update charts

commit: 285ab62ddcc4e1c06fe73d9a318f9db5587a83c3 [log] [tgz]
author: Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local> Wed Nov 22 13:50:45 2023 +0400
committer: Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local> Wed Nov 22 13:50:45 2023 +0400
tree: 20092705204de76be09285c11b15b8c0a380dbd4
parent: 743fb432c977f4b7a98d37407cccdbe8605dd9cf [diff] [blame]
diff --git a/charts/metallb/policy/controller.rego b/charts/metallb/policy/controller.rego
new file mode 100644
index 0000000..716eeb7
--- /dev/null
+++ b/charts/metallb/policy/controller.rego

@@ -0,0 +1,16 @@
+package main
+
+# validate serviceAccountName
+deny[msg] {
+  input.kind == "Deployment"
+  serviceAccountName := input.spec.template.spec.serviceAccountName
+  not serviceAccountName == "RELEASE-NAME-metallb-controller"
+  msg = sprintf("controller serviceAccountName '%s' does not match expected value", [serviceAccountName])
+}
+
+# validate node selector includes builtin when custom ones are provided
+deny[msg] {
+  input.kind == "Deployment"
+  not input.spec.template.spec.nodeSelector["kubernetes.io/os"] == "linux"
+  msg = "controller nodeSelector does not include '\"kubernetes.io/os\": linux'"
+}
commit	285ab62ddcc4e1c06fe73d9a318f9db5587a83c3	[log] [tgz]
author	Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local>	Wed Nov 22 13:50:45 2023 +0400
committer	Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local>	Wed Nov 22 13:50:45 2023 +0400
tree	20092705204de76be09285c11b15b8c0a380dbd4
parent	743fb432c977f4b7a98d37407cccdbe8605dd9cf [diff] [blame]