marcel/argo-cd
1
0
Fork 0
mirror of https://github.com/argoproj/argo-cd.git synced 2026-02-20 01:28:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat(health): add kyverno Policy resource customization (#21552)

Browse Source 
Signed-off-by: Marc Khair <67377306+marckhair@users.noreply.github.com>
This commit is contained in:
Marc Khair
2025-05-07 19:14:34 -04:00
committed by GitHub
parent 92589dea2f
commit e578b85410
4 changed files with 291 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
resource_customizations/kyverno.io/Policy/health.lua Normal file
View File

@@ -0,0 +1,15 @@
local hs = {}
if obj.status ~= nil and obj.status.conditions ~= nil then
for _, condition in ipairs(obj.status.conditions) do
if condition.type == "Ready" and condition.status == "True" and condition.reason == "Succeeded" and condition.message == "Ready" then
hs.status = "Healthy"
hs.message = "Policy is ready"
return hs
end
end
end
hs.status = "Progressing"
hs.message = "Waiting for Policy to be ready"
return hs

9
resource_customizations/kyverno.io/Policy/health_test.yaml Normal file
View File

@@ -0,0 +1,9 @@
tests:
- healthStatus:
status: Progressing
message: "Waiting for Policy to be ready"
inputPath: testdata/progressing.yaml
- healthStatus:
status: Healthy
message: "Policy is ready"
inputPath: testdata/healthy.yaml

260
resource_customizations/kyverno.io/Policy/testdata/healthy.yaml vendored Normal file
View File

@@ -0,0 +1,260 @@
apiVersion: kyverno.io/v1
kind: Policy
metadata:
annotations:
name: sample-policy
namespace: test-namespace
spec: {}
status:
autogen:
rules:
- exclude:
resources: {}
generate:
clone: {}
cloneList: {}
match:
resources:
kinds:
- DaemonSet
- Deployment
- Job
- StatefulSet
- ReplicaSet
- ReplicationController
mutate: {}
name: autogen-require-label-app
skipBackgroundRequests: true
validate:
message: An `app` label is required.
pattern:
spec:
template:
metadata:
labels:
app: ?*
- exclude:
resources: {}
generate:
clone: {}
cloneList: {}
match:
resources:
kinds:
- CronJob
mutate: {}
name: autogen-cronjob-require-label-app
skipBackgroundRequests: true
validate:
message: An `app` label is required.
pattern:
spec:
jobTemplate:
spec:
template:
metadata:
labels:
app: ?*
- exclude:
resources: {}
generate:
clone: {}
cloneList: {}
match:
resources:
kinds:
- DaemonSet
- Deployment
- Job
- StatefulSet
- ReplicaSet
- ReplicationController
mutate: {}
name: autogen-require-label-environment
skipBackgroundRequests: true
validate:
message: An `environment` label is required.
pattern:
spec:
template:
metadata:
labels:
environment: ?*
- exclude:
resources: {}
generate:
clone: {}
cloneList: {}
match:
resources:
kinds:
- CronJob
mutate: {}
name: autogen-cronjob-require-label-environment
skipBackgroundRequests: true
validate:
message: An `environment` label is required.
pattern:
spec:
jobTemplate:
spec:
template:
metadata:
labels:
environment: ?*
- exclude:
resources: {}
generate:
clone: {}
cloneList: {}
match:
resources:
kinds:
- DaemonSet
- Deployment
- Job
- StatefulSet
- ReplicaSet
- ReplicationController
mutate: {}
name: autogen-require-annotation-version
skipBackgroundRequests: true
validate:
message: A `version` annotation is required.
pattern:
spec:
template:
metadata:
annotations:
version: ?*
- exclude:
resources: {}
generate:
clone: {}
cloneList: {}
match:
resources:
kinds:
- CronJob
mutate: {}
name: autogen-cronjob-require-annotation-version
skipBackgroundRequests: true
validate:
message: A `version` annotation is required.
pattern:
spec:
jobTemplate:
spec:
template:
metadata:
annotations:
version: ?*
- exclude:
resources: {}
generate:
clone: {}
cloneList: {}
match:
resources:
kinds:
- DaemonSet
- Deployment
- Job
- StatefulSet
- ReplicaSet
- ReplicationController
mutate: {}
name: autogen-require-annotation-maintainer
skipBackgroundRequests: true
validate:
message: A `maintainer` annotation is required.
pattern:
spec:
template:
metadata:
annotations:
maintainer: ?*
- exclude:
resources: {}
generate:
clone: {}
cloneList: {}
match:
resources:
kinds:
- CronJob
mutate: {}
name: autogen-cronjob-require-annotation-maintainer
skipBackgroundRequests: true
validate:
message: A `maintainer` annotation is required.
pattern:
spec:
jobTemplate:
spec:
template:
metadata:
annotations:
maintainer: ?*
- exclude:
resources: {}
generate:
clone: {}
cloneList: {}
match:
resources:
kinds:
- DaemonSet
- Deployment
- Job
- StatefulSet
- ReplicaSet
- ReplicationController
mutate: {}
name: autogen-require-spec-containers
skipBackgroundRequests: true
validate:
message: The Pod must have at least one container.
pattern:
spec:
template:
spec:
containers:
- name: ?*
- exclude:
resources: {}
generate:
clone: {}
cloneList: {}
match:
resources:
kinds:
- CronJob
mutate: {}
name: autogen-cronjob-require-spec-containers
skipBackgroundRequests: true
validate:
message: The Pod must have at least one container.
pattern:
spec:
jobTemplate:
spec:
template:
spec:
containers:
- name: ?*
conditions:
- lastTransitionTime: "2025-01-17T19:09:11Z"
message: Ready
reason: Succeeded
status: "True"
type: Ready
rulecount:
generate: 0
mutate: 0
validate: 5
verifyimages: 0
validatingadmissionpolicy:
generated: false
message: ""

7
resource_customizations/kyverno.io/Policy/testdata/progressing.yaml vendored Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: sample-policy
namespace: test-namespace
spec: {}