kubeasy-dev · pbrissaud · Jan 25, 2026 · Jan 25, 2026
diff --git a/env-config/challenge.yaml b/env-config/challenge.yaml
@@ -38,7 +38,7 @@ objectives:
     title: "App Running"
     description: "The application must be running and healthy"
     order: 2
-    type: condition
+    type: status
     spec:
       target:
         kind: Pod

diff --git a/env-config/manifests/deployment.yaml b/env-config/manifests/deployment.yaml
@@ -40,13 +40,6 @@ spec:
                 echo "App is healthy - $(date)"
                 sleep 30
               done
-          # NOTE: Environment variables need to be added here from a ConfigMap
-          # env:
-          #   - name: APP_NAME
-          #     valueFrom:
-          #       configMapKeyRef:
-          #         name: app-config
-          #         key: app_name
           resources:
             requests:
               cpu: "25m"

diff --git a/partial-outage/policies/avoid-deleting-egress-policy.yaml b/partial-outage/policies/avoid-deleting-egress-policy.yaml
@@ -1,17 +1,23 @@
 apiVersion: kyverno.io/v1
 kind: Policy
 metadata:
-  name: avoid-deny-delete-networkpolicy
+  name: protect-deny-all-networkpolicy
   annotations:
     argocd.argoproj.io/sync-wave: "2"
 spec:
-  validationFailureAction: enforce
+  validationFailureAction: Enforce
+  background: false
   rules:
     - name: block-delete-deny-all
       match:
-        resources:
-          kinds: ["NetworkPolicy"]
-          names: ["deny-all"]
+        any:
+          - resources:
+              kinds:
+                - NetworkPolicy
+              names:
+                - deny-all
+              operations:
+                - DELETE
       validate:
-        message: "You are not allowed to delete the default NetworkPolicy"
-        deny: {}
+        message: "Deleting the deny-all NetworkPolicy is not allowed. Add ingress rules instead."
+        deny: {}