Merge pull request #106 from chipzoller/main

Modernize Kyverno policies
fluxcd · May 31, 2023 · 4eb6299 · 4eb6299
2 parents 7cb0dac + 8c5ef74
commit 4eb6299
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 6 deletions.
diff --git a/infrastructure/kyverno-policies/verify-flux-images.yaml b/infrastructure/kyverno-policies/verify-flux-images.yaml
@@ -10,9 +10,10 @@ spec:
   rules:
     - name: verify-cosign-signature
       match:
-        resources:
-          kinds:
-            - Pod
+        any:
+        - resources:
+            kinds:
+              - Pod
       verifyImages:
         - imageReferences:
             - "ghcr.io/fluxcd/source-controller:*"

diff --git a/infrastructure/kyverno-policies/verify-git-repositories.yaml b/infrastructure/kyverno-policies/verify-git-repositories.yaml
@@ -14,9 +14,10 @@ spec:
           namespaces:
             - flux-system
       match:
-        resources:
-          kinds:
-            - GitRepository
+        any:
+        - resources:
+            kinds:
+              - GitRepository
       validate:
         message: ".spec.url must be from a repository within the organisation X"
         anyPattern: