sync
This commit is contained in:
Danijel Simeunovic
@@ -26,6 +26,7 @@ spec:
|
|||||||
context:
|
context:
|
||||||
- name: ownerReplicaSet
|
- name: ownerReplicaSet
|
||||||
apiCall:
|
apiCall:
|
||||||
|
method: GET
|
||||||
urlPath: "/apis/apps/v1/namespaces/{{request.namespace}}/replicasets/{{request.object.metadata.ownerReferences[0].name}}"
|
urlPath: "/apis/apps/v1/namespaces/{{request.namespace}}/replicasets/{{request.object.metadata.ownerReferences[0].name}}"
|
||||||
jmesPath: "@"
|
jmesPath: "@"
|
||||||
preconditions:
|
preconditions:
|
||||||
@@ -34,6 +35,7 @@ spec:
|
|||||||
operator: GreaterThanOrEquals
|
operator: GreaterThanOrEquals
|
||||||
value: 1
|
value: 1
|
||||||
validate:
|
validate:
|
||||||
|
allowExistingViolations: true
|
||||||
message: "Pods must be created through a Deployment resource."
|
message: "Pods must be created through a Deployment resource."
|
||||||
deny:
|
deny:
|
||||||
conditions:
|
conditions:
|
||||||
@@ -59,6 +61,7 @@ spec:
|
|||||||
- traefik-system
|
- traefik-system
|
||||||
skipBackgroundRequests: true
|
skipBackgroundRequests: true
|
||||||
validate:
|
validate:
|
||||||
|
allowExistingViolations: true
|
||||||
message: "Direct pod creation is not allowed. Pods must come from a Deployment managed by ArgoCD."
|
message: "Direct pod creation is not allowed. Pods must come from a Deployment managed by ArgoCD."
|
||||||
deny:
|
deny:
|
||||||
conditions:
|
conditions:
|
||||||
|
|||||||
Reference in New Issue
Block a user