# daemonsets, deployments, replicasets resources under extensions/v1beta1 - use apps/v1 instead
_deny = msg {
resources := ["DaemonSet", "Deployment", "ReplicaSet"]
input.apiVersion == "extensions/v1beta1"
input.kind == resources[_]
msg := sprintf("%s/%s: API extensions/v1beta1 for %s has been deprecated, use apps/v1 instead.", [input.kind, input.metadata.name, input.kind])
}
# networkpolicies resources under extensions/v1beta1 - use networking.k8s.io/v1 instead
_deny = msg {
input.apiVersion == "extensions/v1beta1"
input.kind == "NetworkPolicy"
msg := sprintf("%s/%s: API extensions/v1beta1 for NetworkPolicy has been deprecated, use networking.k8s.io/v1 instead.", [input.kind, input.metadata.name])
}
# podsecuritypolicies resources under extensions/v1beta1 - use policy/v1beta1 instead
_deny = msg {
input.apiVersion == "extensions/v1beta1"
input.kind == "PodSecurityPolicy"
msg := sprintf("%s/%s: API extensions/v1beta1 for PodSecurityPolicy has been deprecated, use policy/v1beta1 instead.", [input.kind, input.metadata.name])
}
# PriorityClass resources will no longer be served from scheduling.k8s.io/v1beta1 and scheduling.k8s.io/v1alpha1 in v1.17.
_deny = msg {
apis := ["scheduling.k8s.io/v1beta1", "scheduling.k8s.io/v1alpha1"]
input.apiVersion == apis[_]
input.kind == "PriorityClass"
msg := sprintf("%s/%s: API %s for PriorityClass has been deprecated, use scheduling.k8s.io/v1 instead.", [input.kind, input.metadata.name, input.apiVersion])
}
Reference in a new issue View git blame Copy permalink