lint/test/linters/checkov/good/good_kustomize/graph_check.yaml
Marco Ferrari d74351fda7
feat: add the kustomize binary for checkov (#5763)
Checkov needs the kustomize binary to enable related checks, otherwise
these checks are silently skipped.

Ref https://www.checkov.io/7.Scan%20Examples/Kustomize.html
2024-06-27 19:03:16 +02:00

60 lines
1.2 KiB
YAML

---
apiVersion: apps/v1
kind: Deployment
metadata:
name: internal-proxy-deployment
labels:
app: internal-proxy
spec:
selector:
matchLabels:
app: internal-proxy
template:
metadata:
labels:
app: internal-proxy
spec:
automountServiceAccountToken: false
containers:
- name: internal-api
image: test-image
livenessProbe:
path: /testLivenessProbe
readinessProbe:
path: /testReadinessProbe
resources:
limits:
cpu: 30m
memory: 40Mi
requests:
cpu: 30m
memory: 40Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsUser: 10001
ports:
- containerPort: 3000
securityContext:
seccompProfile:
type: RuntimeDefault
...
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: test-network-policy
spec:
podSelector:
matchLabels:
app: internal-proxy
policyTypes:
- Ingress
ingress:
- from:
- ipBlock:
cidr: 172.17.0.0/16
...