| Giorgi Lekveishvili | 285ab62 | 2023-11-22 13:50:45 +0400 | [diff] [blame] | 1 | package main |
| 2 | |
| 3 | # validate serviceAccountName |
| 4 | deny[msg] { |
| 5 | input.kind == "Deployment" |
| 6 | serviceAccountName := input.spec.template.spec.serviceAccountName |
| 7 | not serviceAccountName == "RELEASE-NAME-metallb-controller" |
| 8 | msg = sprintf("controller serviceAccountName '%s' does not match expected value", [serviceAccountName]) |
| 9 | } |
| 10 | |
| 11 | # validate node selector includes builtin when custom ones are provided |
| 12 | deny[msg] { |
| 13 | input.kind == "Deployment" |
| 14 | not input.spec.template.spec.nodeSelector["kubernetes.io/os"] == "linux" |
| 15 | msg = "controller nodeSelector does not include '\"kubernetes.io/os\": linux'" |
| 16 | } |