sync

cluster-resources/policies/deployment-verifier.yaml

@@ -26,6 +26,7 @@ spec:
     context:
     - name: ownerReplicaSet
       apiCall:
+        method: GET
         urlPath: "/apis/apps/v1/namespaces/{{request.namespace}}/replicasets/{{request.object.metadata.ownerReferences[0].name}}"
         jmesPath: "@"
     preconditions:
@@ -34,6 +35,7 @@ spec:
         operator: GreaterThanOrEquals
         value: 1
     validate:
+      allowExistingViolations: true
       message: "Pods must be created through a Deployment resource."
       deny:
         conditions:
@@ -59,6 +61,7 @@ spec:
           - traefik-system
     skipBackgroundRequests: true
     validate:
+      allowExistingViolations: true
       message: "Direct pod creation is not allowed. Pods must come from a Deployment managed by ArgoCD."
       deny:
         conditions: