diff --git a/env-config/challenge.yaml b/env-config/challenge.yaml index 913cbef..0f99275 100644 --- a/env-config/challenge.yaml +++ b/env-config/challenge.yaml @@ -38,7 +38,7 @@ objectives: title: "App Running" description: "The application must be running and healthy" order: 2 - type: condition + type: status spec: target: kind: Pod diff --git a/env-config/manifests/deployment.yaml b/env-config/manifests/deployment.yaml index 4eeedac..282ad27 100644 --- a/env-config/manifests/deployment.yaml +++ b/env-config/manifests/deployment.yaml @@ -40,13 +40,6 @@ spec: echo "App is healthy - $(date)" sleep 30 done - # NOTE: Environment variables need to be added here from a ConfigMap - # env: - # - name: APP_NAME - # valueFrom: - # configMapKeyRef: - # name: app-config - # key: app_name resources: requests: cpu: "25m" diff --git a/partial-outage/policies/avoid-deleting-egress-policy.yaml b/partial-outage/policies/avoid-deleting-egress-policy.yaml index 1b637ea..9894403 100644 --- a/partial-outage/policies/avoid-deleting-egress-policy.yaml +++ b/partial-outage/policies/avoid-deleting-egress-policy.yaml @@ -1,17 +1,23 @@ apiVersion: kyverno.io/v1 kind: Policy metadata: - name: avoid-deny-delete-networkpolicy + name: protect-deny-all-networkpolicy annotations: argocd.argoproj.io/sync-wave: "2" spec: - validationFailureAction: enforce + validationFailureAction: Enforce + background: false rules: - name: block-delete-deny-all match: - resources: - kinds: ["NetworkPolicy"] - names: ["deny-all"] + any: + - resources: + kinds: + - NetworkPolicy + names: + - deny-all + operations: + - DELETE validate: - message: "You are not allowed to delete the default NetworkPolicy" - deny: {} \ No newline at end of file + message: "Deleting the deny-all NetworkPolicy is not allowed. Add ingress rules instead." + deny: {}