华为云UCS-noupdateserviceaccount:符合策略实例的资源定义

时间：2025-02-21 09:12:15

华为云UCS 使用策略定义库

符合策略实例的资源定义

没有更新ServiceAccount，符合策略实例。

# Note: The gator tests currently require exactly one object per example file.
# Since this is an update-triggered policy, at least two objects are technically
# required to demonstrate it. Due to the gator requirement, we only have one
# object below. The policy should allow changing everything but the
# serviceAccountName field.
kind: Deployment
apiVersion: apps/v1
metadata:
  name: policy-test
  namespace: kube-system
  labels:
    app: policy-test
spec:
  replicas: 1
  selector:
    matchLabels:
      app: policy-test-deploy
  template:
    metadata:
      labels:
        app: policy-test-deploy
    spec:
      # Changing anything except this field should be allowed by the policy.
      serviceAccountName: policy-test-sa-1
      containers:
      - name: policy-test
        image: ubuntu
        command:
        - /bin/bash
        - -c
        - sleep 99999

上一篇：华为云UCS-noupdateserviceaccount:策略实例示例

下一篇：华为云UCS-noupdateserviceaccount:策略实例示例