From edd468e239cddf0594aa097e38fa84da8c373f0e Mon Sep 17 00:00:00 2001
From: Danijel Simeunovic <danijel.simeunovic@trumf.no>
Date: Fri, 27 Feb 2026 14:12:09 +0100
Subject: [PATCH] sync

---
 cluster-resources/policies/deployment-verifier.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/cluster-resources/policies/deployment-verifier.yaml b/cluster-resources/policies/deployment-verifier.yaml
index a719f1a..8e827cc 100644
--- a/cluster-resources/policies/deployment-verifier.yaml
+++ b/cluster-resources/policies/deployment-verifier.yaml
@@ -26,6 +26,7 @@ spec:
     context:
     - name: ownerReplicaSet
       apiCall:
+        method: GET
         urlPath: "/apis/apps/v1/namespaces/{{request.namespace}}/replicasets/{{request.object.metadata.ownerReferences[0].name}}"
         jmesPath: "@"
     preconditions:
@@ -34,6 +35,7 @@ spec:
         operator: GreaterThanOrEquals
         value: 1
     validate:
+      allowExistingViolations: true
       message: "Pods must be created through a Deployment resource."
       deny:
         conditions:
@@ -59,6 +61,7 @@ spec:
           - traefik-system
     skipBackgroundRequests: true
     validate:
+      allowExistingViolations: true
       message: "Direct pod creation is not allowed. Pods must come from a Deployment managed by ArgoCD."
       deny:
         conditions: